Jump to content

kqwp

Members
 View Profile  See their activity

  • Posts

    2

  • Joined

  • Last visited

 Content Type 

Everything posted by kqwp

  1. kqwp
    Thank you so much Aura! The MBAR that you sent me worked perfectly and I have ran a root kit custom scan with MBAM that had removed everything. Here is the MBAR log: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.674.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.712000 GHz Memory total: 8540225536, free: 3320573952 Downloaded database version: v2017.10.31.16 Downloaded database version: v2017.10.14.01 Downloaded database version: v2017.09.01.01 ======================================= Initializing... DDA Driver installation error. Could not install driver on boot. Scan can't continue ======================================= Initializing... DDA Driver installation error. User declined to install driver on boot. Scan Aborted. ======================================= Initializing... DDA Driver installation error. Could not install driver on boot. Scan can't continue ======================================= Initializing... DDA Driver installation error. Could not install driver on boot. Scan can't continue Initializing... ======================================= DDA Driver installation error. Could not install driver on boot. Scan can't continue ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.15063 Windows 10 x64 Account is Administrative Internet Explorer version: 11.674.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.712000 GHz Memory total: 8540225536, free: 5544783872 Downloaded database version: v2017.11.01.03 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 10/31/2017 23:52:30 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\system32\drivers\lmbdhknq.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\msidntfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\teamviewervpn.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TeeDriverW8x64.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\bcmsmbsp.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\CMUSBDAC.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\WINDOWS\system32\drivers\1722E4C3.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.11.01.03 rootkit: v2017.10.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe48ad17c1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffe48ad16dd9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe48ad17c1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffe48acc291270, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe48acccd7e40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe48acc2903c0, DeviceName: \Device\00000034\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... File C:\WINDOWS\SYSTEM32\drivers\lmbdhknq.sys will be destroyed Infected: C:\WINDOWS\SYSTEM32\drivers\lmbdhknq.sys --> [Rootkit.Agent.PUA] File C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys will be destroyed Infected: C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys --> [Rootkit.Agent.PUA] Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: DE6B5D21 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000 Partition is bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1026048 Numsec = 487368704 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 250059350016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe48ad36c8060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffe48ad36c45a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe48ad36c8060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffffe48ad36c5060, DeviceName: \Device\00000058\, DriverName: \Driver\UASPStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 9A9C6931 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 3597728484 GPT Header CurrentLba = 1 BackupLba 5860533166 GPT Header FirstUsableLba 34 LastUsableLba 5860533133 GPT Header Guid 4a193177-6d6e-42a4-9ac7-34ea2eaca6b0 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 3597728484 Backup GPT header CurrentLba = 1 BackupLba 5860533166 Backup GPT header FirstUsableLba 34 LastUsableLba 5860533133 Backup GPT header Guid 4a193177-6d6e-42a4-9ac7-34ea2eaca6b0 Backup GPT header Contains 128 partition entries starting at LBA 2 Backup GPT header Partition entry size = 128 GPT header and Backup GPT header have conflicting data Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 652fc7b2-1f-4829-b01d-9e88951ae72 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 96b30132-ef76-493c-b39a-7f58f0cfdc5c FirstLBA 264192 Last LBA 5860532223 Attributes 0 Partition Name Basic data partition Disk Size: 3000592981504 bytes Sector size: 512 bytes Done! Infected: C:\Users\Owner\AppData\Local\rtmzadk\rtmzadk.exe --> [Trojan.Clicker] Infected: C:\Users\Owner\AppData\Local\rtmzadk\rtmzadk.exe --> [Trojan.Clicker] Infected: C:\Users\Owner\AppData\Local\rtmzadk\cgkaxmp.exe --> [Adware.Yelloader] Infected: C:\Users\Owner\AppData\Local\rtmzadk\cgkaxmp.exe --> [Adware.Yelloader] Infected: C:\Users\Owner\AppData\Local\rtmzadk\cgkaxmp.exe --> [Adware.Yelloader] Infected: C:\Users\Owner\AppData\Local\rtmzadk\cgkaxmp.exe --> [Adware.Yelloader] Infected: c:\users\owner\appdata\local\microsoft\windows\actioncentercache\com-squirrel-discord-discord_51068_0.png --> [Rootkit.Agent.PUA] Scan finished Creating System Restore point... Cleaning up... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.674.15063.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.712000 GHz Memory total: 8540225536, free: 6296977408 Downloaded database version: v2017.11.01.04 ======================================= Initializing... Driver version: 4.3.0.15 ------------ Kernel report ------------ 11/01/2017 00:54:15 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\System32\Drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\drivers\teamviewervpn.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\TeeDriverW8x64.sys \SystemRoot\System32\drivers\rt640x64.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\bcmsmbsp.sys \SystemRoot\system32\drivers\SpbCx.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\System32\drivers\acpipagr.sys \SystemRoot\System32\drivers\XtuAcpiDriver.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\CMUSBDAC.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\uaspstor.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\1722E4C3.sys ----------- End ----------- Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\lmbdhknq.sys-k.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\lmbdhknq.sys-u.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\lmbdhknq.sys-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\lmbdhknq.sys-(1)-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-k.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-u.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\msidntfs.sys-(1)-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1026048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\WINDOWS\SYSTEM32\drivers\lmbdhknq.sys... Removing C:\WINDOWS\SYSTEM32\drivers\msidntfs.sys... Removing C:\Users\Owner\AppData\Local\rtmzadk\rtmzadk.exe... Removing C:\Users\Owner\AppData\Local\rtmzadk\cgkaxmp.exe... Removing c:\users\owner\appdata\local\microsoft\windows\actioncentercache\com-squirrel-discord-discord_51068_0.png... Removal finished Done!
  2. kqwp
    This pesky virus has been rooted in my computer for a few weeks and I cannot seem to get rid of it. It redirects all my pages to the search engines and collects my data. I have attached all the necessary files (MBAR, Threat scan, FRST); please help me get rid of this virus. threat scan.txt system-log.txt FRST.txt Addition.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.