--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.789.19041.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.904000 GHz Memory total: 8522002432, free: 3076931584 Downloaded database version: v2022.10.24.05 Downloaded database version: v2022.10.24.05 Downloaded database version: v2018.01.20.01 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 10/24/2022 16:01:06 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\mssecflt.sys \SystemRoot\system32\drivers\SgrmAgent.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\IntelTA.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\stornvme.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_fc93ae411c02f280\BasicDisplay.sys \SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_ed345fdc37d65139\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\CimFS.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afunix.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\System32\drivers\ndiscap.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\System32\drivers\Vid.sys \SystemRoot\System32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\bam.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\amdxe.sys \SystemRoot\system32\DRIVERS\amdfendr.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\DriverStore\FileRepository\heci.inf_amd64_c22251d5ea82b3c3\x64\TeeDriverW10x64.sys \SystemRoot\System32\drivers\rtwlane01.sys \SystemRoot\system32\DRIVERS\wdiwifi.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\AtihdWT6.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\Drivers\dump_dumpstorport.sys \SystemRoot\System32\drivers\dump_stornvme.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\System32\Drivers\MbamChameleon.sys \SystemRoot\system32\drivers\bindflt.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\msquic.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\vwifimp.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\system32\DRIVERS\mwac.sys \SystemRoot\system32\DRIVERS\farflt.sys \??\C:\Windows\system32\drivers\mbae64.sys \??\C:\Windows\system32\DRIVERS\mbam.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\System32\cdd.dll \??\C:\Users\user\AppData\Local\Temp\A70FEC75-7154EB07-5BF9DEC1-CA3A5FF3\33b0b2389.sys \??\C:\Users\user\AppData\Local\Temp\33e06084e.sys \SystemRoot\System32\Drivers\de052b9d.sys \SystemRoot\System32\Drivers\klupd_de052b9da_mark.sys \??\C:\KVRT2020_Data\Temp\EA04D71EFC0E16AB22C9615549FEE4F2\klupd_de052b9da_arkmon.sys \SystemRoot\System32\Drivers\klupd_de052b9da_klark.sys \??\C:\Windows\system32\drivers\5477972E.sys ----------- End ----------- Done! Scan started Database versions: main: v2022.10.24.05 rootkit: v2022.10.24.05 <<<2>>> Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff908e61f020a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff908e61ebb8f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff908e61f020a0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffff908e61e7e8d0, DeviceName: Unknown, DriverName: \Driver\EhStorClass\ DevicePointer: 0xffff908e61a37050, DeviceName: \Device\00000039\, DriverName: \Driver\stornvme\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff908e61eee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff908e61d97040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff908e61eee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffff908e61922e30, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff908e61921050, DeviceName: \Device\00000038\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 0 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 30658510 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid c9700128-e2f3-4c20-afac-9331024d3ee GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 30658510 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid c9700128-e2f3-4c20-afac-9331024d3ee Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 6bbefbbe-a0d3-4ca8-8932-e2b8d967c23 FirstLBA 34 Last LBA 32767 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 5e78d700-8a4d-4baf-a96e-57e14bc9d7b FirstLBA 32768 Last LBA 1953521663 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Drive 1 This is a System drive Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 43D887F1 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1363357670 GPT Header CurrentLba = 1 BackupLba 488397167 GPT Header FirstUsableLba 34 LastUsableLba 488397134 GPT Header Guid be20b409-b26c-42b9-854d-1dcc5811f8c8 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1363357670 Backup GPT header CurrentLba = 488397167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 488397134 Backup GPT header Guid be20b409-b26c-42b9-854d-1dcc5811f8c8 Backup GPT header Contains 128 partition entries starting at LBA 488397135 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID 489a215a-60c6-42c3-916c-7f597bfd9cd8 FirstLBA 2048 Last LBA 206847 Attributes 0 Partition Name EFI system partition GPT Partition 0 is bootable Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 7083f6ba-a0d8-4245-979a-3f729621bd10 FirstLBA 206848 Last LBA 239615 Attributes 0 Partition Name Microsoft reserved partition Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 70778166-85b1-4a5b-8593-f5753364d40 FirstLBA 239616 Last LBA 487324944 Attributes 0 Partition Name Basic data partition Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID d359f4ea-2b9a-4f42-bbcd-b6bc2c7cf6a FirstLBA 487325696 Last LBA 488394751 Attributes 1 Partition Name Disk Size: 250059350016 bytes Sector size: 512 bytes Done! File "C:\Users\user\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removal finished