Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of browser hijacker


  • This topic is locked This topic is locked
59 replies to this topic

#1 themadviking3301

themadviking3301

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 18 June 2015 - 10:43 PM

I've triedAttached File  Addition.txt   81.79KB   3 downloadsAttached File  FRST.txt   49.67KB   9 downloads many free anti virusarrow-10x10.png programs and can't get rid of my browser hijacker/re-director.  Please help.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 AM

Posted 21 June 2015 - 07:31 AM

:welcome:

Hello themadviking3301,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 02:55 PM

Hi Jo.  Thanks for helping.

 

 Results of screen317's Security Check version 1.004 
 Windows Vista Service Pack 2 x86 (UAC is disabled!) 
 Internet Explorer 9 
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Out of date HijackThis  installed!
 SUPERAntiSpyware    
 HijackThis 2.0.2   
 CCleaner    
  Adobe Flash Player  16.0.0.296 Flash Player out of Date! 
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.14 Adobe Reader out of Date! 
 Mozilla Firefox (38.0.5)
 Mozilla Thunderbird (31.7.0)
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
 



#4 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 03:03 PM

Running Malwarebytes anti root kit now.
 



#5 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 03:57 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 3486322688, free: 1330642944

Downloaded database version: v2015.06.21.04
Downloaded database version: v2015.06.15.01
Downloaded database version: v2015.06.15.01
=======================================
Initializing...
------------ Kernel report ------------
     06/21/2015 11:59:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv614x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\drivers\VCdRom.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Windows\system32\drivers\elrawdsk.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\??\C:\EEK\bin\a2ddax86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvpopflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Scan Interrupted
Done!

Scan started
Database versions:
  main:    v2015.06.21.04
  rootkit: v2015.06.15.01

Scan was aborted.
=======================================
Initializing...
------------ Kernel report ------------
     06/21/2015 12:00:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv614x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\drivers\VCdRom.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Windows\system32\drivers\elrawdsk.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\??\C:\EEK\bin\a2ddax86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvpopflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.21.04
  rootkit: v2015.06.15.01

<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8850eb10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850d048, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850dc18, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a5910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883e1b98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff884d77d0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff883e5378, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff884d7420, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883ec918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883ea8a0, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3123192

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883d9120, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850c020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff883df1a8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff884838a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883dbb98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 169CDC0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Drive 2
This is a System drive
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A3A57AB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488394993
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88510b40, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff88510020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850c440, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a57f8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883da030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3108ACCF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953521664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 4, DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0b2958, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a0b2d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a2d7d30, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a0b4a38, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xffffffff8a0b8568, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 246C6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xffffffff87fd4ac8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ab14288, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7da590, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fd4ac8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87e7ac08, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8804b5a8, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xffffffff8a30aa00, DeviceName: \Device\000000cd\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 12048  Numsec = 31678704
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16225665024 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VE1" is compressed (flags = 1)
Infected: C:\Windows\$NtUninstallKB56276$\3524856269\L\onekmzon --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\L --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\U --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269 --> [Backdoor.0Access]
Scan finished



#6 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 04:03 PM

# AdwCleaner v4.207 - Logfile created 21/06/2015 at 13:00:28
# Updated 21/06/2015 by Xplode
# Database : 2015-06-21.2 [Server]
# Operating system : Windows Vista ™ Ultimate Service Pack 2 (x86)
# Username : Jim - BABCOCK
# Running from : C:\Users\Jim\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files\Mozilla Firefox\browser\searchplugins\GoSearch.xml
File Found : C:\Program Files\Mozilla Firefox\defaults\pref\itms.js
Folder Found : C:\Program Files\download Manager
Folder Found : C:\ProgramData\Uniblue
Folder Found : C:\Users\Administrator\AppData\Local\PC_Drivers_Headquarters
Folder Found : C:\Users\Jim\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Jim\AppData\Roaming\download Manager
Folder Found : C:\Users\Jim\AppData\Roaming\Uniblue
Folder Found : C:\Users\Jim\AppData\Roaming\Updater

***** [ Scheduled tasks ] *****

Task Found : ErrorEND
Task Found : LaunchSignup

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4640FDE1-B83A-4376-84ED-86F86BEE2D41}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Uniblue\DriverScanner
Key Found : HKLM\SOFTWARE\Uniblue\SpeedUpMyPC

***** [ Web browsers ] *****

-\\ Internet Explorer v9.0.8112.16659

-\\ Mozilla Firefox v38.0.5 (x86 en-US)

*************************

AdwCleaner[R0].txt - [2408 bytes] - [17/06/2015 20:39:39]
AdwCleaner[R1].txt - [2467 bytes] - [20/06/2015 18:48:31]
AdwCleaner[R2].txt - [2251 bytes] - [21/06/2015 13:00:28]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2310 bytes] ##########



#7 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 04:05 PM

I want to keep Firefox and Internet Explorer of course. Not sure what Uniblue is.



#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 AM

Posted 21 June 2015 - 04:57 PM

Hello themadviking3301,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


On your Desktop:
Now please go to the MBAR folder and then run the "fixdamage.exe" tool that's inside the mbar\plugins\ sub-folder.

Restart the system after running fixdamage.

Run Farbar Service Scanner again and post the log.
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 05:55 PM

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 3486322688, free: 1330642944

Downloaded database version: v2015.06.21.04
Downloaded database version: v2015.06.15.01
Downloaded database version: v2015.06.15.01
=======================================
Initializing...
------------ Kernel report ------------
     06/21/2015 11:59:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv614x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\drivers\VCdRom.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Windows\system32\drivers\elrawdsk.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\??\C:\EEK\bin\a2ddax86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvpopflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Scan Interrupted
Done!

Scan started
Database versions:
  main:    v2015.06.21.04
  rootkit: v2015.06.15.01

Scan was aborted.
=======================================
Initializing...
------------ Kernel report ------------
     06/21/2015 12:00:26
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv614x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\drivers\VCdRom.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Windows\system32\drivers\elrawdsk.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\??\C:\EEK\bin\a2ddax86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvpopflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.21.04
  rootkit: v2015.06.15.01

<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8850eb10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850d048, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850dc18, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a5910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883e1b98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff884d77d0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff883e5378, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff884d7420, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883ec918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883ea8a0, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3123192

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883d9120, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850c020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff883df1a8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff884838a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883dbb98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 169CDC0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Drive 2
This is a System drive
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A3A57AB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488394993
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88510b40, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff88510020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850c440, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a57f8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883da030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3108ACCF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953521664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 4, DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0b2958, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a0b2d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a2d7d30, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a0b4a38, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xffffffff8a0b8568, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 246C6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xffffffff87fd4ac8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8ab14288, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a7da590, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff87fd4ac8, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff87e7ac08, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8804b5a8, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xffffffff8a30aa00, DeviceName: \Device\000000cd\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C3072E18

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 12048  Numsec = 31678704
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 16225665024 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VE1" is compressed (flags = 1)
Infected: C:\Windows\$NtUninstallKB56276$\3524856269\L\onekmzon --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\L --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\U --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269 --> [Backdoor.0Access]
Scan finished
User declined to cleanup malware.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-5-0-12048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, K:\ DRIVE_FIXED
CPU speed: 2.800000 GHz
Memory total: 3486322688, free: 2236162048

Downloaded database version: v2015.06.21.04
Downloaded database version: v2015.06.15.01
Downloaded database version: v2015.06.15.01
=======================================
Initializing...
------------ Kernel report ------------
     06/21/2015 14:04:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\DRIVERS\vsflt53.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\DRIVERS\mv614x.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\jraid.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\ahcix86s.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\processr.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rtlh86.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\ctaud2k.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ctoss2k.sys
\SystemRoot\system32\drivers\ctprxy2k.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\DRIVERS\amdiox86.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ha20x2k.sys
\SystemRoot\system32\drivers\emupia2k.sys
\SystemRoot\system32\drivers\ctsfm2k.sys
\SystemRoot\system32\drivers\ctac32k.sys
\SystemRoot\System32\drivers\CT20XUT.SYS
\SystemRoot\System32\drivers\CTEXFIFX.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\System32\drivers\VCdRom.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\??\C:\Windows\system32\drivers\elrawdsk.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\AppleCharger.sys
\??\C:\EEK\bin\a2ddax86.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\LVUSBSta.sys
\SystemRoot\system32\DRIVERS\lvuvc.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\lvpopflt.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\system32\DRIVERS\LGSHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\RtNdPt60.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\qwavedrv.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\CTEDSPSY.DLL
\SystemRoot\system32\drivers\LGVirHid.sys
\SystemRoot\system32\DRIVERS\WSDPrint.sys
\SystemRoot\system32\DRIVERS\WSDScan.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.06.21.04
  rootkit: v2015.06.15.01

<<<2>>>
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8850eb10, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850d048, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850e030, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850dc18, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a5910, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883e1b98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff884d77d0, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff883e5378, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883e5758, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff884d7420, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883ec918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883ea8a0, DeviceName: \Device\Ide\IdeDeviceP3T1L0-6\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3123192

Partition information:

    Partition 0 type is Other (0x6)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953519616

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff883d9120, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8850c020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff883d9490, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff883df1a8, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff884838a0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883dbb98, DeviceName: \Device\Ide\IdeDeviceP1T0L0-1\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 169CDC0C

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488392002
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Drive 2
This is a System drive
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2A3A57AB

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 488394993
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250058268160 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88510b40, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff88510020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8850f3b8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8850c440, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff883a57f8, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff883da030, DeviceName: \Device\Ide\IdeDeviceP0T1L0-7\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3108ACCF

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1953521664
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 4, DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0b2958, DeviceName: Unknown, DriverName: \Driver\snapman\
DevicePointer: 0xffffffff8a0b2d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8a0c64a8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff8a2d7d30, DeviceName: Unknown, DriverName: \Driver\vidsflt53\
DevicePointer: 0xffffffff8a0b4a38, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xffffffff8a0b8568, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 246C6

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 256  Numsec = 732558080

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 3000558944256 bytes
Sector size: 4096 bytes

Done!
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VF" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\mpcache-866AFC5BBB6036CAD448723EF65D89216A889D4C.bin.VE1" is compressed (flags = 1)
Infected: C:\Windows\$NtUninstallKB56276$\3524856269\L\onekmzon --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\L --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269\U --> [Backdoor.0Access]
Infected: C:\Windows\$NTUNINSTALLKB56276$\3524856269 --> [Backdoor.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal successful. No system shutdown is required.
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removal finished



#10 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 06:59 PM

Combofix appears to have frozen. Clock in taskbar frozen too. Now what?
It said I have zero access in top/ip stack.

#11 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 07:02 PM

The cursor in the combofix window is still blinking. I can't open task manager.

#12 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 07:03 PM

I can't open my email to receive messages.

#13 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 21 June 2015 - 07:06 PM

Reboot? Safe mode? Or something else?

#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:12 AM

Posted 22 June 2015 - 02:54 AM

Reboot now.
Did you de-activate your anti-virus? Then activate it now.


Do not run Combofix again until you get new instruction to do it from here.

Because of great time zone difference you will get more info tomorrow.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 themadviking3301

themadviking3301
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:01:12 AM

Posted 22 June 2015 - 09:45 AM

MSE was off, not using Windows Defender but Microsoft Firewall was on.  I thought I shut it off.  It's off now.  Not using anything else for protection.

 

Will wait for your instructions. 

 

Where does Combofix store it's log file?

 

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users