--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.789.19041.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 1.800000 GHz Memory total: 8464355328, free: 4682326016 Downloaded database version: v2022.04.19.04 Host not found Downloaded database version: v2022.04.19.04 Downloaded database version: v2022.04.19.04 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 04/19/2022 14:55:07 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\mssecflt.sys \SystemRoot\system32\drivers\SgrmAgent.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\tpm.sys \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\IntelTA.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\klupd_klif_arkmon.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\cm_km.sys \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\sdbus.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\urscx01000.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorAC.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\drivers\amdkmpfd.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\drivers\sdstor.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\Drivers\klupd_klif_klbg.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\klbackupdisk.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\klflt.sys \SystemRoot\system32\DRIVERS\klmouflt.sys \SystemRoot\system32\DRIVERS\klbackupflt.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\klif.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\kltap.sys \SystemRoot\System32\drivers\phantomtap.sys \SystemRoot\System32\drivers\tap0901.sys \SystemRoot\System32\drivers\Vid.sys \SystemRoot\System32\drivers\winhvr.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys \SystemRoot\System32\drivers\CAD.sys \SystemRoot\system32\DRIVERS\klhk.sys \SystemRoot\system32\DRIVERS\klgse.sys \SystemRoot\system32\DRIVERS\klpd.sys \SystemRoot\system32\DRIVERS\kldisk.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys \SystemRoot\System32\DriverStore\FileRepository\ialpss2_i2c_cnl.inf_amd64_666eecf21665eb26\iaLPSS2_I2C_CNL.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_e9ffe3f2557dd9e9\x64\TeeDriverW10x64.sys \SystemRoot\System32\DriverStore\FileRepository\nvlti.inf_amd64_b169173487045715\nvlddmkm.sys \SystemRoot\System32\DriverStore\FileRepository\ialpss2_uart2_cnl.inf_amd64_df1115697e57a59a\iaLPSS2_UART2_CNL.sys \SystemRoot\system32\drivers\SerCx2.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\necbatt.sys \SystemRoot\System32\drivers\AcpiVpc.sys \SystemRoot\System32\drivers\ICCWDT.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\SynTP.sys \SystemRoot\system32\DRIVERS\klkbdflt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\IntcAudioBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\Smb_driver_Intel.sys \SystemRoot\System32\DriverStore\FileRepository\ialpss2_gpio2_cnl.inf_amd64_d920c2a844f26eba\iaLPSS2_GPIO2_CNL.sys \SystemRoot\System32\Drivers\msgpioclx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\acpitime.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\DriverStore\FileRepository\dptf_acpi.inf_amd64_a5bac3087ca5f8d5\dptf_acpi.sys \SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\klpnpflt.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NvModuleTracker.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\clwvd7.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\drivers\hidi2c.sys \SystemRoot\System32\drivers\mshidkmdf.sys \SystemRoot\System32\drivers\IntcOED.sys \SystemRoot\System32\drivers\SynRMIHID.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\CimFS.SYS \SystemRoot\system32\DRIVERS\klwfp.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afunix.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\klwtp.sys \SystemRoot\system32\DRIVERS\klim6.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\System32\drivers\ndiscap.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\kneps.sys \??\C:\WINDOWS\System32\drivers\GUBootStartup.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\bam.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\dump_iaStorAC.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\dptf_cpu.sys \SystemRoot\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_e3868713e3d137ef\esif_lf.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\bindflt.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\drivers\msquic.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\Drivers\klupd_klif_mark.sys \SystemRoot\System32\Drivers\klupd_klif_klark.sys \SystemRoot\System32\DriverStore\FileRepository\ibtusb.inf_amd64_302b4a5c01dba18f\ibtusb.sys \SystemRoot\System32\drivers\BTHUSB.sys \SystemRoot\System32\drivers\BTHport.sys \SystemRoot\System32\drivers\Netwtw08.sys \SystemRoot\system32\DRIVERS\wdiwifi.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e96a5623ed9fa7ca\igdkmd64.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\DriverStore\FileRepository\intcdaud.inf_amd64_718877413f6508de\IntcDAud.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\MSKSSRV.sys \SystemRoot\system32\drivers\wd\WdFilter.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB42D532-B067-43A0-AF52-9F122D4F7634}\MpKslDrv.sys \SystemRoot\system32\drivers\wd\WdNisDrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\5651745D.sys ----------- End ----------- Done! Scan started Database versions: main: v2022.04.19.04 rootkit: v2022.04.19.04 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffd8898df1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffd889a6449d20, DeviceName: Unknown, DriverName: \Driver\klpnpflt\ DevicePointer: 0xffffd8898df1d8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffd8898df1f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffd8898dd058d0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffd8898de0f050, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorAC\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 3345113395 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid 84c27241-7ccf-43d9-9cf5-f5a6ae6cbda5 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 3345113395 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 84c27241-7ccf-43d9-9cf5-f5a6ae6cbda5 Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID d3283a6c-63f3-40a4-b14d-375c18f7b97 FirstLBA 2048 Last LBA 206847 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 8296af70-c41a-439e-bc92-3d42d48628f4 FirstLBA 206848 Last LBA 239615 Attributes 0 Partition Name Microsoft reserved partition Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 78a99398-ec0c-47e5-8add-e8fc41bdb4 FirstLBA 239616 Last LBA 254374513 Attributes 0 Partition Name Basic data partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID a4b7e769-d565-440a-9612-4b7e1b49f63 FirstLBA 254375936 Last LBA 255999999 Attributes 1 Partition Name Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 835ba5e8-9178-40fb-9b2a-4275efebdb FirstLBA 256002048 Last LBA 1953523711 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\EC6F62A404182F6FB54D32738ECB3684\SYSTEM.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\FD9518C0BCBBAE11CBF54AE8A6A0408D\SYSTEM.CORE.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\D858AD2B437D816C5425BF781233AC0B\SYSTEM.NUMERICS.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.RUNTEB92AA12#\F9E3B29DCD17EBE3CB5D9B16FCB914B4\SYSTEM.RUNTIME.SERIALIZATION.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\347893DC373D84A20E608BC4938ED4C4\SYSTEM.XML.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.NET.HTTP\B9A1E42AB7C4E49B1E18DD2D708C7446\SYSTEM.NET.HTTP.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.CONFIGURATION\17809AA56E98998B820AFAAD31B067BE\SYSTEM.CONFIGURATION.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\7382E0C5D800A4AD1B3AA6F3B5CEFE1A\SYSTEM.MANAGEMENT.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\F691FDDAEBFF71418F27CD3E020E6207\SYSTEM.RUNTIME.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\A0A9DE94CD1B9BBA1F617820EA16FE59\SYSTEM.WEB.NI.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SYSTEM.XAML\851E339EB31566C222DCDD4177770A3D\SYSTEM.XAML.NI.DLL" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removal finished