JacobDrury Posted November 2, 2017 ID:1178495 Share Posted November 2, 2017 (edited) Story Spoiler I've had a lot of personal things that have gone on in my life recently that I will not share too much of. Yet some of this seems to coincide with recent events (Or it could be random). I was once friends with some "Hacker/s" years ago whom I met from Skype, who then added me on Facebook and etc. and have even made friends with my friends where I live. I am pretty computer savvy myself. I live in a small town, where everyone knows me for something computer related I did years ago at the age of 18. I am the go-to guy when people need tech . related help. I noticed my computer acting... differently at about the beginning of this year. I have not started to look for advanced help until now. Personal things have happened in my life, and recently (In September). Every account I owned; Microsoft accounts, Gmail, steam, origin, Samsung, etc. were hacked. I was on my computer trying to sign whoever-whatever out even while it was happening the first time (I did get some pictures/screenshots I took of the IP addresses from the Gmail details. Although I doubt it will help if they used a VPN...). They somehow even gained control of my OS (I had no control of my mouse, they moved it) I rushed and hit the reset switch. Soon after... A lot of other friends, who do I rarely talk to me, start acting as if they have been hacked as well. I thought at one point it was related to the CCleaner hack. Yet %0.001 of those infected were actually touched... I looked at services running, some even had mutex's it seemed (At least, it appears that way. Windows 10 may have changed the way services work...) The Hyper-V services were enabled by default (I'm pretty sure they are not supposed to be), as well as very odd and strange services; one even without a description. Some processes do not seem to be signed by Microsoft, or, faked. Even my BIOS, which is UEFI, I think has been affected... (Again, maybe taking the paranoia too far). I do know that rootkits can literally embed themselves so well, that they literally look as if they are part of the operating system and that nothing is wrong. Yet, in my years of working with/on computers, I have NEVER even had a computer virus, let alone, something of this level... I can tell when something just does not seem right. 2 TL;DR: I seem to be infected with a pretty advanced rootkit/etc. I'm not sure if I am being too paranoid, or, if there is something actually going on (Rootkits are almost impossible to detect, BADUSB , etc... Which are all available by a simple google search nowadays...) I have reinstalled Windows 10 x64 pro, with USB drives multiple times (Re-downloading it). I think the MBR, BIOS, Firmware of devices may be infected. I would appreciate the help and may consider buying software/upgrading components for these type of attacks. Addition.txt aswMBR.txt FRST.txt log file MWB.txt Edited November 2, 2017 by JacobDrury Link to post Share on other sites More sharing options...
JacobDrury Posted November 16, 2017 Author ID:1183359 Share Posted November 16, 2017 Bump Link to post Share on other sites More sharing options...
kevinf80 Posted November 16, 2017 ID:1183361 Share Posted November 16, 2017 Hello JacobDrury and welcome to Malwarebytes, Run Malwarebytes scan again as follows: Please open Malwarebytes Anti-Malware. On the Settings tab > Protection Scroll to and make sure the following are selected:Scan for RootkitsScan within Archives Scroll further to Potential Threat Protection make sure the following are set as follows:Potentially Unwanted Programs (PUP`s) set as :- Always detect PUP`s (recommended)Potentially Unwanted Modifications (PUM`s) set as :- Alwaysdetect PUM`s (recommended) Click on the Scan make sure Threat Scan is selected, A Threat Scan will begin. When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab If asked to restart your computer to complete the removal, please do so When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard. Wait for the prompt to restart the computer to appear, then click on Yes. After the restart once you are back at your desktop, open MBAM once more to retrieve the log. To get the log from Malwarebytes do the following: Click on the Reports tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options:Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Thank you, Kevin... Link to post Share on other sites More sharing options...
kevinf80 Posted November 19, 2017 ID:1184463 Share Posted November 19, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185319 Share Posted November 21, 2017 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/21/17 Scan Time: 2:15 AM Log File: c597e326-ce8b-11e7-98ef-38d5477a6a6c.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3308 License: Trial -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: FBI-SERVER\Jacob Drury -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 344974 Threats Detected: 0 (No malicious items detected) Threats Quarantined: 0 (No malicious items detected) Time Elapsed: 1 min, 28 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185326 Share Posted November 21, 2017 Hello JacobDrury, What makes you think your system is infected, do you have specific issues or concerns...? Run the following and post its log... Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system....https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Thank you, Kevin Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185351 Share Posted November 21, 2017 (edited) I will run the program and post the results. My computer seems to be running as a server? I'm apparently running Windows 10 x64 Pro. I even uploaded some files from windows to VirusTotal and other weird files. Some came back with more than 6/* rating, stating it was a Stuxnet type virus... I had my accounts hacked 3 times months ago along with other strange things. The Microsoft team help I seemed to speak with seemed fishy, and when they called me, they were very worried about me paying $99 for them to help me. The number also was flagged as spam/phishing/scam/etc. This happened when I contacted them - they didn't just randomly contact me. This could be complete paranoia. I just want to make %100 sure. I included some screenshots from over the past couple of months. Maybe you or others can look through it. I've reinstalled 20+ times on an SSD even with a newly bought USB drive. Clean installs, complete formats, with no other drives attached. Re-flashed BIOS. It also seems weird that there is a log-on option on certain services, as well, as what it seems to me looks like random mutex's after them which change every installation (Could be a feature and me overreacting). Spoiler Edited November 21, 2017 by JacobDrury Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185352 Share Posted November 21, 2017 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.54, November 2017 (build 5.54.14383.1) Started On Thu Nov 16 20:05:42 2017 Engine: 1.1.14306.0 Signatures: 1.257.0.0 Run Mode: Scan Run From Windows Update Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 16 20:06:20 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.54, November 2017 (build 5.54.14383.1) Started On Tue Nov 21 05:52:54 2017 Engine: 1.1.14306.0 Signatures: 1.257.0.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Tue Nov 21 05:55:31 2017 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185353 Share Posted November 21, 2017 Hello JacobDury, I see nothing in the screenshots to indicate Malware or infection, the Hitman Pro entries are related to TDSSKiller, that includes the flagged driver... run the following for deeper look: Follow the instructions at this link to run MBAR: https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ Post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt Thank you, Kevin Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185354 Share Posted November 21, 2017 (edited) system-log.txt tmbar-log-2017-11-21 (06-13-40).txt Malwarebytes Anti-Rootkit BETA 1.10.3.1001 www.malwarebytes.org Database version: main: v2017.11.21.03 rootkit: v2017.10.14.01 Windows 10 x64 NTFS Internet Explorer 11.64.16299.0 Jacob Drury :: FBI-SERVER [administrator] 11/21/2017 6:13:40 AM mbar-log-2017-11-21 (06-13-40).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 256763 Time elapsed: 6 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.10.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.64.16299.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED CPU speed: 4.335000 GHz Memory total: 8481812480, free: 5199486976 Downloaded database version: v2017.11.21.03 Initializing... ====================== Driver version: 4.3.0.15 ------------ Kernel report ------------ 11/21/2017 06:13:32 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\WppRecorder.sys \SystemRoot\system32\drivers\SleepStudyHelper.sys \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\system32\drivers\mssecflt.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\storahci.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\System32\Drivers\MbamChameleon.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\vmbkmclr.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \??\C:\Windows\System32\drivers\GUBootStartup.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \??\C:\Windows\system32\drivers\mbae64.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\bam.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\System32\DriverStore\FileRepository\nv_desktop_ref4i.inf_amd64_f789533c42778e78\nvlddmkm.sys \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\System32\drivers\portcls.sys \SystemRoot\System32\drivers\drmk.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\System32\drivers\e1i63x64.sys \SystemRoot\System32\drivers\usbohci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\wmiacpi.sys \SystemRoot\System32\drivers\amdppm.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\nvvhci.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\DRIVERS\HdAudio.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\drivers\USBSTOR.SYS \SystemRoot\System32\drivers\wdcsam64.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\LifeCamTrueColor.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_storahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\drivers\cldflt.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\drivers\rassstp.sys \SystemRoot\System32\DRIVERS\NDProxy.sys \SystemRoot\System32\drivers\AgileVpn.sys \SystemRoot\System32\drivers\rasl2tp.sys \SystemRoot\System32\drivers\raspptp.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\drivers\ndiswan.sys \SystemRoot\System32\Drivers\mbamswissarmy.sys \SystemRoot\system32\DRIVERS\mwac.sys \SystemRoot\System32\drivers\tunnel.sys \SystemRoot\system32\DRIVERS\farflt.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \SystemRoot\system32\DRIVERS\mbam.sys \SystemRoot\system32\drivers\wcnfs.sys \??\C:\Windows\system32\drivers\2351258E.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.11.21.03 rootkit: v2017.10.14.01 <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9684973c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff9684972c39d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9684973c8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffff968495b56060, DeviceName: \Device\00000030\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Drive 0 This is a System drive Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 631B231E GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 1214821119 GPT Header CurrentLba = 1 BackupLba 500118191 GPT Header FirstUsableLba 34 LastUsableLba 500118158 GPT Header Guid 6517f6df-b588-4417-8166-4180d7ee1c69 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 1214821119 Backup GPT header CurrentLba = 500118191 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 500118158 Backup GPT header Guid 6517f6df-b588-4417-8166-4180d7ee1c69 Backup GPT header Contains 128 partition entries starting at LBA 500118159 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 82de2b3d-c24-4ed7-807a-a92f59bab0cf FirstLBA 2048 Last LBA 1023999 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID cfc04867-2506-45bf-9a7c-22828c92d679 FirstLBA 1024000 Last LBA 1228799 Attributes 0 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID fb456d5f-2497-4233-a3fb-40d6c2ad43a FirstLBA 1228800 Last LBA 1261567 Attributes 0 Partition Name Microsoft reserved partition Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID acd89659-bace-4a61-aee6-4e5d399ddf4 FirstLBA 1261568 Last LBA 500117503 Attributes 0 Partition Name Basic data partition Disk Size: 256060514304 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9684973c7060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff9684972c29d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9684973c7060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xffff968495b54060, DeviceName: \Device\00000031\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 8026004 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 3630961948 GPT Header CurrentLba = 1 BackupLba 1953525167 GPT Header FirstUsableLba 34 LastUsableLba 1953525134 GPT Header Guid 20add929-b08f-421d-ab28-fd9d33b6508f GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 3630961948 Backup GPT header CurrentLba = 1953525167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134 Backup GPT header Guid 20add929-b08f-421d-ab28-fd9d33b6508f Backup GPT header Contains 128 partition entries starting at LBA 1953525135 Backup GPT header Partition entry size = 128 Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 755bf0e5-c07-4de0-bde-c267602d8378 FirstLBA 2048 Last LBA 1953523711 Attributes 0 Partition Name Basic data partition Disk Size: 1000204886016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffff9684973c6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff9684972c19d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9684973c6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xffff968495b52060, DeviceName: \Device\00000032\, DriverName: \Driver\storahci\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: C0047FF GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2609621635 GPT Header CurrentLba = 1 BackupLba 7814037167 GPT Header FirstUsableLba 34 LastUsableLba 7814037134 GPT Header Guid 2bb87148-b218-424d-b111-761fca74d1e GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2609621635 Backup GPT header CurrentLba = 7814037167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 7814037134 Backup GPT header Guid 2bb87148-b218-424d-b111-761fca74d1e Backup GPT header Contains 128 partition entries starting at LBA 7814037135 Backup GPT header Partition entry size = 128 Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID 2199f1a2-eddf-463c-952b-f1b0271a9f85 FirstLBA 34 Last LBA 262177 Attributes 0 Partition Name Microsoft reserved partition Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID d338fe46-d02d-4981-844e-5ebb3ca971f1 FirstLBA 264192 Last LBA 7814035455 Attributes 0 Partition Name Basic data partition Disk Size: 4000787030016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 3, DevicePointer: 0xffff968497c3c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffff968497c3f9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff968497c3c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffff968497c41b10, DeviceName: \Device\00000044\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: 23F15 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 1953456128 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1000170586112 bytes Sector size: 512 bytes Done! <<<2>>> <<<3>>> Volume: F: Volume is encrypted by BITLOCKER File "C:\Users\Jacob Drury\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-4123703589638F8092E04365CFCF7EE94B3F7335.bin.83" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-4123703589638F8092E04365CFCF7EE94B3F7335.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-4123703589638F8092E04365CFCF7EE94B3F7335.bin.7C" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished Edited November 21, 2017 by JacobDrury Edited for easier viewing Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185364 Share Posted November 21, 2017 That is another set of clean logs, what are your thoughts, do you still have issues/concerns...? Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185390 Share Posted November 21, 2017 (edited) I do sadly... The system seems to be clean, yet, I get weird IP addresses in logs. My video card's BIOS seems to have been flashed. Weird PCI devices seem to come from the video card. Windows no longer detect the smart TV I have, it just installs a basic driver. I don't know if it was touched... I sadly made friends with a/some hackers I should not have. I feel like they have done some pretty advanced things as well. If everything looks fine though, I will carry on and just hope nothing happens. I may be dwelling way too deep into this. I've had a lot of personal things happen recently, I am a fairly big target for others to take revenge on sadly with recent events. Thank you for your help, though. Edited November 21, 2017 by JacobDrury Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185395 Share Posted November 21, 2017 (edited) I am running a "Tron" The logs from when it runs Sophos - A virus/rootkit/bootkit removal tool. There are things it cannot access, or open. It seems strange. I can send the logs. Like this Downloading updates... Checking for updates... Installing updates... Update successful Couldn't apply option 'EnableSafeClean' to the detection engine [0xa004020c]. Version info: Product version 2.6.1 Version info: Detection engine 3.68.6 Version info: Detection data 5.44 Version info: Build date 9/19/2017 Version info: Data files added 432 Version info: Last successful update 11/21/2017 8:53:58 AM Warning: rootkit scan failed to open device "\\?\Volume{00023f15-0000-0000-0000-100000000000}" (-2144272384) Warning: rootkit scan failed to open device "\\?\Volume{755bf0e5-0c07-4de0-bd0e-c267602d8378}" (-2144272384) Warning: rootkit scan failed to open device "\\?\Volume{d338fe46-d02d-4981-844e-5ebb3ca971f1}" (-2144272384) Could not open C:\hiberfil.sys Could not open C:\pagefile.sys Could not open C:\swapfile.sys Could not open C:\Windows\System32\config\BBI Could not open C:\Windows\System32\config\RegBack\DEFAULT Could not open C:\Windows\System32\config\RegBack\SAM Could not open C:\Windows\System32\config\RegBack\SECURITY Could not open C:\Windows\System32\config\RegBack\SOFTWARE Could not open C:\Windows\System32\config\RegBack\SYSTEM Could not open LOGICAL:0003:00000000 Could not open D:\ Could not open LOGICAL:0004:00000000 Could not open E:\ Could not open LOGICAL:0005:00000000 Could not open F:\ Could not open LOGICAL:0006:00000000 Could not open G:\ What are the "\\?\volume{RANDOM-STRING}' ? Edited November 21, 2017 by JacobDrury Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185438 Share Posted November 21, 2017 Those are restore point entries, the entries you`ve posted are not unusual for Sophos AV logs... Run the following: Please download Gmer from Here by clicking on the "Download EXE" Button. Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent. If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO. In the right panel, you will see several boxes that have been checked. Uncheck the following ...Sections IAT/EAT Show All ( should be unchecked by default ) Leave everything else as it is. Close all other running Programs as well as your Browsers. Click the Scan button & wait for it to finish. Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. Save it where you can easily find it, such as your desktop. Please post the content of the ark.txt here. **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries **If GMER crashes** Follow the instructions here and disable your security temporarily… Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185446 Share Posted November 21, 2017 (edited) I am running it now. Thank you for your time and patience for taking the time out to help me. I'll be sure to donate for your time. Edited November 21, 2017 by JacobDrury Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185455 Share Posted November 21, 2017 If this log comes back clean probably an offline scan is the next check to make... Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185459 Share Posted November 21, 2017 My computer "Bluescreened" the first scan. I will try again. Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185461 Share Posted November 21, 2017 Yes very common, all security must be disabled.... Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185478 Share Posted November 21, 2017 (edited) It blue screened yet again, even after turning EVERYTHING security wise, off. It also bluescreened on login. Another weird thing I forgot to mention. In my BIOS, I cannot switch off the "Wake on LAN feature" it turns itself back on. It also seems to be in a different part of the BIOS - NIC. EDIT: I also used this a month or so ago with the same results. I then used Avast's program, it bluescreened with it as well while being locked out of screening certain things. Processes seem to change their version number randomly, then disappear as well. Either I am looking way to into this/going crazy. Or this is a VERY serious infection... I've considered just rebuilding at this point and taking the loss. I've never been infected in my life, I'm fairly computer savvy. Yet this baffles me. That or Windows 10 has some SERIOUS issues. Edited November 21, 2017 by JacobDrury Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185485 Share Posted November 21, 2017 Try offline scan with Windows Defender.. https://www.tenforums.com/tutorials/42305-windows-defender-offline-scan-windows-10-a.html Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185516 Share Posted November 21, 2017 I did. Nothing found. :/ Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185536 Share Posted November 21, 2017 One last check, select Windows Key and X Key together, from the list select Command Prompt (Admin) at the prompt copy and paste the following command: dir C:\Windows\system32\drivers > 0 & notepad 0 then hit enter, notepad will open. Attach that to your reply... Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185561 Share Posted November 21, 2017 Volume in drive C has no label. Volume Serial Number is D492-8618 Directory of C:\Windows\system32\drivers 11/21/2017 03:34 PM <DIR> . 11/21/2017 03:34 PM <DIR> .. 09/29/2017 08:41 AM 237,056 1394ohci.sys 11/21/2017 06:13 AM 255,928 2351258E.sys 09/29/2017 08:41 AM 107,416 3ware.sys 09/29/2017 08:41 AM 733,592 acpi.sys 09/29/2017 08:41 AM 20,480 AcpiDev.sys 09/29/2017 08:41 AM 127,896 acpiex.sys 09/29/2017 08:41 AM 12,800 acpipagr.sys 09/29/2017 08:41 AM 14,336 acpipmi.sys 09/29/2017 08:41 AM 13,312 acpitime.sys 09/29/2017 08:41 AM 1,135,512 adp80xx.sys 09/29/2017 08:41 AM 614,296 afd.sys 09/29/2017 08:41 AM 108,032 agilevpn.sys 09/29/2017 08:41 AM 240,640 ahcache.sys 09/29/2017 08:41 AM 180,224 amdk8.sys 09/29/2017 08:41 AM 178,176 amdppm.sys 09/29/2017 08:41 AM 83,352 amdsata.sys 09/29/2017 08:41 AM 258,592 amdsbs.sys 09/29/2017 08:41 AM 27,032 amdxata.sys 09/29/2017 08:41 AM 191,008 appid.sys 09/29/2017 08:41 AM 18,432 applockerfltr.sys 09/29/2017 09:42 AM 126,872 AppVStrm.sys 09/29/2017 09:42 AM 158,616 AppvVemgr.sys 09/29/2017 09:42 AM 143,768 AppvVfs.sys 09/29/2017 08:41 AM 131,992 arcsas.sys 09/29/2017 08:41 AM 28,160 asyncmac.sys 09/29/2017 08:41 AM 28,568 atapi.sys 09/29/2017 08:41 AM 194,456 ataport.sys 09/29/2017 08:42 AM 60,312 bam.sys 09/29/2017 08:41 AM 58,880 BasicDisplay.sys 10/10/2017 12:34 AM 34,816 BasicRender.sys 09/29/2017 08:41 AM 39,832 battc.sys 09/29/2017 08:41 AM 9,728 bcmfn2.sys 09/29/2017 08:42 AM 10,240 beep.sys 09/29/2017 08:41 AM 101,888 bowser.sys 09/29/2017 08:41 AM 116,736 bridge.sys 09/29/2017 08:41 AM 23,040 BtaMPM.sys 09/29/2017 08:41 AM 45,056 BthAvrcpTg.sys 09/29/2017 08:41 AM 107,008 bthhfenum.sys 09/29/2017 08:41 AM 31,232 BthhfHid.sys 09/29/2017 08:40 AM 67,584 bthmodem.sys 09/29/2017 08:41 AM 37,784 bttflt.sys 09/29/2017 08:41 AM 39,424 buttonconverter.sys 09/29/2017 08:41 AM 533,912 bxvbda.sys 09/29/2017 08:40 AM 60,312 CAD.sys 09/29/2017 08:41 AM 122,368 capimg.sys 09/29/2017 08:41 AM 93,184 cdfs.sys 09/29/2017 08:41 AM 159,744 cdrom.sys 09/29/2017 08:41 AM 78,744 CEA.sys 09/29/2017 08:41 AM 141,208 cht4dx64.sys 09/29/2017 08:41 AM 357,272 cht4sx64.sys 09/29/2017 08:41 AM 1,723,288 cht4vx64.sys 09/29/2017 08:40 AM 49,152 circlass.sys 09/29/2017 08:41 AM 403,352 Classpnp.sys 09/29/2017 08:41 AM 384,000 cldflt.sys 10/10/2017 02:00 AM 373,656 clfs.sys 09/29/2017 08:41 AM 1,007,512 ClipSp.sys 09/29/2017 08:41 AM 29,696 CmBatt.sys 09/29/2017 08:41 AM 28,568 cmimcext.sys 10/10/2017 01:48 AM 677,280 cng.sys 09/29/2017 08:41 AM 39,320 cnghwassist.sys 09/29/2017 08:41 AM 55,704 condrv.sys 09/29/2017 08:41 AM 85,912 crashdmp.sys 09/29/2017 09:42 AM 559,616 csc.sys 09/29/2017 08:42 AM 81,304 dam.sys 09/29/2017 08:41 AM 61,440 dc1-controller.sys 09/29/2017 08:41 AM 45,056 devauthe.sys 09/29/2017 08:41 AM 151,040 dfsc.sys 09/29/2017 08:41 AM 94,104 disk.sys 09/29/2017 08:41 AM 38,808 Diskdump.sys 09/29/2017 08:41 AM 15,360 Dmpusbstor.sys 09/29/2017 08:41 AM 46,592 dmvsc.sys 09/29/2017 08:40 AM 96,768 drmk.sys 09/29/2017 08:40 AM 16,224 drmkaud.sys 09/29/2017 08:41 AM 35,736 Dumpata.sys 09/29/2017 08:43 AM 91,152 dumpfve.sys 10/24/2017 11:36 PM 187,288 dumpsd.sys 09/29/2017 08:41 AM 32,256 dumpsdport.sys 09/29/2017 08:41 AM 25,600 Dumpstorport.sys 10/24/2017 11:34 PM 2,573,208 dxgkrnl.sys 09/29/2017 08:41 AM 408,096 dxgmms1.sys 09/29/2017 08:41 AM 749,976 dxgmms2.sys 09/29/2017 08:40 AM 524,800 e1i63x64.sys 04/20/2015 12:02 PM 486,344 e1r65x64.sys 09/29/2017 08:41 AM 87,960 EhStorClass.sys 09/29/2017 08:40 AM 118,680 EhStorTcgDrv.sys 11/16/2017 08:13 PM <DIR> en-US 09/29/2017 08:41 AM 13,824 errdev.sys 09/29/2017 08:46 AM <DIR> etc 09/29/2017 08:41 AM 3,419,032 evbda.sys 09/29/2017 08:41 AM 354,304 exfat.sys 11/21/2017 03:34 PM 110,016 farflt.sys 09/29/2017 08:41 AM 371,608 fastfat.sys 09/29/2017 08:41 AM 32,768 fdc.sys 09/29/2017 08:41 AM 55,808 filecrypt.sys 09/29/2017 08:41 AM 85,400 fileinfo.sys 09/29/2017 08:41 AM 36,864 filetrace.sys 09/29/2017 08:41 AM 26,624 flpydisk.sys 09/29/2017 08:41 AM 398,744 fltMgr.sys 09/29/2017 08:41 AM 62,872 fsdepends.sys 09/29/2017 08:41 AM 34,200 fs_rec.sys 09/29/2017 08:43 AM 727,448 fvevol.sys 09/29/2017 08:41 AM 441,240 FWPKCLNT.SYS 09/29/2017 08:41 AM 20,992 genericusbfn.sys 09/29/2017 08:41 AM 3,440,660 gm.dls 09/29/2017 08:41 AM 646 gmreadme.txt 09/29/2017 08:41 AM 8,192 gpuenergydrv.sys 11/16/2017 09:43 PM 20,160 GUBootStartup.sys 09/29/2017 08:40 AM 86,016 hdaudbus.sys 09/29/2017 08:40 AM 441,344 HdAudio.sys 09/29/2017 08:41 AM 38,296 hidbatt.sys 09/29/2017 08:41 AM 114,688 hidbth.sys 09/29/2017 08:41 AM 187,392 hidclass.sys 09/29/2017 08:41 AM 52,224 hidi2c.sys 09/29/2017 08:41 AM 50,584 hidinterrupt.sys 09/29/2017 08:40 AM 46,592 hidir.sys 09/29/2017 08:41 AM 45,568 hidparse.sys 09/29/2017 08:41 AM 40,960 hidusb.sys 09/29/2017 08:41 AM 63,520 HpSAMD.sys 09/29/2017 08:41 AM 1,103,768 http.sys 09/29/2017 08:41 AM 73,112 hvservice.sys 09/29/2017 08:41 AM 129,432 hvsocket.sys 09/29/2017 08:41 AM 29,592 hwpolicy.sys 09/29/2017 08:41 AM 16,896 hyperkbd.sys 09/29/2017 08:41 AM 28,160 HyperVideo.sys 09/29/2017 08:41 AM 105,984 i8042prt.sys 09/29/2017 08:40 AM 36,864 iagpio.sys 09/29/2017 08:40 AM 91,648 iai2c.sys 09/29/2017 08:40 AM 79,360 iaLPSS2i_GPIO2.sys 09/29/2017 08:40 AM 88,576 iaLPSS2i_GPIO2_BXT_P.sys 09/29/2017 08:40 AM 171,520 iaLPSS2i_I2C.sys 09/29/2017 08:40 AM 174,592 iaLPSS2i_I2C_BXT_P.sys 09/29/2017 08:41 AM 38,128 iaLPSSi_GPIO.sys 09/29/2017 08:40 AM 113,152 iaLPSSi_I2C.sys 07/07/2015 02:33 AM 155,192 iANSW60e.sys 09/29/2017 08:41 AM 674,200 iaStorAV.sys 09/29/2017 08:41 AM 412,056 iaStorV.sys 09/29/2017 08:41 AM 526,232 ibbus.sys 09/29/2017 08:41 AM 39,424 IndirectKmd.sys 09/29/2017 08:41 AM 19,352 intelide.sys 09/29/2017 08:41 AM 130,640 intelpep.sys 09/29/2017 08:41 AM 198,656 intelppm.sys 09/29/2017 08:41 AM 38,912 invdimm.sys 09/29/2017 08:41 AM 56,728 iorate.sys 09/29/2017 08:41 AM 85,504 ipfltdrv.sys 09/29/2017 08:41 AM 92,056 IPMIDrv.sys 09/29/2017 08:41 AM 214,016 ipnat.sys 09/29/2017 08:41 AM 26,112 ipt.sys 05/07/2015 02:59 PM 37,832 iqvw64e.sys 09/29/2017 08:42 AM 119,808 irda.sys 09/29/2017 08:42 AM 19,968 irenum.sys 09/29/2017 08:41 AM 22,936 isapnp.sys 09/29/2017 08:41 AM 63,384 kbdclass.sys 09/29/2017 08:41 AM 40,448 kbdhid.sys 09/29/2017 08:41 AM 23,040 kdnic.sys 09/29/2017 08:41 AM 394,752 ks.sys 10/10/2017 02:14 AM 139,672 ksecdd.sys 09/29/2017 08:41 AM 170,904 ksecpkg.sys 09/29/2017 08:41 AM 27,136 ksthunk.sys 07/27/2016 06:39 AM 37,928 LifeCamTrueColor.sys 09/29/2017 08:41 AM 65,024 lltdio.sys 09/29/2017 08:41 AM 108,064 lsi_sas.sys 09/29/2017 08:41 AM 123,800 lsi_sas2i.sys 09/29/2017 08:41 AM 103,320 lsi_sas3i.sys 09/29/2017 08:41 AM 82,840 lsi_sss.sys 10/24/2017 10:04 PM 124,928 luafv.sys 09/29/2017 08:41 AM 505,240 mausbhost.sys 09/29/2017 08:41 AM 55,840 mausbip.sys 11/01/2017 08:54 AM 77,432 mbae64.sys 11/21/2017 03:34 PM 46,008 mbam.sys 11/21/2017 02:28 PM 193,464 MbamChameleon.sys 11/21/2017 03:34 PM 253,880 mbamswissarmy.sys 09/29/2017 08:42 AM 23,552 mcd.sys 09/29/2017 08:41 AM 59,800 megasas.sys 09/29/2017 08:41 AM 63,520 MegaSas2i.sys 09/29/2017 08:41 AM 575,896 megasr.sys 09/29/2017 08:41 AM 842,648 mlx4_bus.sys 09/29/2017 08:41 AM 43,520 mmcss.sys 09/29/2017 08:42 AM 42,496 modem.sys 09/29/2017 08:41 AM 38,912 monitor.sys 09/29/2017 08:41 AM 57,240 mouclass.sys 09/29/2017 08:41 AM 32,768 mouhid.sys 09/29/2017 08:41 AM 103,320 mountmgr.sys 09/29/2017 08:41 AM 75,776 mpsdrv.sys 09/29/2017 08:42 AM 143,872 mrxdav.sys 09/29/2017 08:41 AM 496,536 mrxsmb.sys 10/10/2017 01:53 AM 232,344 mrxsmb20.sys 09/29/2017 08:41 AM 31,232 msfs.sys 09/29/2017 08:41 AM 169,880 msgpioclx.sys 09/29/2017 08:41 AM 49,048 msgpiowin32.sys 09/29/2017 08:41 AM 8,704 mshidkmdf.sys 09/29/2017 08:41 AM 11,776 mshidumdf.sys 09/29/2017 08:41 AM 27,136 mshwnclx.sys 09/29/2017 08:41 AM 18,840 msisadrv.sys 09/29/2017 08:41 AM 279,448 msiscsi.sys 09/29/2017 08:41 AM 33,280 mskssrv.sys 09/29/2017 08:41 AM 84,480 mslldp.sys 09/29/2017 08:41 AM 10,752 mspclock.sys 09/29/2017 08:41 AM 10,752 mspqm.sys 09/29/2017 08:41 AM 376,864 msrpc.sys 09/29/2017 09:42 AM 293,272 mssecflt.sys 09/29/2017 08:41 AM 40,856 mssmbios.sys 09/29/2017 08:41 AM 12,800 mstee.sys 09/29/2017 08:41 AM 16,896 MTConfig.sys 09/29/2017 08:41 AM 123,800 mup.sys 09/29/2017 08:41 AM 63,896 mvumis.sys 11/21/2017 03:34 PM 94,144 mwac.sys 09/29/2017 08:41 AM 108,952 ndfltr.sys 09/29/2017 08:41 AM 1,278,872 ndis.sys 09/29/2017 08:42 AM 50,688 ndiscap.sys 09/29/2017 08:41 AM 128,000 NdisImPlatform.sys 09/29/2017 08:41 AM 27,136 ndistapi.sys 09/29/2017 08:41 AM 65,024 ndisuio.sys 09/29/2017 08:41 AM 21,504 NdisVirtualBus.sys 09/29/2017 08:41 AM 192,000 ndiswan.sys 09/29/2017 08:41 AM 62,464 ndproxy.sys 09/29/2017 08:41 AM 124,416 Ndu.sys 09/29/2017 08:41 AM 132,608 NetAdapterCx.sys 09/29/2017 08:41 AM 57,752 netbios.sys 09/29/2017 08:41 AM 316,928 netbt.sys 09/29/2017 08:41 AM 535,960 netio.sys 09/29/2017 08:41 AM 192,512 netvsc.sys 09/29/2017 08:41 AM 73,216 npfs.sys 09/29/2017 08:41 AM 26,112 npsvctrig.sys 09/29/2017 08:41 AM 44,544 nsiproxy.sys 10/24/2017 11:36 PM 2,400,664 ntfs.sys 09/29/2017 08:41 AM 19,864 ntosext.sys 09/29/2017 08:41 AM 7,168 null.sys 09/29/2017 08:41 AM 88,576 nvdimmn.sys 11/14/2017 05:48 PM 225,208 nvhda64v.sys 09/29/2017 08:41 AM 150,424 nvraid.sys 09/29/2017 08:41 AM 166,296 nvstor.sys 07/14/2010 05:33 PM 2,746,624 nvtcam.sys 07/14/2010 05:32 PM 36,224 nvtcamd2.sys 11/14/2017 05:48 PM 50,808 nvvad64v.sys 11/15/2017 08:41 PM 57,792 nvvhci.sys 10/10/2017 12:32 AM 529,408 nwifi.sys 09/29/2017 08:41 AM 152,984 pacer.sys 09/29/2017 08:41 AM 98,816 parport.sys 09/29/2017 08:41 AM 165,784 partmgr.sys 09/29/2017 08:41 AM 362,904 pci.sys 09/29/2017 08:41 AM 16,280 pciide.sys 09/29/2017 08:41 AM 53,144 pciidex.sys 09/29/2017 08:40 AM 119,704 pcmcia.sys 09/29/2017 08:41 AM 53,144 pcw.sys 09/29/2017 08:41 AM 123,288 pdc.sys 09/29/2017 08:42 AM 723,968 PEAuth.sys 09/29/2017 08:41 AM 58,776 percsas2i.sys 09/29/2017 08:41 AM 61,848 percsas3i.sys 09/29/2017 08:41 AM 100,352 pmem.sys 09/29/2017 08:41 AM 16,896 pnpmem.sys 09/29/2017 08:40 AM 379,392 portcls.sys 09/29/2017 08:41 AM 177,152 processr.sys 09/29/2017 08:41 AM 49,152 qwavedrv.sys 09/29/2017 08:41 AM 39,832 ramdisk.sys 09/29/2017 08:41 AM 17,920 rasacd.sys 09/29/2017 08:41 AM 106,496 rasl2tp.sys 09/29/2017 08:41 AM 82,944 raspppoe.sys 09/29/2017 08:41 AM 97,280 raspptp.sys 09/29/2017 08:41 AM 78,336 rassstp.sys 10/24/2017 11:24 PM 428,952 rdbss.sys 09/29/2017 09:42 AM 27,136 rdpbus.sys 09/29/2017 09:42 AM 182,784 rdpdr.sys 09/29/2017 09:42 AM 30,616 rdpvideominiport.sys 09/29/2017 08:42 AM 282,520 rdyboost.sys 09/29/2017 08:41 AM 1,849,752 refs.sys 09/29/2017 08:41 AM 936,856 refsv1.sys 09/29/2017 08:41 AM 43,008 RfxVmt.sys 09/29/2017 08:41 AM 103,936 rhproxy.sys 09/29/2017 08:41 AM 149,504 rmcast.sys 09/29/2017 08:42 AM 35,328 RNDISMP.sys 09/29/2017 08:42 AM 13,312 rootmdm.sys 09/29/2017 08:41 AM 80,896 rspndr.sys 09/29/2017 08:41 AM 59,904 rteth.sys 09/29/2017 08:41 AM 109,976 sbp2port.sys 09/29/2017 08:42 AM 43,008 scfilter.sys 09/29/2017 08:41 AM 118,168 scmbus.sys 09/29/2017 08:42 AM 175,512 scsiport.sys 10/24/2017 11:39 PM 285,080 sdbus.sys 09/29/2017 08:41 AM 33,176 SDFRd.sys 09/29/2017 08:41 AM 97,688 sdport.sys 09/29/2017 08:41 AM 96,664 sdstor.sys 09/29/2017 08:41 AM 74,784 SerCx.sys 09/29/2017 08:41 AM 154,520 SerCx2.sys 09/29/2017 08:41 AM 25,088 serenum.sys 09/29/2017 08:41 AM 84,992 serial.sys 09/29/2017 08:41 AM 28,160 sermouse.sys 09/29/2017 08:41 AM 17,920 sfloppy.sys 09/29/2017 08:41 AM 44,952 sisraid2.sys 09/29/2017 08:41 AM 81,816 sisraid4.sys 11/21/2017 07:41 AM 171,664 SIVX64.sys 09/29/2017 08:41 AM 34,200 SleepStudyHelper.sys 09/29/2017 08:42 AM 21,504 smclib.sys 09/29/2017 08:41 AM 171,416 spacedump.sys 09/29/2017 08:41 AM 571,288 spaceport.sys 09/29/2017 09:42 AM 56,216 SpatialGraphFilter.sys 09/29/2017 08:41 AM 81,816 SpbCx.sys 10/10/2017 12:24 AM 726,016 srv2.sys 09/29/2017 08:41 AM 258,560 srvnet.sys 09/29/2017 08:41 AM 31,128 stexstor.sys 09/29/2017 08:41 AM 149,400 storahci.sys 09/29/2017 08:41 AM 103,320 stornvme.sys 10/24/2017 11:32 PM 559,512 storport.sys 09/29/2017 08:41 AM 79,872 storqosflt.sys 10/24/2017 11:31 PM 45,464 storufs.sys 09/29/2017 08:41 AM 39,320 storvsc.sys 09/29/2017 08:42 AM 75,264 stream.sys 09/29/2017 08:41 AM 18,328 swenum.sys 09/29/2017 08:41 AM 64,512 Synth3dVsc.sys 09/29/2017 08:42 AM 31,232 tape.sys 09/29/2017 08:41 AM 28,056 tbs.sys 09/29/2017 08:41 AM 2,773,400 tcpip.sys 09/29/2017 08:41 AM 51,712 tcpipreg.sys 09/29/2017 08:41 AM 40,344 tdi.sys 09/29/2017 08:41 AM 121,240 tdx.sys 09/29/2017 09:42 AM 37,272 terminpt.sys 09/29/2017 08:41 AM 128,408 tm.sys 09/29/2017 08:41 AM 229,272 tpm.sys 09/29/2017 08:41 AM 62,976 TsUsbFlt.sys 09/29/2017 08:41 AM 35,328 TsUsbGD.sys 09/29/2017 09:42 AM 126,464 tsusbhub.sys 09/29/2017 08:41 AM 106,496 tunnel.sys 09/29/2017 08:41 AM 79,256 uaspstor.sys 10/24/2017 10:16 PM 114,688 UcmCx.sys 09/29/2017 08:41 AM 146,944 UcmTcpciCx.sys 10/10/2017 12:34 AM 57,344 UcmUcsi.sys 09/29/2017 08:41 AM 227,224 Ucx01000.sys 09/29/2017 08:41 AM 45,056 Udecx.sys 09/29/2017 08:42 AM 323,072 udfs.sys 09/29/2017 08:41 AM 28,568 uefi.sys 09/29/2017 09:42 AM 40,344 UevAgentDriver.sys 09/29/2017 08:41 AM 266,648 ufx01000.sys 09/29/2017 08:41 AM 97,312 UfxChipidea.sys 09/29/2017 08:41 AM 140,696 ufxsynopsys.sys 09/29/2017 08:41 AM 56,320 umbus.sys 11/16/2017 08:13 PM <DIR> UMDF 09/29/2017 08:41 AM 14,336 umpass.sys 09/29/2017 08:41 AM 28,568 urschipidea.sys 10/10/2017 01:49 AM 60,824 urscx01000.sys 09/29/2017 08:41 AM 27,544 urssynopsys.sys 09/29/2017 08:41 AM 23,040 usb8023.sys 09/29/2017 08:40 AM 135,168 USBAUDIO.sys 09/29/2017 08:42 AM 37,376 USBCAMD2.sys 09/29/2017 08:41 AM 168,856 usbccgp.sys 09/29/2017 08:40 AM 102,912 usbcir.sys 09/29/2017 08:41 AM 32,152 usbd.sys 09/29/2017 08:41 AM 95,640 usbehci.sys 09/29/2017 08:41 AM 513,944 usbhub.sys 10/24/2017 11:30 PM 555,416 USBHUB3.SYS 09/29/2017 08:41 AM 30,720 usbohci.sys 09/29/2017 08:41 AM 454,040 usbport.sys 09/29/2017 08:41 AM 27,136 usbprint.sys 09/29/2017 08:41 AM 71,680 usbser.sys 09/29/2017 08:41 AM 130,968 USBSTOR.SYS 09/29/2017 08:41 AM 35,328 usbuhci.sys 09/29/2017 08:41 AM 280,576 usbvideo.sys 09/29/2017 08:41 AM 437,656 USBXHCI.SYS 09/29/2017 08:41 AM 54,680 vdrvroot.sys 09/29/2017 08:41 AM 225,688 VerifierExt.sys 09/29/2017 08:41 AM 713,624 vhdmp.sys 09/29/2017 08:41 AM 34,816 vhf.sys 09/29/2017 08:41 AM 44,544 videoprt.sys 09/29/2017 08:41 AM 81,304 vmbkmcl.sys 09/29/2017 08:41 AM 80,384 vmbkmclr.sys 09/29/2017 08:41 AM 109,976 vmbus.sys 09/29/2017 08:41 AM 25,088 VMBusHID.sys 09/29/2017 08:41 AM 13,312 vmgencounter.sys 09/29/2017 08:41 AM 10,240 vmgid.sys 09/29/2017 08:41 AM 9,216 vms3cap.sys 09/29/2017 08:41 AM 47,512 vmstorfl.sys 09/29/2017 08:41 AM 43,008 vnvdimm.sys 09/29/2017 08:41 AM 83,864 volmgr.sys 09/29/2017 08:41 AM 373,144 volmgrx.sys 09/29/2017 08:42 AM 401,304 volsnap.sys 09/29/2017 08:41 AM 15,392 volume.sys 09/29/2017 08:41 AM 75,160 vpci.sys 09/29/2017 08:41 AM 166,808 vsmraid.sys 09/29/2017 08:41 AM 305,560 VSTXRAID.SYS 09/29/2017 08:42 AM 27,136 vwifibus.sys 09/29/2017 08:42 AM 76,800 vwififlt.sys 09/29/2017 08:42 AM 40,448 vwifimp.sys 09/29/2017 08:41 AM 30,720 wacompen.sys 09/29/2017 08:41 AM 80,896 wanarp.sys 09/29/2017 08:41 AM 56,320 watchdog.sys 10/24/2017 11:32 PM 147,864 wcifs.sys 09/29/2017 08:41 AM 76,288 wcnfs.sys 09/29/2017 08:41 AM 44,608 WdBoot.sys 11/12/2015 10:50 PM 26,880 wdcsam64.sys 09/29/2017 08:41 AM 918,240 Wdf01000.sys 09/29/2017 08:41 AM 309,144 WdFilter.sys 09/29/2017 08:41 AM 61,664 WdfLdr.sys 09/29/2017 08:42 AM 770,048 WdiWiFi.sys 09/29/2017 08:41 AM 119,192 WdNisDrv.sys 09/29/2017 08:41 AM 33,792 wdnsfltr.sys 09/29/2017 08:41 AM 45,464 werkernel.sys 09/29/2017 08:41 AM 163,736 wfplwfs.sys 09/29/2017 08:41 AM 35,736 wimmount.sys 09/29/2017 08:41 AM 71,248 WindowsTrustedRT.sys 09/29/2017 08:41 AM 18,000 WindowsTrustedRTProxy.sys 09/29/2017 08:41 AM 31,640 winhv.sys 09/29/2017 08:41 AM 62,464 winhvr.sys 09/29/2017 08:41 AM 32,152 winmad.sys 09/29/2017 08:41 AM 225,280 winnat.sys 09/29/2017 08:41 AM 92,672 winusb.sys 09/29/2017 08:41 AM 64,920 winverbs.sys 09/29/2017 08:41 AM 18,432 wmiacpi.sys 09/29/2017 08:41 AM 20,376 wmilib.sys 09/29/2017 08:41 AM 209,304 wof.sys 09/29/2017 08:41 AM 30,104 WpdUpFltr.sys 09/29/2017 08:41 AM 33,176 WppRecorder.sys 09/29/2017 08:42 AM 23,040 ws2ifsl.sys 09/29/2017 08:41 AM 115,200 WUDFPf.sys 09/29/2017 08:41 AM 259,584 WUDFRd.sys 09/29/2017 08:41 AM 281,600 xboxgip.sys 09/29/2017 08:41 AM 46,592 xinputhid.sys 411 File(s) 80,575,730 bytes 5 Dir(s) 77,974,294,528 bytes free Link to post Share on other sites More sharing options...
kevinf80 Posted November 21, 2017 ID:1185571 Share Posted November 21, 2017 Those drivers are legit, from the logs i`ve seen your system looks very much clean to me..... Kaspersky has a rescue cd that can clean infected systems, if you still believe your system is infected give it a try: https://support.kaspersky.com/us/viruses/rescuedisk Link to post Share on other sites More sharing options...
JacobDrury Posted November 21, 2017 Author ID:1185587 Share Posted November 21, 2017 OK. Thank you a lot for your time. Does the disk work with UEFI? Link to post Share on other sites More sharing options...
Recommended Posts