ÿþ--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18837 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 2.128000 GHz Memory total: 4258205696, free: 1949294592 Downloaded database version: v2017.11.20.10 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 11/21/2017 01:44:55 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\avgRvrt.sys \SystemRoot\system32\drivers\avgVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\system32\DRIVERS\Thpevm.SYS \SystemRoot\system32\DRIVERS\thpdrv.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\avgbuniva.sys \SystemRoot\system32\drivers\avgbloga.sys \SystemRoot\system32\drivers\avgbidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\drivers\avgSP.sys \SystemRoot\system32\drivers\avgSnx.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\avgRdr2.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\avgbidsdrivera.sys \SystemRoot\system32\drivers\avgbdiska.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\o2sdgx64.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\o2mdgx64.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192se.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\nuvotoncir.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\TVALZFL.sys \SystemRoot\system32\DRIVERS\QIOMem.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\nuvotonhidcir.sys \SystemRoot\system32\DRIVERS\hidshim.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\avgMonFlt.sys \SystemRoot\system32\drivers\avgStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\62519423.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\msvcrt.dll \Windows\System32\ole32.dll \Windows\System32\kernel32.dll \Windows\System32\oleaut32.dll \Windows\System32\setupapi.dll \Windows\System32\usp10.dll \Windows\System32\shlwapi.dll \Windows\System32\user32.dll \Windows\System32\psapi.dll \Windows\System32\advapi32.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\msctf.dll \Windows\System32\lpk.dll \Windows\System32\nsi.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\comdlg32.dll \Windows\System32\clbcatq.dll \Windows\System32\rpcrt4.dll \Windows\System32\wininet.dll \Windows\System32\difxapi.dll \Windows\System32\urlmon.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\normaliz.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\userenv.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\profapi.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2017.11.20.10 rootkit: v2017.10.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004920060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004920b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004920060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800491e060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\ DevicePointer: 0xfffffa800473ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8004768050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 19D99C8E Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 819200 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 821248 Numsec = 488509440 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 489330688 Numsec = 487442432 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8006d86060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800676f040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006d86060, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80067a7060, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 86FCEB17 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 918982197 Partition is not bootable Partition file system is FAT32 Partition 1 type is Other (0x83) Partition is NOT ACTIVE. Partition starts at LBA: 918982260 Numsec = 8418060 Partition is not bootable Partition 2 type is Other (0x83) Partition is NOT ACTIVE. Partition starts at LBA: 927400320 Numsec = 48387780 Partition is not bootable Partition 3 type is Extended with CSH (0x5) Partition is NOT ACTIVE. Partition starts at LBA: 975788100 Numsec = 835380 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Scan Interrupted Scan was aborted. ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-821248-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-489330688-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-918982260-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-927400320-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-975788100-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18837 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.128000 GHz Memory total: 4258205696, free: 2235129856 Downloaded database version: v2017.11.21.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 11/21/2017 02:38:59 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\avgRvrt.sys \SystemRoot\system32\drivers\avgVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\TVALZ_O.SYS \SystemRoot\system32\DRIVERS\tos_sps64.sys \SystemRoot\system32\DRIVERS\Thpevm.SYS \SystemRoot\system32\DRIVERS\thpdrv.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\avgbuniva.sys \SystemRoot\system32\drivers\avgbloga.sys \SystemRoot\system32\drivers\avgbidsha.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\drivers\avgSP.sys \SystemRoot\system32\drivers\avgSnx.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\avgRdr2.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\avgbidsdrivera.sys \SystemRoot\system32\drivers\avgbdiska.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\drivers\usbuhci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\o2sdgx64.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\DRIVERS\o2mdgx64.sys \SystemRoot\system32\DRIVERS\L1C62x64.sys \SystemRoot\system32\DRIVERS\rtl8192se.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\nuvotoncir.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\tdcmdpst.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\TVALZFL.sys \SystemRoot\system32\DRIVERS\QIOMem.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\circlass.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\CHDRT64.sys \SystemRoot\system32\DRIVERS\hidir.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\nuvotonhidcir.sys \SystemRoot\system32\DRIVERS\hidshim.sys \SystemRoot\system32\drivers\usbccgp.sys \SystemRoot\system32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\pgeffect.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\avgMonFlt.sys \SystemRoot\system32\drivers\avgStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\635E3133.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\Wldap32.dll \Windows\System32\iertutil.dll \Windows\System32\oleaut32.dll \Windows\System32\lpk.dll \Windows\System32\gdi32.dll \Windows\System32\psapi.dll \Windows\System32\ws2_32.dll \Windows\System32\usp10.dll \Windows\System32\msctf.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\user32.dll \Windows\System32\advapi32.dll \Windows\System32\setupapi.dll \Windows\System32\difxapi.dll \Windows\System32\kernel32.dll \Windows\System32\shell32.dll \Windows\System32\clbcatq.dll \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\msvcrt.dll \Windows\System32\imm32.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\wininet.dll \Windows\System32\normaliz.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\userenv.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\crypt32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\KernelBase.dll \Windows\System32\msasn1.dll \Windows\System32\profapi.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! Scan started Database versions: main: v2017.11.21.01 rootkit: v2017.10.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80048d7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80048d7b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80048d7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80048d5060, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\ DevicePointer: 0xfffffa8004726990, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800472b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 19D99C8E Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 819200 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 821248 Numsec = 488509440 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 489330688 Numsec = 487442432 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-821248-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-489330688-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished