--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.465000 GHz Memory total: 4293386240, free: 2840227840 ------------ Kernel report ------------ 04/16/2013 05:10:37 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\94015212.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\mctkmdldr64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\mctkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\mcdbus.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\t1pusb64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\drivers\bthav.sys \SystemRoot\system32\DRIVERS\BthAvrcp.sys \SystemRoot\system32\DRIVERS\BthAudioHF.sys \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk8\DR8 Upper Device Object: 0xfffffa8005f9b790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xfffffa8005fc4b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa800600e790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8004baa950 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8006029790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa8004ba9980 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8006020790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa80044fa060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8006088790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8004da4760 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8004926790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xfffffa80044e1060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8004925600 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80044d6060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80049246d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-4\ Lower Device Object: 0xfffffa80044ea060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004923390 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\ Lower Device Object: 0xfffffa80044e6060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Downloaded database version: v2013.04.16.04 Downloaded database version: v2013.03.25.01 Initializing... Done! <<<2>>> Device number: 2, partition: 2 Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8004925600, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004926040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004925600, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044ed4e0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044d6060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a0105a9010, 0xfffffa8004925600, 0xfffffa8004624790 Lower DeviceData: 0xfffff8a010eb3810, 0xfffffa80044d6060, 0xfffffa800624a5b0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 2, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004923390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004924040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004923390, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044e9520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044e6060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a010e54b40, 0xfffffa8004923390, 0xfffffa8003df8790 Lower DeviceData: 0xfffff8a003f7bc80, 0xfffffa80044e6060, 0xfffffa80048ed090 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1F5F80CD Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 3125000000 Partition 1 type is Other (0xaf) Partition is NOT ACTIVE. Partition starts at LBA: 3125000088 Numsec = 782029080 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-3907009168-3907029168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa80049246d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004925040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80049246d0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80043ac670, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044ea060, DeviceName: \Device\Ide\IdeDeviceP3T1L0-4\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a010827040, 0xfffffa80049246d0, 0xfffffa80040e4790 Lower DeviceData: 0xfffff8a003f7bc20, 0xfffffa80044ea060, 0xfffffa8003da0090 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: C64EA43D GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 390721967 Partition 1 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2131990748 GPT Header CurrentLba = 1 BackupLba 390721967 GPT Header FirstUsableLba 34 LastUsableLba 390721934 GPT Header Guid 25cb9c96-d250-449a-9bca-7b212893ccc GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2131990748 Backup GPT header CurrentLba = 390721967 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 390721934 Backup GPT header Guid 25cb9c96-d250-449a-9bca-7b212893ccc Backup GPT header Contains 128 partition entries starting at LBA 390721935 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e8370653-3dfc-45ee-967d-e1f88abacbc FirstLBA 40 Last LBA 409639 Attributes 0 Partition Name EFI System Partition GPT Partition 0 is bootable Partition 1 Type 48465300-0-11aa-aa11-0306543ecac Partition ID d911805c-7262-439c-8ae7-93ad6a49c0 FirstLBA 409640 Last LBA 390459783 Attributes 0 Partition Name USERNAME Hackintosh Disk Size: 200049647616 bytes Sector size: 512 bytes Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1F5F80D8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 312371200 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa8004926790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004927040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004926790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004394890, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044e1060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00e195130, 0xfffffa8004926790, 0xfffffa80050d0090 Lower DeviceData: 0xfffff8a003e7ece0, 0xfffffa80044e1060, 0xfffffa8007d0e090 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: B9B95917 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 3907029105 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8006088790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004da3690, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006088790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004da4760, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8006020790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004d7fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006020790, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044fa060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8006029790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8005f98350, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006029790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004ba9980, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa800600e790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006014040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800600e790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004baa950, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 8, DevicePointer: 0xfffffa8005f9b790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004b571d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005f9b790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8005fc4b60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00f550a40, 0xfffffa8005f9b790, 0xfffffa80040f8790 Lower DeviceData: 0xfffff8a00f5b7650, 0xfffffa8005fc4b60, 0xfffffa8003d07240 Drive 8 Scanning MBR on drive 8... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 8028090 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4110417920 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz1E5.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz20CB.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz229C.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz2B7F.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz461.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz51DD.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz5439.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz5CFD.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz5F2B.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz66B7.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz7977.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz7B76.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trz7DC4.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzA69E.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzAF42.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzB1FD.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzB969.tmp --> [Trojan.Zaccess] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzC131.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzCDEA.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzD029.tmp --> [Trojan.Zaccess.64] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzD8BD.tmp --> [Rootkit.0Access] Infected: c:\Users\USERNAME\Desktop\RK_Quarantine\trzF8F3.tmp --> [Trojan.Zaccess] Infected: c:\Windows\Installer\{6cc74025-0e13-8c10-d24c-6fdb4de0f5f0}\U --> [Backdoor.0Access] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 2, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Executing an action fixdamage.exe... Success! Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.465000 GHz Memory total: 4293386240, free: 3158884352 Removal queue found; removal started Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz1E5.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz20CB.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz229C.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz2B7F.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz461.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz51DD.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz5439.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz5CFD.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz5F2B.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz66B7.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz7977.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz7B76.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trz7DC4.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzA69E.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzAF42.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzB1FD.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzB969.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzC131.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzCDEA.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzD029.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzD8BD.tmp... Removing c:\Users\USERNAME\Desktop\RK_Quarantine\trzF8F3.tmp... Removing c:\Windows\Installer\{6cc74025-0e13-8c10-d24c-6fdb4de0f5f0}\U... Removal finished ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.05.0.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16540 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 3.465000 GHz Memory total: 4293386240, free: 2756235264 ------------ Kernel report ------------ 04/16/2013 05:37:53 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\intelide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\mctkmdldr64.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\aswRvrt.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\aswSnx.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\Drivers\aswTdi.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\Drivers\aswrdr2.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\System32\Drivers\aswSP.SYS \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\mctkmd64.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\fdc.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\mcdbus.sys \SystemRoot\system32\DRIVERS\SCSIPORT.SYS \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtihdW76.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\drivers\t1pusb64.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\System32\cdd.dll \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\DRIVERS\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\drivers\bthav.sys \SystemRoot\system32\DRIVERS\BthAvrcp.sys \SystemRoot\system32\DRIVERS\BthAudioHF.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\aswMonFlt.sys \SystemRoot\System32\Drivers\aswFsBlk.SYS \SystemRoot\system32\drivers\kbdhid.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk8\DR8 Upper Device Object: 0xfffffa8006218790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000078\ Lower Device Object: 0xfffffa8006048060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR Initialization returned 0x0 Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk7\DR7 Upper Device Object: 0xfffffa8006091060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000073\ Lower Device Object: 0xfffffa8006082060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8006090060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa80060728e0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa800608e060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8006072060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8006087060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8006058060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa80049215a0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\ Lower Device Object: 0xfffffa80044db680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initialization returned 0x0 Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0) Load Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8004920680 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80044d2060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800491f6e0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T1L0-5\ Lower Device Object: 0xfffffa80044e9680 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800491e2d0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\ Lower Device Object: 0xfffffa80044e2060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi Initializing... Done! <<<2>>> Device number: 2, partition: 2 Physical Sector Size: 512 Drive: 2, DevicePointer: 0xfffffa8004920680, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004921040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004920680, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044e8520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044d2060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00c8dd8c0, 0xfffffa8004920680, 0xfffffa8004009790 Lower DeviceData: 0xfffff8a00c8a2a40, 0xfffffa80044d2060, 0xfffffa8003bc08b0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 2, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800491e2d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800491f040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800491e2d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044ec520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044e2060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00c843570, 0xfffffa800491e2d0, 0xfffffa80040c7790 Lower DeviceData: 0xfffff8a00c7ed7b0, 0xfffffa80044e2060, 0xfffffa8004075090 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1F5F80CD Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 3125000000 Partition 1 type is Other (0xaf) Partition is NOT ACTIVE. Partition starts at LBA: 3125000088 Numsec = 782029080 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-3907009168-3907029168)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800491f6e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004920040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800491f6e0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80044e0580, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044e9680, DeviceName: \Device\Ide\IdeDeviceP3T1L0-5\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00c889050, 0xfffffa800491f6e0, 0xfffffa80040ce790 Lower DeviceData: 0xfffff8a00c83c2e0, 0xfffffa80044e9680, 0xfffffa8004054e40 Drive 1 Scanning MBR on drive 1... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: C64EA43D GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 390721967 Partition 1 type is Empty (0x0) Partition is ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2131990748 GPT Header CurrentLba = 1 BackupLba 390721967 GPT Header FirstUsableLba 34 LastUsableLba 390721934 GPT Header Guid 25cb9c96-d250-449a-9bca-7b212893ccc GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2131990748 Backup GPT header CurrentLba = 390721967 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 390721934 Backup GPT header Guid 25cb9c96-d250-449a-9bca-7b212893ccc Backup GPT header Contains 128 partition entries starting at LBA 390721935 Backup GPT header Partition entry size = 128 Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e8370653-3dfc-45ee-967d-e1f88abacbc FirstLBA 40 Last LBA 409639 Attributes 0 Partition Name EFI System Partition GPT Partition 0 is bootable Partition 1 Type 48465300-0-11aa-aa11-0306543ecac Partition ID d911805c-7262-439c-8ae7-93ad6a49c0 FirstLBA 409640 Last LBA 390459783 Attributes 0 Partition Name USERNAME Hackintosh Disk Size: 200049647616 bytes Sector size: 512 bytes Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: 1F5F80D8 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 312371200 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 160041885696 bytes Sector size: 512 bytes Physical Sector Size: 512 Drive: 3, DevicePointer: 0xfffffa80049215a0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004922b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80049215a0, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800438fc40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80044db680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00c9e68e0, 0xfffffa80049215a0, 0xfffffa8004055790 Lower DeviceData: 0xfffff8a00c8ec1a0, 0xfffffa80044db680, 0xfffffa8003be1890 Drive 3 Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: B9B95917 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 3907029105 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 2000398934016 bytes Sector size: 512 bytes Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8006087060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006088910, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006087060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006058060, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa800608e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8006087b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800608e060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006072060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 6, DevicePointer: 0xfffffa8006090060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80060883d0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006090060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80060728e0, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 7, DevicePointer: 0xfffffa8006091060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800608eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006091060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006082060, DeviceName: \Device\00000073\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 8, DevicePointer: 0xfffffa8006218790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80061c9040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8006218790, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8006048060, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\Disk\ Upper DeviceData: 0xfffff8a00d3c2c90, 0xfffffa8006218790, 0xfffffa80040db790 Lower DeviceData: 0xfffff8a00c9472a0, 0xfffffa8006048060, 0xfffffa8003fc4e40 Drive 8 Scanning MBR on drive 8... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 8028090 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4110417920 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Done! Scan finished =======================================