--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18893 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, M:\ DRIVE_FIXED, R:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17015570432, free: 10221445120 Downloaded database version: v2018.01.29.04 Downloaded database version: v2018.01.23.01 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 01/29/2018 18:14:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\iaStorA.sys \SystemRoot\system32\DRIVERS\mvs91xx.sys \SystemRoot\system32\DRIVERS\mvxxmm.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\aswRvrt.sys \SystemRoot\system32\drivers\aswVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\SmartDefragDriver.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\aswbuniva.sys \SystemRoot\system32\drivers\aswbloga.sys \SystemRoot\system32\drivers\aswbidsha.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\drivers\aswKbd.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\bflwfx64.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\drivers\aswNetSec.sys \SystemRoot\system32\DRIVERS\aswNetNd6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\drivers\aswbidsdrivera.sys \SystemRoot\system32\drivers\aswArPot.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\e2xw7x64.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hmatap.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\dtultrascsibus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\nvvhci.sys \SystemRoot\system32\DRIVERS\dtultrausbbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\wachidrouter.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\drivers\ftdibus.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\wacomrouterfilter.sys \SystemRoot\system32\drivers\ftser2k.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys \??\C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \SystemRoot\system32\drivers\WudfPf.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\3757E6B6.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- Done! Scan started Database versions: main: v2018.01.29.04 rootkit: v2018.01.23.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8015251060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015251b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015251060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8015105c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa80118595c0, DeviceName: \Device\00000082\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CFF9BF8E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 122882048 Numsec = 204800 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 123086848 Numsec = 877125632 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8015252060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015252b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015252060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8015105860, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa800caaae40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800caa39c0, DeviceName: \Device\00000085\, DriverName: \Driver\mvs91xx\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: CFF9BF94 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 835166319 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 835166319 Backup GPT header CurrentLba = 5860533167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134 Backup GPT header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 Backup GPT header Contains 128 partition entries starting at LBA 5860533135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 216adc7d-c2b7-4cdb-9015-3c14c9fd4fc8 FirstLBA 264192 Last LBA 5860532223 Attributes 0 Partition Name Basic data partition Disk Size: 3000592982016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8015253060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015253b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015253060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8015106c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa800caa2040, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800caa29c0, DeviceName: \Device\00000086\, DriverName: \Driver\mvs91xx\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 32ACE782 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa80156aa060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8016b1a780, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80156aa060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8016d53c50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8016d9f950, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: A4B57300 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 976768002 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 4, DevicePointer: 0xfffffa801567e060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8016e4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801567e060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8016dc78a0, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8016d93a20, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 4 Scanning MBR on drive 4... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 16F2A91F GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1488721325 GPT Header CurrentLba = 1 BackupLba 3906963455 GPT Header FirstUsableLba 34 LastUsableLba 3906963422 GPT Header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1488721325 Backup GPT header CurrentLba = 3906963455 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3906963422 Backup GPT header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 Backup GPT header Contains 128 partition entries starting at LBA 3906963423 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID a93d1147-5f85-40d6-a182-845d5d32a54c FirstLBA 2048 Last LBA 3906961407 Attributes 0 Partition Name Elements Disk Size: 2000365289472 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 5, DevicePointer: 0xfffffa8015681060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015681b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015681060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8017968520, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8016e05b60, DeviceName: \Device\000000af\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: AD0A43C Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 732563456 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 3000592977920 bytes Sector size: 4096 bytes Done! Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa801797c060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8017979b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801797c060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8017980430, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8017980840, DeviceName: \Device\000000b3\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2846E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953517568 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000202043392 bytes Sector size: 512 bytes Done! File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.83" is compressed (flags = 1) Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko] Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\icacl --> [Trojan.Stantiko] Infected: C:\Windows\System32\icacl.exe --> [Trojan.Stantiko] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.18893 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, F:\ DRIVE_FIXED, I:\ DRIVE_FIXED, J:\ DRIVE_FIXED, M:\ DRIVE_FIXED, R:\ DRIVE_FIXED CPU speed: 4.000000 GHz Memory total: 17015570432, free: 13852733440 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 01/29/2018 18:25:13 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\compbatt.sys \SystemRoot\system32\drivers\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\lsi_sas.sys \SystemRoot\system32\drivers\storport.sys \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\DRIVERS\iaStorA.sys \SystemRoot\system32\DRIVERS\mvs91xx.sys \SystemRoot\system32\DRIVERS\mvxxmm.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\aswRvrt.sys \SystemRoot\system32\drivers\aswVmm.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\SmartDefragDriver.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\DRIVERS\iaStorF.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\aswbuniva.sys \SystemRoot\system32\drivers\aswbloga.sys \SystemRoot\system32\drivers\aswbidsha.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\drivers\aswSP.sys \SystemRoot\system32\drivers\aswSnx.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\drivers\aswKbd.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\aswRdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\bflwfx64.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\drivers\aswNetSec.sys \SystemRoot\system32\DRIVERS\aswNetNd6.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\drivers\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\blbdrive.sys \SystemRoot\system32\drivers\aswbidsdrivera.sys \SystemRoot\system32\drivers\aswArPot.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\bcmwl664.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\TeeDriverx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\e2xw7x64.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hmatap.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\dtultrascsibus.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\nvvhci.sys \SystemRoot\system32\DRIVERS\dtultrausbbus.sys \SystemRoot\system32\drivers\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\MBfilt64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\wachidrouter.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\drivers\ftdibus.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\wacomrouterfilter.sys \SystemRoot\system32\drivers\ftser2k.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\aswMonFlt.sys \SystemRoot\system32\drivers\aswStm.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\43565674.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- Done! Scan started Database versions: main: v2018.01.29.04 rootkit: v2018.01.23.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8015252060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015252b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015252060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011bbfc50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa80115b55a0, DeviceName: \Device\00000082\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CFF9BF8E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 122882048 Numsec = 204800 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 123086848 Numsec = 877125632 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8015253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015253b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015253060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011bbf860, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa800caa9040, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800caa89c0, DeviceName: \Device\00000085\, DriverName: \Driver\mvs91xx\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: CFF9BF94 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 835166319 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 835166319 Backup GPT header CurrentLba = 5860533167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134 Backup GPT header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 Backup GPT header Contains 128 partition entries starting at LBA 5860533135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 216adc7d-c2b7-4cdb-9015-3c14c9fd4fc8 FirstLBA 264192 Last LBA 5860532223 Attributes 0 Partition Name Basic data partition Disk Size: 3000592982016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8015254060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8015254b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8015254060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8011bbec50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa80115dc610, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa800caa79c0, DeviceName: \Device\00000086\, DriverName: \Driver\mvs91xx\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 32ACE782 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa80156db790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80158c5040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80156db790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8016d5ac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8016d8db60, DeviceName: \Device\000000a7\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: A4B57300 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 976768002 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 4, DevicePointer: 0xfffffa801570e790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8016dc9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801570e790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8016dca860, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa8016dcdb60, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 4 Scanning MBR on drive 4... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 16F2A91F GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1488721325 GPT Header CurrentLba = 1 BackupLba 3906963455 GPT Header FirstUsableLba 34 LastUsableLba 3906963422 GPT Header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1488721325 Backup GPT header CurrentLba = 3906963455 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3906963422 Backup GPT header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 Backup GPT header Contains 128 partition entries starting at LBA 3906963423 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID a93d1147-5f85-40d6-a182-845d5d32a54c FirstLBA 2048 Last LBA 3906961407 Attributes 0 Partition Name Elements Disk Size: 2000365289472 bytes Sector size: 512 bytes Done! Physical Sector Size: 4096 Drive: 5, DevicePointer: 0xfffffa801560c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa801560cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa801560c060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80178aac50, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa80178b5060, DeviceName: \Device\000000af\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: AD0A43C Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 732563456 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 3000592977920 bytes Sector size: 4096 bytes Done! Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa80178c6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80178c6b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80178c6060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80178cb3a0, DeviceName: Unknown, DriverName: \Driver\iaStorF\ DevicePointer: 0xfffffa80178cba90, DeviceName: \Device\000000b3\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2846E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953517568 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000202043392 bytes Sector size: 512 bytes Done! Infected: C:\Users\Seb\Desktop\War for the Overworld V1.62f1 Trainer +4 MrAntiFun.EXE --> [CheatTool.CETTrainer] Infected: C:\Users\Seb\Desktop\Dead Cells V05.17.2017 Trainer +5 MrAntiFun.EXE --> [CheatTool.CETTrainer] File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-B2DAB30810C3C99FB2564338DF0C1EA2793F54AA.bin.83" is compressed (flags = 1) Scan finished ======================================= Scan started Database versions: main: v2018.01.29.04 rootkit: v2018.01.23.01 <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: CFF9BF8E Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 122882048 Numsec = 204800 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 123086848 Numsec = 877125632 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 512110190592 bytes Sector size: 512 bytes Done! Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: CFF9BF94 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 835166319 GPT Header CurrentLba = 1 BackupLba 5860533167 GPT Header FirstUsableLba 34 LastUsableLba 5860533134 GPT Header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 835166319 Backup GPT header CurrentLba = 5860533167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533134 Backup GPT header Guid 3ae82e2f-d1d3-4a3f-a5f-cc5ce1a570e5 Backup GPT header Contains 128 partition entries starting at LBA 5860533135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 216adc7d-c2b7-4cdb-9015-3c14c9fd4fc8 FirstLBA 264192 Last LBA 5860532223 Attributes 0 Partition Name Basic data partition Disk Size: 3000592982016 bytes Sector size: 512 bytes Done! Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 32ACE782 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: A4B57300 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 976768002 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 500107862016 bytes Sector size: 512 bytes Done! Drive 4 Scanning MBR on drive 4... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 16F2A91F GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1488721325 GPT Header CurrentLba = 1 BackupLba 3906963455 GPT Header FirstUsableLba 34 LastUsableLba 3906963422 GPT Header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1488721325 Backup GPT header CurrentLba = 3906963455 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 3906963422 Backup GPT header Guid 3d190397-8d83-49af-80f6-8d8efbfab588 Backup GPT header Contains 128 partition entries starting at LBA 3906963423 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID a93d1147-5f85-40d6-a182-845d5d32a54c FirstLBA 2048 Last LBA 3906961407 Attributes 0 Partition Name Elements Disk Size: 2000365289472 bytes Sector size: 512 bytes Done! Drive 5 Scanning MBR on drive 5... Inspecting partition table: MBR Signature: 55AA Disk Signature: AD0A43C Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 732563456 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 3000592977920 bytes Sector size: 4096 bytes Done! Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2846E Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953517568 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000202043392 bytes Sector size: 512 bytes Done! File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-BE03C50E7EFF98B13C29A381B65A754FBC095DB4.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-BE03C50E7EFF98B13C29A381B65A754FBC095DB4.bin.83" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-BE03C50E7EFF98B13C29A381B65A754FBC095DB4.bin.7C" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-122882048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-123086848-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-6-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-6-r.mbam... Removal finished