TechSpot

Can not access the control panel

Inactive-A
By michael j. odom
May 16, 2013
Topic Status:
Not open for further replies.
  1. May have some malware ...I can not access the control panel .... operation system is windows xp

    thanks

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Welcome aboard [​IMG]

    We don't use HJT anymore.
    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.16.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: ODAM-A5614DA8DD [administrator]

    Protection: Enabled

    5/16/2013 2:50:45 PM
    mbam-log-2013-05-16 (14-50-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201633
    Time elapsed: 8 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 26
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XNHPMBRG\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

    (end)
  4. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.17.2
    Run by Administrator at 15:11:24 on 2013-05-16
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.56 [GMT -7:00]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\GoforFiles\GFFUpdater.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\DefaultTab\DefaultTabSearch.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Yontoo\Y2Desktop.Updater.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe
    C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe
    C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=111305&tt=120912_cpc_3712_8&babsrc=HP_ss&mntrId=1c4b856a000000000000001111cee809
    mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtC0C0E0EzztDzyzzyDyC0AtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1916545764
    mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
    uRun: [Yontoo Desktop] "c:\documents and settings\administrator\application data\yontoo\YontooDesktop.exe"
    uRun: [Spotify Web Helper] "c:\documents and settings\administrator\application data\spotify\data\SpotifyWebHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
    mRun: [BrowserPlugInHelper] c:\program files\aimersoft\video converter ultimate\BrowserPlugInHelper.exe
    StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\BCU.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\BCU.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: mswsock.dll
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342483168609
    TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    TCP: Interfaces\{E03B4504-FFF3-4F1A-B0E7-2736C2B36CDF} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2ls8wwb0.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
    FF - plugin: c:\windows\system32\npDeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2013-04-15 15:47; plugin@yontoo.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2ls8wwb0.default\extensions\plugin@yontoo.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - ff96c4de-bfce-4ceb-a7d8-b38ad70d226f
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-2 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-2 12464]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-1-9 242240]
    R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-6 572928]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-16 418376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-16 701512]
    R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-4-15 23552]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-16 22856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
    ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
    .
    =============== Created Last 30 ================
    .
    2013-05-16 21:15:03--------d-----w-c:\documents and settings\administrator\application data\Malwarebytes
    2013-05-16 21:14:35--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
    2013-05-16 21:14:3222856----a-w-c:\windows\system32\drivers\mbam.sys
    2013-05-16 21:14:31--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2013-05-16 15:58:12--------d-----w-c:\documents and settings\all users\application data\Globalscape
    2013-05-16 15:58:06--------d-----w-c:\documents and settings\administrator\local settings\application data\Globalscape
    2013-05-16 15:56:56--------d-----w-c:\program files\Globalscape
    2013-05-16 13:48:2817613192----a-w-c:\windows\system32\FlashPlayerInstaller.exe
    2013-04-22 18:34:22--------d-----w-c:\documents and settings\administrator\application data\DDMSettings
    2013-04-19 14:13:2526520----a-w-c:\program files\mozilla firefox\plugin-hang-ui.exe
    2013-04-19 01:38:04--------d-----w-c:\program files\common files\Macrovision Shared
    .
    ==================== Find3M ====================
    .
    2013-05-16 22:01:447304----a-w-c:\windows\TMP0001.TMP
    2013-05-16 13:48:32692104-c--a-w-c:\windows\system32\FlashPlayerApp.exe
    2013-05-16 13:48:3171048-c--a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-18 03:55:4594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
    2013-03-18 03:55:44861088----a-w-c:\windows\system32\npDeployJava1.dll
    2013-03-18 03:55:44143872----a-w-c:\windows\system32\javacpl.cpl
    2013-03-18 03:55:43782240-c--a-w-c:\windows\system32\deployJava1.dll
    2013-03-11 21:24:021200----a-w-c:\windows\system32\rundll32.exe
    2013-03-11 20:33:0633280----a-w-c:\windows\system32\rundll32.exe.lol
    2013-02-21 01:55:41116304------w-c:\windows\BCU.exe
    .
    ============= FINISH: 15:12:42.93 ===============
  5. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/3/2011 3:05:02 PM
    System Uptime: 5/16/2013 3:01:29 PM (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0K8979
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 4.956 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP388: 2/24/2013 7:08:59 AM - System Checkpoint
    RP389: 2/24/2013 8:27:11 AM - Removed iTunes
    RP390: 2/25/2013 10:23:43 AM - System Checkpoint
    RP391: 2/27/2013 9:13:38 AM - System Checkpoint
    RP392: 2/28/2013 11:43:38 AM - System Checkpoint
    RP393: 3/1/2013 7:19:00 PM - System Checkpoint
    RP394: 3/4/2013 6:47:18 AM - System Checkpoint
    RP395: 3/5/2013 6:52:49 AM - System Checkpoint
    RP396: 3/6/2013 10:44:48 AM - System Checkpoint
    RP397: 3/8/2013 9:30:23 AM - System Checkpoint
    RP398: 3/10/2013 9:35:05 AM - System Checkpoint
    RP399: 3/11/2013 9:50:36 AM - System Checkpoint
    RP400: 3/12/2013 1:03:18 PM - System Checkpoint
    RP401: 3/13/2013 2:20:01 PM - System Checkpoint
    RP402: 3/15/2013 6:39:56 AM - System Checkpoint
    RP403: 3/17/2013 9:45:58 AM - System Checkpoint
    RP404: 3/17/2013 8:54:25 PM - Removed Java(TM) 7 Update 5
    RP405: 3/17/2013 8:55:22 PM - Installed Java 7 Update 17
    RP406: 3/19/2013 10:54:22 AM - System Checkpoint
    RP407: 3/20/2013 12:46:04 PM - System Checkpoint
    RP408: 3/21/2013 3:25:39 PM - System Checkpoint
    RP409: 3/23/2013 3:56:23 PM - System Checkpoint
    RP410: 3/25/2013 9:07:50 AM - System Checkpoint
    RP411: 3/27/2013 5:48:48 PM - System Checkpoint
    RP412: 3/29/2013 7:24:51 AM - System Checkpoint
    RP413: 3/31/2013 7:36:16 AM - System Checkpoint
    RP414: 4/1/2013 4:02:58 PM - System Checkpoint
    RP415: 4/4/2013 7:10:59 AM - System Checkpoint
    RP416: 4/5/2013 5:53:22 PM - System Checkpoint
    RP417: 4/7/2013 9:41:47 AM - System Checkpoint
    RP418: 4/8/2013 5:56:38 PM - System Checkpoint
    RP419: 4/11/2013 7:07:11 AM - System Checkpoint
    RP420: 4/12/2013 5:43:27 PM - System Checkpoint
    RP421: 4/15/2013 7:49:05 AM - System Checkpoint
    RP422: 4/16/2013 4:44:24 PM - System Checkpoint
    RP423: 4/18/2013 6:51:46 AM - System Checkpoint
    RP424: 4/19/2013 5:02:03 PM - System Checkpoint
    RP425: 4/23/2013 7:22:24 AM - System Checkpoint
    RP426: 4/24/2013 5:05:20 PM - System Checkpoint
    RP427: 4/26/2013 5:23:52 AM - System Checkpoint
    RP428: 4/28/2013 4:50:55 PM - System Checkpoint
    RP429: 4/30/2013 1:40:18 PM - System Checkpoint
    RP430: 5/2/2013 8:12:48 AM - System Checkpoint
    RP431: 5/7/2013 6:03:38 PM - System Checkpoint
    RP432: 5/9/2013 6:21:18 AM - System Checkpoint
    RP433: 5/10/2013 5:22:29 PM - System Checkpoint
    RP434: 5/12/2013 6:42:05 AM - System Checkpoint
    RP435: 5/13/2013 8:00:42 AM - System Checkpoint
    RP436: 5/14/2013 10:49:28 AM - System Checkpoint
    RP437: 5/16/2013 6:59:35 AM - System Checkpoint
    RP438: 5/16/2013 8:57:14 AM - Installed CuteFTP 9
    .
    ==== Installed Programs ======================
    .
    Acoustica Effects Pack
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop 7.0
    Adobe Photoshop CS3
    Adobe Reader X (10.1.6)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Aimersoft Video Converter Ultimate(Build 4.1.0.2)
    AimOne Video Splitter 1.44
    Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
    AOL Toolbar
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    CuteFTP 9
    DAEMON Tools Lite
    DefaultTab
    Dell ResourceCD
    DivX Setup
    Dropbox
    ffdshow v1.2.4475 [2012-07-12]
    FLAC 1.2.1b (remove only)
    Flac to MP3 Converter
    FlashPlayer
    GoforFiles
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Java 7 Update 17
    Java Auto Updater
    JavaFX 2.1.1
    Magic ISO Maker v5.5 (build 0281)
    Malwarebytes Anti-Malware version 1.75.0.1300
    Media Player Codec Pack 4.1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_CRT_x86
    Mouse Suite
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB973688)
    Nero 6 Ultra Edition
    Nero Backup Drivers
    PDF Reader
    PDF Settings
    Pool Hall Pro
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544521)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2586448)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618444)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647516)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2675157)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2699988)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2722913)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2744842)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2761465)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2799329)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    SMPlayer 0.6.9
    SoundMAX
    Spotify
    Torch
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.6195
    Wajam
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.11 (32-bit)
    Xvid Video Codec
    Yontoo 2.051
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/16/2013 3:03:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    5/16/2013 3:02:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    5/11/2013 2:33:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    5/11/2013 12:03:11 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You didn't follow our preliminaries.
    I don't see any AV program running.
    Why?
  7. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Sorry. I see that now under Step 1 that One is to Install an AV Program if one is not present on the Computer System.
    Again. My fault. I must have a Reading Disability. Thanks for the Reply. I will install an AV Program
    from the list of recommended Programs.
    Are their any other Steps I need to take ... did I miss anything else ...
  8. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    Let me know when you some AV installed, updated and any findings after full scan.
  9. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Sorry Sir. I was not made for a Desk or Computer Job. There's so much New Information On your Website
    that I don't normally See. So when reading through the Prelims, because of all of the new fascinating Information, I guess I just must of been Reading too Fast, and Skipped over the AV Step. Sorry.
  10. Broni

    Broni Malware Annihilator Posts: 46,743   +254

  11. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Okay. Got some Results Back. Got about 30 to 50 Threats on The Rader. I scanned with Avast AV Program.
     
  12. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  13. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Scan -- Date : 05/18/2013 08:40:31
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 12 ¤¤¤
    [SUSP PATH] YontooDesktop.exe -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-838170752-839522115-500[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> FOUND
    [TASK][SUSP PATH] At1.job : C:\DOCUME~1\ADMINI~1\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] $NtUninstallKB55879$ : C:\WINDOWS\$NtUninstallKB55879$ --> FOUND

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST340014A +++++
    --- User ---
    [MBR] 46a7a426647a327cc850e9b584a11c34
    [BSP] 53cbc9b2d15daeea9918f314ad8c0512 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_05182013_02d0840.txt >>
    RKreport[1]_S_05182013_02d0840.txt
  14. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 05/18/2013 08:43:48
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 12 ¤¤¤
    [SUSP PATH] YontooDesktop.exe -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
    [RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> DELETED
    [TASK][SUSP PATH] At1.job : C:\DOCUME~1\ADMINI~1\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][JUNCTION] C:\WINDOWS\$NtUninstallKB55879$ >> \systemroot\system32\config --> REMOVED
    [Del.Parent][FILE] @ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\@ [-] --> REMOVED
    [Del.Parent][FILE] Desktop.ini : C:\WINDOWS\$NtUninstallKB55879$\1105238951\Desktop.ini [-] --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\00000004.@ [-] --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\201d3dde [-] --> REMOVED
    [Del.Parent][FILE] 76603ac3 : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\76603ac3 [-] --> REMOVED
    [Del.Parent][FILE] twdcgitc : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\twdcgitc [-] --> REMOVED
    [Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\00000004.@ [-] --> REMOVED
    [Del.Parent][FILE] 00000008.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\00000008.@ [-] --> REMOVED
    [Del.Parent][FILE] 000000cb.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\000000cb.@ [-] --> REMOVED
    [Del.Parent][FILE] 80000000.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\80000000.@ [-] --> REMOVED
    [Del.Parent][FILE] 80000032.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\80000032.@ [-] --> REMOVED
    [Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U --> REMOVED
    [Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951 --> REMOVED
    [Del.Parent][FILE] 1348737398 : C:\WINDOWS\$NtUninstallKB55879$\1348737398 [-] --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$ --> REMOVED

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST340014A +++++
    --- User ---
    [MBR] 46a7a426647a327cc850e9b584a11c34
    [BSP] 53cbc9b2d15daeea9918f314ad8c0512 : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_05182013_02d0843.txt >>
    RKreport[1]_S_05182013_02d0840.txt ; RKreport[2]_D_05182013_02d0843.txt
  15. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.03.22.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: ODAM-A5614DA8DD [administrator]

    5/18/2013 9:49:21 AM
    mbar-log-2013-05-18 (09-49-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 25867
    Time elapsed: 46 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 14
    HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe (PUP.RiskwareTool.CK) -> Delete on reboot.

    (end)
  16. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 94814208

    ------------ Kernel report ------------
    05/18/2013 09:01:48
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    NBVol.sys
    NBVolUp.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\senfilt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\Drivers\AswRdr.SYS
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\pelusblf.sys
    \SystemRoot\system32\DRIVERS\pelmouse.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\KMW_SYS.sys
    \SystemRoot\system32\DRIVERS\KID_LIB.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff82f8dab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff82f7bb00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff82f96900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff82f7bb00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1a4a4e8, 0xffffffff82f8dab8, 0xffffffffff6ed040
    Lower DeviceData: 0xffffffffe2dd5a60, 0xffffffff82f7bb00, 0xffffffff824bdb30
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14481448

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78107967
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40000000000 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} --> [PUP.Funmoods]
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\ffavisynth.avsi" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\6BQ9A7OJ\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\C30DCXKT\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBUVWTY3\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEZE1UF\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\{853E6A26-AF43-4F0B-8D3B-DE253399862E}.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\IntelGFX.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\configuration_0.css" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\skin\window-close.png" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQJ096B\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OTUVGXEJ\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S52RWP6R\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ST2VWLAV\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\wiaservc.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1)
    Infected: c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe --> [PUP.RiskwareTool.CK]
    Read File: File "c:\Documents and Settings\Administrator\Desktop\Mike's Folder\Aimersoft Video Converter Ultimate 4.1.0.2 + Serial-[HB]\serial.txt" is sparse (flags = 32768)
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 352432128

    Removal queue found; removal started
    Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
    Removal finished
    =======================================
  17. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You should have another set of MBAR logs (after removal).
  18. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.16.09

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: ODAM-A5614DA8DD [administrator]

    Protection: Enabled

    5/16/2013 2:50:45 PM
    mbam-log-2013-05-16 (14-50-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 201633
    Time elapsed: 8 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 26
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XNHPMBRG\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Application Data\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

    (end)
  19. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.05.17.07

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: ODAM-A5614DA8DD [administrator]

    Protection: Enabled

    5/18/2013 11:43:40 AM
    mbam-log-2013-05-18 (11-43-40).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 267993
    Time elapsed: 1 hour(s), 38 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 338
    C:\Documents and Settings\Administrator\My Documents\Dropbox\Technology\Nero 6.6.0.16 [Full]\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
    C:\Program Files\Adobe\Adobe Photoshop CS6\adobe.photoshop.cs6.patch.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
    C:\Program Files\AimOne\AimOne Video Splitter\AimOne.Video.Splitter.v1.43_KEYGEN-FFF.exe (Malware.Packer) -> Quarantined and deleted successfully.
    C:\Program Files\PlayLogic\PoolHallPro\dvm.dll (VirTool.Obfuscator) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069323.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069348.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069358.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069370.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069379.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069392.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069400.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069416.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069424.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069430.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0069440.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0069446.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070446.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070468.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070488.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070494.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070504.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070514.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070533.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070553.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070564.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070592.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070614.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070626.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070636.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070649.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070655.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070671.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070683.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070693.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070705.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070716.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070730.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070743.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070752.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070772.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070784.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070795.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070802.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070808.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070822.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070832.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070860.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070866.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071905.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071920.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071940.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071950.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071956.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071964.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071980.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071989.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072000.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072006.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072016.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072022.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072038.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072044.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072050.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072063.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072097.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072114.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072124.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072130.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072141.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072149.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072175.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072189.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072195.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072205.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072211.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072232.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072244.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072257.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072266.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072276.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072282.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072311.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072348.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072355.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072288.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072361.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072379.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072390.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072400.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072408.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072418.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072437.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072443.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072453.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072465.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072471.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072477.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072486.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072498.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072506.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072515.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072532.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072540.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072570.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072579.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072585.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072595.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072602.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072608.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072627.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072648.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072656.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072662.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072671.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072680.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072687.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072696.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072730.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072738.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072753.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072761.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072772.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073242.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073285.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073357.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073375.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073385.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073391.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073406.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073427.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073435.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073449.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073457.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
  20. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073463.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073487.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073473.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073480.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073500.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073514.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073523.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073535.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073543.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073549.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073555.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073593.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074609.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0073601.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074601.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074615.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074659.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074626.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074632.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074644.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074652.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074674.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074684.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074695.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074703.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074710.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074721.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074728.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074752.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074762.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074769.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074778.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074786.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074795.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074807.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074816.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074825.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074832.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074841.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074848.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074858.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074867.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074874.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074882.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074895.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074904.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074911.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074918.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074933.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074940.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074950.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074957.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074972.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074979.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074986.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074997.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0075004.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0075011.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075038.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075051.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075059.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075066.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075077.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075087.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075094.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075115.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075123.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075130.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075137.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075148.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075155.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075162.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075176.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075184.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075197.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075205.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075213.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075222.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075229.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075240.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075248.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075259.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075283.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075297.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075316.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP437\A0075329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP439\A0077375.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064254.exe (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064255.dll (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064256.exe (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064259.exe (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064260.exe (PUP.215Apps) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064263.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066300.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066310.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066354.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066380.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066396.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066406.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066427.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066455.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066467.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066443.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0067490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0067509.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067545.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067562.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067820.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067872.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067842.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067863.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067892.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067898.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067911.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067923.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067929.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067941.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067963.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067977.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067987.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068007.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068013.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068035.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068026.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068050.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068062.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068089.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068102.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068119.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068184.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068138.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068167.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068174.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068194.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068202.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068239.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068248.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068258.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068343.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068355.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068369.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068378.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068398.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068413.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068431.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068444.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068457.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068466.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068498.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068518.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068535.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068568.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068577.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068585.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068593.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068617.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068643.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068662.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068672.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068687.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068696.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068704.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068736.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068744.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068757.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068779.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068787.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068829.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068845.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068796.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068863.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068880.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068908.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068944.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068923.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068967.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0068984.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0068998.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0069008.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069148.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069157.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069163.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069179.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069185.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069200.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069214.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069221.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069236.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069245.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069260.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069272.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069280.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069290.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069303.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069311.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
  21. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    You posted some new MBAM logs.

    I need MBAR logs after removal.
  22. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.03.22.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 6.0.2900.5512
    Administrator :: ODAM-A5614DA8DD [administrator]

    5/18/2013 9:49:21 AM
    mbar-log-2013-05-18 (09-49-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 25867
    Time elapsed: 46 minute(s), 4 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 14
    HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
    HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe (PUP.RiskwareTool.CK) -> Delete on reboot.

    (end)
  23. Broni

    Broni Malware Annihilator Posts: 46,743   +254

    I still need system-log.txt log and then couple more logs which are created after fixes are done.
  24. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    Mbar produced One Log after Cleanup. I searched my System more than once. There's only that one Log after Cleanup, in the Mbar folder.

    Here's the System Log


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 94814208

    ------------ Kernel report ------------
    05/18/2013 09:01:48
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    NBVol.sys
    NBVolUp.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\senfilt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\Drivers\AswRdr.SYS
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\system32\DRIVERS\pelusblf.sys
    \SystemRoot\system32\DRIVERS\pelmouse.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\KMW_SYS.sys
    \SystemRoot\system32\DRIVERS\KID_LIB.sys
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \??\C:\WINDOWS\system32\drivers\TrueSight.sys
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff82f8dab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff82f7bb00
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff82f96900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff82f7bb00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1a4a4e8, 0xffffffff82f8dab8, 0xffffffffff6ed040
    Lower DeviceData: 0xffffffffe2dd5a60, 0xffffffff82f7bb00, 0xffffffff824bdb30
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14481448

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78107967
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40000000000 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
    Done!
    Performing system, memory and registry scan...
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} --> [PUP.Funmoods]
    Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} --> [PUP.Funmoods]
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\ffavisynth.avsi" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\6BQ9A7OJ\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\C30DCXKT\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBUVWTY3\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEZE1UF\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\{853E6A26-AF43-4F0B-8D3B-DE253399862E}.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\IntelGFX.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\configuration_0.css" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\skin\window-close.png" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQJ096B\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OTUVGXEJ\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S52RWP6R\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ST2VWLAV\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\wiaservc.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
    Read File: File
  25. michael j. odom

    michael j. odom TS Rookie Topic Starter Posts: 35

    "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1)
    Infected: c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe --> [PUP.RiskwareTool.CK]
    Read File: File "c:\Documents and Settings\Administrator\Desktop\Mike's Folder\Aimersoft Video Converter Ultimate 4.1.0.2 + Serial-[HB]\serial.txt" is sparse (flags = 32768)
    Done!
    Scan finished
    Creating System Restore point...
    Scheduling clean up...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 352432128

    Removal queue found; removal started
    Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
    Removal finished
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 115933184

    DDA driver unhooking procedure failed
    Downloaded database version: v2013.05.20.06
    Downloaded database version: v2013.05.14.03
    Initializing...
    Scan Interrupted
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 334581760

    Removal queue found; removal started
    Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
    Removal finished
    =======================================
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 5.1.2600 Windows XP Service Pack 3 x86

    Account is Administrative

    Internet Explorer version: 6.0.2900.5512

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.793000 GHz
    Memory total: 534757376, free: 156323840

    ------------ Kernel report ------------
    05/22/2013 06:52:06
    ------------ Loaded modules -----------
    \WINDOWS\system32\ntoskrnl.exe
    \WINDOWS\system32\hal.dll
    \WINDOWS\system32\KDCOM.DLL
    \WINDOWS\system32\BOOTVID.dll
    ACPI.sys
    \WINDOWS\system32\DRIVERS\WMILIB.SYS
    pci.sys
    isapnp.sys
    pciide.sys
    \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    intelide.sys
    MountMgr.sys
    ftdisk.sys
    dmload.sys
    dmio.sys
    PartMgr.sys
    VolSnap.sys
    atapi.sys
    disk.sys
    \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    fltmgr.sys
    sr.sys
    PxHelp20.sys
    KSecDD.sys
    Ntfs.sys
    NDIS.sys
    NBVol.sys
    NBVolUp.sys
    Mup.sys
    aswVmm.sys
    aswRvrt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ialmnt5.sys
    \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\DRIVERS\e100b325.sys
    \SystemRoot\system32\DRIVERS\fdc.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\imapi.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\redbook.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\drivers\smwdm.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\senfilt.sys
    \SystemRoot\system32\DRIVERS\audstub.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\psched.sys
    \SystemRoot\system32\DRIVERS\msgpc.sys
    \SystemRoot\system32\DRIVERS\ptilink.sys
    \SystemRoot\system32\DRIVERS\raspti.sys
    \SystemRoot\system32\DRIVERS\rdpdr.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\update.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\flpydisk.sys
    \SystemRoot\System32\Drivers\Fs_Rec.SYS
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \??\C:\WINDOWS\system32\drivers\avgtpx86.sys
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\Drivers\mnmdd.SYS
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\rasacd.sys
    \SystemRoot\system32\DRIVERS\ipsec.sys
    \SystemRoot\system32\DRIVERS\tcpip.sys
    \SystemRoot\System32\Drivers\aswTdi.SYS
    \SystemRoot\system32\DRIVERS\netbt.sys
    \SystemRoot\System32\Drivers\AswRdr.SYS
    \SystemRoot\System32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
    \SystemRoot\System32\Drivers\Fips.SYS
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\Drivers\aswSP.SYS
    \SystemRoot\System32\Drivers\aswSnx.SYS
    \SystemRoot\system32\DRIVERS\pelusblf.sys
    \SystemRoot\system32\DRIVERS\pelmouse.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\KMW_SYS.sys
    \SystemRoot\system32\DRIVERS\KID_LIB.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\System32\Drivers\Cdfs.SYS
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\watchdog.sys
    \SystemRoot\System32\drivers\dxg.sys
    \SystemRoot\System32\drivers\dxgthk.sys
    \SystemRoot\System32\ialmdnt5.dll
    \SystemRoot\System32\ialmrnt5.dll
    \SystemRoot\System32\ialmdev5.DLL
    \SystemRoot\System32\ialmdd5.DLL
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
    \??\C:\WINDOWS\system32\drivers\mbam.sys
    \SystemRoot\System32\Drivers\aswFsBlk.SYS
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\System32\Drivers\ParVdm.SYS
    \SystemRoot\system32\DRIVERS\atksgt.sys
    \SystemRoot\system32\drivers\wdmaud.sys
    \SystemRoot\system32\drivers\sysaudio.sys
    \SystemRoot\system32\DRIVERS\lirsgt.sys
    \SystemRoot\system32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    \SystemRoot\System32\Drivers\Fastfat.SYS
    \SystemRoot\system32\drivers\kmixer.sys
    \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
    \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    \WINDOWS\system32\ntdll.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff82fd6ab8
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
    Lower Device Object: 0xffffffff82fe3d98
    Lower Device Driver Name: \Driver\atapi\
    Driver name found: atapi
    Initialization returned 0x0
    Load Function returned 0x0
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 1
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff82fd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff82f58958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
    DevicePointer: 0xffffffff82fd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff82fe3d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xffffffffe1a694e0, 0xffffffff82fd6ab8, 0xffffffffffbcc8b8
    Lower DeviceData: 0xffffffffe17f83a0, 0xffffffff82fe3d98, 0xffffffff81de6a28
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\WINDOWS\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 1
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
    Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 14481448

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 78107967
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 40000000000 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
    Done!
    Performing system, memory and registry scan...
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
    Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
    Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
    Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.