--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.789.19041.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.392000 GHz Memory total: 12864253952, free: 9030905856 Downloaded database version: v2022.02.13.04 Downloaded database version: v2022.02.13.04 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 02/13/2022 18:11:27 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\SgrmAgent.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\IntelTA.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\system32\drivers\52786336.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\wd\WdFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys \SystemRoot\system32\DRIVERS\googledrivefs3688.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\CimFS.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afunix.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\VBoxNetLwf.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\System32\drivers\ndiscap.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\System32\drivers\Vid.sys \SystemRoot\System32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys \SystemRoot\system32\DRIVERS\VBoxDrv.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\bam.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2707c70d42c54b4e\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\netr28x.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\TIxHCIlfilter.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TIxHCIufilter.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\dtliteusbbus.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys \SystemRoot\System32\drivers\dtlitescsibus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\stwrt64.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\system32\DRIVERS\udfs.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\bindflt.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\drivers\msquic.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\mqac.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\System32\DRIVERS\srv2.sys \??\C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\System32\Drivers\MbamChameleon.sys \SystemRoot\system32\drivers\wd\WdNisDrv.sys \SystemRoot\System32\drivers\WSDPrint.sys \??\C:\WINDOWS\system32\drivers\73348692.sys \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA6D5FB5-1417-4762-83C6-215B8BDFAB24}\MpKslDrv.sys ----------- End ----------- Done! Scan started Database versions: main: v2022.02.13.04 rootkit: v2022.02.13.04 <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffc089513be060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc0895133d8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc089513be060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffc08951213050, DeviceName: \Device\0000002c\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffc089513ad060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc0895133f8d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc089513ad060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffc089511e4050, DeviceName: \Device\0000002b\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 17024843 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 3907024896 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2BD2C32A Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 439345642 Partition is bootable Partition file system is NTFS Partition 2 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 439554048 Numsec = 1093632 Partition is not bootable Partition file system is NTFS Partition 3 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 440649728 Numsec = 28210352 Partition is bootable Partition file system is NTFS Disk Size: 240057409536 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xffffc08954128060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc089541276a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc08954128060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffc089541240a0, DeviceName: \Device\0000004c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xffffc08954118060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc089541148a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc08954118060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffc0895411f060, DeviceName: \Device\0000004d\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xffffc0895411b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc089540a2040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc0895411b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xffffc08954120060, DeviceName: \Device\0000004e\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xffffc0895411d060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffc0895411e5d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffc0895411d060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\ DevicePointer: 0xffffc0895411f5f0, DeviceName: \Device\0000004f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768) Infected: C:\ProgramData\KMSAutoS --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP1 --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\OemVista.inf --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.cat --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP1\ptun0901.sys --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP2 --> [HackTool.KMS] Infected: C:\ProgramData\KMSAutoS\bin\driver\x64TAP2\tapoas.cat --> [HackTool.KMS] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-206848-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-2-439554048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-3-440649728-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.19043 Windows 10 x64 Account is Administrative Internet Explorer version: 11.789.19041.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.392000 GHz Memory total: 12864253952, free: 9810329600 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.789.19041.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.392000 GHz Memory total: 12864253952, free: 9405267968 =======================================