Inactive-A Can not access the control panel

Status
Not open for further replies.

michael j. odom

Posts: 35   +0
May have some malware ...I can not access the control panel .... operation system is windows xp

thanks
 

Attachments

  • hijackthis.txt
    6.6 KB · Views: 0
Welcome aboard

We don't use HJT anymore.
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ODAM-A5614DA8DD [administrator]

Protection: Enabled

5/16/2013 2:50:45 PM
mbam-log-2013-05-16 (14-50-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201633
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XNHPMBRG\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.17.2
Run by Administrator at 15:11:24 on 2013-05-16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.56 [GMT -7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\GoforFiles\GFFUpdater.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Yontoo\Y2Desktop.Updater.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe
C:\Documents and Settings\Administrator\Application Data\Spotify\Data\SpotifyWebHelper.exe
C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=111305&tt=120912_cpc_3712_8&babsrc=HP_ss&mntrId=1c4b856a000000000000001111cee809
mStart Page = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtC0C0E0EzztDzyzzyDyC0AtN0D0Tzu0CtByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1916545764
mSearchAssistant = hxxp://start.facemoods.com/?a=ironto&s={searchTerms}&f=4
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - c:\program files\wajam\ie\priam_bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
uRun: [Yontoo Desktop] "c:\documents and settings\administrator\application data\yontoo\YontooDesktop.exe"
uRun: [Spotify Web Helper] "c:\documents and settings\administrator\application data\spotify\data\SpotifyWebHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Aimersoft Helper Compact.exe] c:\program files\common files\aimersoft\aimersoft helper compact\ASHelper.exe
mRun: [BrowserPlugInHelper] c:\program files\aimersoft\video converter ultimate\BrowserPlugInHelper.exe
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\BCU.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\BCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342483168609
TCP: NameServer = 24.217.0.5 24.217.201.67 24.247.15.53
TCP: Interfaces\{E03B4504-FFF3-4F1A-B0E7-2736C2B36CDF} : DHCPNameServer = 24.217.0.5 24.217.201.67 24.247.15.53
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2ls8wwb0.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-04-15 15:47; plugin@yontoo.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\2ls8wwb0.default\extensions\plugin@yontoo.com
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - ff96c4de-bfce-4ceb-a7d8-b38ad70d226f
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
.
============= SERVICES / DRIVERS ===============
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-1-2 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-1-2 12464]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-1-9 242240]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-6 572928]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-5-16 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-5-16 701512]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;c:\program files\yontoo\Y2Desktop.Updater.exe [2013-4-15 23552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-5-16 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: regsvr32.exe: RegDLL=regsvr32 %1
ShellExec: regsvr32.exe: UnRegDLL=regsvr32 /u %1
.
=============== Created Last 30 ================
.
2013-05-16 21:15:03--------d-----w-c:\documents and settings\administrator\application data\Malwarebytes
2013-05-16 21:14:35--------d-----w-c:\documents and settings\all users\application data\Malwarebytes
2013-05-16 21:14:3222856----a-w-c:\windows\system32\drivers\mbam.sys
2013-05-16 21:14:31--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2013-05-16 15:58:12--------d-----w-c:\documents and settings\all users\application data\Globalscape
2013-05-16 15:58:06--------d-----w-c:\documents and settings\administrator\local settings\application data\Globalscape
2013-05-16 15:56:56--------d-----w-c:\program files\Globalscape
2013-05-16 13:48:2817613192----a-w-c:\windows\system32\FlashPlayerInstaller.exe
2013-04-22 18:34:22--------d-----w-c:\documents and settings\administrator\application data\DDMSettings
2013-04-19 14:13:2526520----a-w-c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-04-19 01:38:04--------d-----w-c:\program files\common files\Macrovision Shared
.
==================== Find3M ====================
.
2013-05-16 22:01:447304----a-w-c:\windows\TMP0001.TMP
2013-05-16 13:48:32692104-c--a-w-c:\windows\system32\FlashPlayerApp.exe
2013-05-16 13:48:3171048-c--a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-18 03:55:4594112----a-w-c:\windows\system32\WindowsAccessBridge.dll
2013-03-18 03:55:44861088----a-w-c:\windows\system32\npDeployJava1.dll
2013-03-18 03:55:44143872----a-w-c:\windows\system32\javacpl.cpl
2013-03-18 03:55:43782240-c--a-w-c:\windows\system32\deployJava1.dll
2013-03-11 21:24:021200----a-w-c:\windows\system32\rundll32.exe
2013-03-11 20:33:0633280----a-w-c:\windows\system32\rundll32.exe.lol
2013-02-21 01:55:41116304------w-c:\windows\BCU.exe
.
============= FINISH: 15:12:42.93 ===============
 
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/3/2011 3:05:02 PM
System Uptime: 5/16/2013 3:01:29 PM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0K8979
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 4.956 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP388: 2/24/2013 7:08:59 AM - System Checkpoint
RP389: 2/24/2013 8:27:11 AM - Removed iTunes
RP390: 2/25/2013 10:23:43 AM - System Checkpoint
RP391: 2/27/2013 9:13:38 AM - System Checkpoint
RP392: 2/28/2013 11:43:38 AM - System Checkpoint
RP393: 3/1/2013 7:19:00 PM - System Checkpoint
RP394: 3/4/2013 6:47:18 AM - System Checkpoint
RP395: 3/5/2013 6:52:49 AM - System Checkpoint
RP396: 3/6/2013 10:44:48 AM - System Checkpoint
RP397: 3/8/2013 9:30:23 AM - System Checkpoint
RP398: 3/10/2013 9:35:05 AM - System Checkpoint
RP399: 3/11/2013 9:50:36 AM - System Checkpoint
RP400: 3/12/2013 1:03:18 PM - System Checkpoint
RP401: 3/13/2013 2:20:01 PM - System Checkpoint
RP402: 3/15/2013 6:39:56 AM - System Checkpoint
RP403: 3/17/2013 9:45:58 AM - System Checkpoint
RP404: 3/17/2013 8:54:25 PM - Removed Java(TM) 7 Update 5
RP405: 3/17/2013 8:55:22 PM - Installed Java 7 Update 17
RP406: 3/19/2013 10:54:22 AM - System Checkpoint
RP407: 3/20/2013 12:46:04 PM - System Checkpoint
RP408: 3/21/2013 3:25:39 PM - System Checkpoint
RP409: 3/23/2013 3:56:23 PM - System Checkpoint
RP410: 3/25/2013 9:07:50 AM - System Checkpoint
RP411: 3/27/2013 5:48:48 PM - System Checkpoint
RP412: 3/29/2013 7:24:51 AM - System Checkpoint
RP413: 3/31/2013 7:36:16 AM - System Checkpoint
RP414: 4/1/2013 4:02:58 PM - System Checkpoint
RP415: 4/4/2013 7:10:59 AM - System Checkpoint
RP416: 4/5/2013 5:53:22 PM - System Checkpoint
RP417: 4/7/2013 9:41:47 AM - System Checkpoint
RP418: 4/8/2013 5:56:38 PM - System Checkpoint
RP419: 4/11/2013 7:07:11 AM - System Checkpoint
RP420: 4/12/2013 5:43:27 PM - System Checkpoint
RP421: 4/15/2013 7:49:05 AM - System Checkpoint
RP422: 4/16/2013 4:44:24 PM - System Checkpoint
RP423: 4/18/2013 6:51:46 AM - System Checkpoint
RP424: 4/19/2013 5:02:03 PM - System Checkpoint
RP425: 4/23/2013 7:22:24 AM - System Checkpoint
RP426: 4/24/2013 5:05:20 PM - System Checkpoint
RP427: 4/26/2013 5:23:52 AM - System Checkpoint
RP428: 4/28/2013 4:50:55 PM - System Checkpoint
RP429: 4/30/2013 1:40:18 PM - System Checkpoint
RP430: 5/2/2013 8:12:48 AM - System Checkpoint
RP431: 5/7/2013 6:03:38 PM - System Checkpoint
RP432: 5/9/2013 6:21:18 AM - System Checkpoint
RP433: 5/10/2013 5:22:29 PM - System Checkpoint
RP434: 5/12/2013 6:42:05 AM - System Checkpoint
RP435: 5/13/2013 8:00:42 AM - System Checkpoint
RP436: 5/14/2013 10:49:28 AM - System Checkpoint
RP437: 5/16/2013 6:59:35 AM - System Checkpoint
RP438: 5/16/2013 8:57:14 AM - Installed CuteFTP 9
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop 7.0
Adobe Photoshop CS3
Adobe Reader X (10.1.6)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Aimersoft Video Converter Ultimate(Build 4.1.0.2)
AimOne Video Splitter 1.44
Allok 3GP PSP MP4 iPod Video Converter 6.2.0603
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CuteFTP 9
DAEMON Tools Lite
DefaultTab
Dell ResourceCD
DivX Setup
Dropbox
ffdshow v1.2.4475 [2012-07-12]
FLAC 1.2.1b (remove only)
Flac to MP3 Converter
FlashPlayer
GoforFiles
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Java 7 Update 17
Java Auto Updater
JavaFX 2.1.1
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mouse Suite
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB973688)
Nero 6 Ultra Edition
Nero Backup Drivers
PDF Reader
PDF Settings
Pool Hall Pro
QuickTime
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SMPlayer 0.6.9
SoundMAX
Spotify
Torch
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
Wajam
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.11 (32-bit)
Xvid Video Codec
Yontoo 2.051
.
==== Event Viewer Messages From Past Week ========
.
5/16/2013 3:03:33 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
5/16/2013 3:02:02 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
5/11/2013 2:33:27 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
5/11/2013 12:03:11 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
.
==== End Of File ===========================
 
You didn't follow our preliminaries.
I don't see any AV program running.
Why?
 
Sorry. I see that now under Step 1 that One is to Install an AV Program if one is not present on the Computer System.
Again. My fault. I must have a Reading Disability. Thanks for the Reply. I will install an AV Program
from the list of recommended Programs.
Are their any other Steps I need to take ... did I miss anything else ...
 
Let me know when you some AV installed, updated and any findings after full scan.
 
Sorry Sir. I was not made for a Desk or Computer Job. There's so much New Information On your Website
that I don't normally See. So when reading through the Prelims, because of all of the new fascinating Information, I guess I just must of been Reading too Fast, and Skipped over the AV Step. Sorry.
 
redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 05/18/2013 08:40:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 12 ¤¤¤
[SUSP PATH] YontooDesktop.exe -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2025429265-838170752-839522115-500[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> FOUND
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\ADMINI~1\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] $NtUninstallKB55879$ : C:\WINDOWS\$NtUninstallKB55879$ --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014A +++++
--- User ---
[MBR] 46a7a426647a327cc850e9b584a11c34
[BSP] 53cbc9b2d15daeea9918f314ad8c0512 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05182013_02d0840.txt >>
RKreport[1]_S_05182013_02d0840.txt
 
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 05/18/2013 08:43:48
| ARK || FAK || MBR |

¤¤¤ Bad processes : 12 ¤¤¤
[SUSP PATH] YontooDesktop.exe -- C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe [7] -> KILLED [TermProc]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[SUSP PATH] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermThr]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]
[RESIDUE] torch.exe -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Torch\Application\torch.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Yontoo Desktop ("C:\Documents and Settings\Administrator\Application Data\Yontoo\YontooDesktop.exe") [7] -> DELETED
[TASK][SUSP PATH] At1.job : C:\DOCUME~1\ADMINI~1\APPLIC~1\Funmoods\UPDATE~1\UPDATE~1.EXE /Check [x] -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][JUNCTION] C:\WINDOWS\$NtUninstallKB55879$ >> \systemroot\system32\config --> REMOVED
[Del.Parent][FILE] @ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\@ [-] --> REMOVED
[Del.Parent][FILE] Desktop.ini : C:\WINDOWS\$NtUninstallKB55879$\1105238951\Desktop.ini [-] --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\201d3dde [-] --> REMOVED
[Del.Parent][FILE] 76603ac3 : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\76603ac3 [-] --> REMOVED
[Del.Parent][FILE] twdcgitc : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L\twdcgitc [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\00000004.@ [-] --> REMOVED
[Del.Parent][FILE] 00000008.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\00000008.@ [-] --> REMOVED
[Del.Parent][FILE] 000000cb.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\000000cb.@ [-] --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\80000000.@ [-] --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U\80000032.@ [-] --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951\U --> REMOVED
[Del.Parent][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$\1105238951 --> REMOVED
[Del.Parent][FILE] 1348737398 : C:\WINDOWS\$NtUninstallKB55879$\1348737398 [-] --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\$NtUninstallKB55879$ --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014A +++++
--- User ---
[MBR] 46a7a426647a327cc850e9b584a11c34
[BSP] 53cbc9b2d15daeea9918f314ad8c0512 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_05182013_02d0843.txt >>
RKreport[1]_S_05182013_02d0840.txt ; RKreport[2]_D_05182013_02d0843.txt
 
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ODAM-A5614DA8DD [administrator]

5/18/2013 9:49:21 AM
mbar-log-2013-05-18 (09-49-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25867
Time elapsed: 46 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe (PUP.RiskwareTool.CK) -> Delete on reboot.

(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 94814208

------------ Kernel report ------------
05/18/2013 09:01:48
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
NBVol.sys
NBVolUp.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\pelusblf.sys
\SystemRoot\system32\DRIVERS\pelmouse.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\KMW_SYS.sys
\SystemRoot\system32\DRIVERS\KID_LIB.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\TrueSight.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82f8dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82f7bb00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82f96900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82f7bb00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1a4a4e8, 0xffffffff82f8dab8, 0xffffffffff6ed040
Lower DeviceData: 0xffffffffe2dd5a60, 0xffffffff82f7bb00, 0xffffffff824bdb30
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14481448

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78107967
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 40000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} --> [PUP.Funmoods]
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\ffavisynth.avsi" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\6BQ9A7OJ\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\C30DCXKT\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBUVWTY3\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEZE1UF\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\{853E6A26-AF43-4F0B-8D3B-DE253399862E}.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\IntelGFX.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\configuration_0.css" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\skin\window-close.png" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQJ096B\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OTUVGXEJ\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S52RWP6R\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ST2VWLAV\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wiaservc.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1)
Infected: c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe --> [PUP.RiskwareTool.CK]
Read File: File "c:\Documents and Settings\Administrator\Desktop\Mike's Folder\Aimersoft Video Converter Ultimate 4.1.0.2 + Serial-[HB]\serial.txt" is sparse (flags = 32768)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 352432128

Removal queue found; removal started
Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
Removal finished
=======================================
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.16.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ODAM-A5614DA8DD [administrator]

Protection: Enabled

5/16/2013 2:50:45 PM
mbam-log-2013-05-16 (14-50-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 201633
Time elapsed: 8 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 26
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoods.dskBnd (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\XNHPMBRG\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.17.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ODAM-A5614DA8DD [administrator]

Protection: Enabled

5/18/2013 11:43:40 AM
mbam-log-2013-05-18 (11-43-40).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267993
Time elapsed: 1 hour(s), 38 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 338
C:\Documents and Settings\Administrator\My Documents\Dropbox\Technology\Nero 6.6.0.16 [Full]\keygen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\Adobe Photoshop CS6\adobe.photoshop.cs6.patch.exe (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\Program Files\AimOne\AimOne Video Splitter\AimOne.Video.Splitter.v1.43_KEYGEN-FFF.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\Program Files\PlayLogic\PoolHallPro\dvm.dll (VirTool.Obfuscator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069323.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069348.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069358.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069370.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069379.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069392.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069400.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP408\A0069337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069416.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069424.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP409\A0069430.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0069440.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0069446.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070446.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070468.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070488.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070494.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070504.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070514.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP410\A0070533.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070553.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070564.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070592.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP411\A0070614.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070626.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070636.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070649.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070655.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070671.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070683.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP412\A0070693.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070705.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070716.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070730.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP413\A0070743.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070752.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070772.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070784.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070795.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070802.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070808.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070822.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP414\A0070832.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070860.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070866.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0070889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071905.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071920.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071940.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP415\A0071950.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071956.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071964.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071980.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0071989.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072000.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072006.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072016.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072022.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072038.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP416\A0072044.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072050.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072063.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072097.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072114.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072124.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP417\A0072130.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072141.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072149.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072175.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072189.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072195.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072205.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072211.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072232.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072244.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072257.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP418\A0072266.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072276.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072282.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072311.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072348.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072355.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072288.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072361.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072379.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP419\A0072390.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072400.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072408.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072418.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072437.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072443.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072453.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072465.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072471.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072477.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072486.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072498.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP420\A0072506.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072515.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072532.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072540.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072570.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072579.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072585.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072595.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072602.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP421\A0072608.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072627.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072648.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072656.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072662.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072671.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072680.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072687.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP422\A0072696.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072730.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072738.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072753.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072761.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0072772.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073242.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073285.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073357.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP423\A0073375.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073385.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073391.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073406.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073427.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073435.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073449.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073457.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
 
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073463.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073487.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073473.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073480.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073500.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073514.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073523.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073535.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073543.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073549.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073555.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP424\A0073593.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074609.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0073601.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074601.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP425\A0074615.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074659.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074626.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074632.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074644.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP426\A0074652.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074674.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074684.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074695.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074703.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074710.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074721.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074728.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074752.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074762.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074769.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074778.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP427\A0074786.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074795.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074807.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074816.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074825.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074832.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074841.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP428\A0074848.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074858.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074867.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074874.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074882.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074895.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP429\A0074904.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074911.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074918.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074933.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074940.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074950.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074957.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074972.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074979.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074986.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0074997.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0075004.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP430\A0075011.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075038.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075051.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075059.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075066.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075077.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP431\A0075087.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075094.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075115.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075123.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075130.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075137.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075148.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075155.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP432\A0075162.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075176.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075184.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP433\A0075197.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075205.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075213.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075222.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP434\A0075229.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075240.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075248.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP435\A0075259.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075283.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075297.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP436\A0075316.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP437\A0075329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP439\A0077375.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064254.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064255.dll (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064256.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064259.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064260.exe (PUP.215Apps) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0064263.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066300.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066310.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP389\A0066354.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066380.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066396.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066406.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066427.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066455.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066467.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066443.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0066490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0067490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP390\A0067509.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067545.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067562.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP391\A0067820.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067872.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067842.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067863.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP392\A0067892.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067898.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067911.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067923.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067929.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067941.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067963.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067977.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0067987.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068007.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068013.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068035.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068026.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP393\A0068050.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068062.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068089.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068102.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP394\A0068119.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068184.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068138.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068167.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068174.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP395\A0068194.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068202.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068239.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068248.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068258.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068329.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068337.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068343.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068355.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068369.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP396\A0068378.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068398.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068413.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068431.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068444.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068457.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068466.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068490.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP397\A0068498.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068518.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068535.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068568.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068577.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP398\A0068585.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068593.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068617.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP399\A0068643.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068662.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068672.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068687.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068696.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068704.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP400\A0068736.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068744.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068757.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068779.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068787.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068829.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068845.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP401\A0068796.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068863.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068880.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068889.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068908.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068944.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068923.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP402\A0068967.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0068984.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0068998.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP403\A0069008.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069148.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069157.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069163.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069179.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069185.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP405\A0069200.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069214.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069221.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069236.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069245.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP406\A0069260.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069272.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069280.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069290.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069303.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1F1E36AB-A67C-46BB-8508-BE655BB35447}\RP407\A0069311.sys (Rootkit.0Access) -> Quarantined and deleted successfully.
 
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.03.22.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ODAM-A5614DA8DD [administrator]

5/18/2013 9:49:21 AM
mbar-log-2013-05-18 (09-49-21).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25867
Time elapsed: 46 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} (PUP.Funmoods) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} (PUP.Funmoods) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe (PUP.RiskwareTool.CK) -> Delete on reboot.

(end)
 
I still need system-log.txt log and then couple more logs which are created after fixes are done.
 
Mbar produced One Log after Cleanup. I searched my System more than once. There's only that one Log after Cleanup, in the Mbar folder.

Here's the System Log


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 94814208

------------ Kernel report ------------
05/18/2013 09:01:48
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
NBVol.sys
NBVolUp.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\pelusblf.sys
\SystemRoot\system32\DRIVERS\pelmouse.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\KMW_SYS.sys
\SystemRoot\system32\DRIVERS\KID_LIB.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\??\C:\WINDOWS\system32\drivers\TrueSight.sys
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82f8dab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82f7bb00
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82f96900, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82f8dab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82f7bb00, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1a4a4e8, 0xffffffff82f8dab8, 0xffffffffff6ed040
Lower DeviceData: 0xffffffffe2dd5a60, 0xffffffff82f7bb00, 0xffffffff824bdb30
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14481448

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78107967
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 40000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
Done!
Performing system, memory and registry scan...
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23C70BCA-6E23-4A65-AD2E-1389062074F1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{295CACB4-51F5-46FD-914E-C72BAAE1B672} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{C0585B2F-74D7-4734-88DE-6C150C5D4036} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} --> [PUP.Funmoods]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{EF0588D6-1621-4A75-B8BE-F4BC34794136} --> [PUP.Funmoods]
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\ffavisynth.avsi" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\drivers\etc\networks" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\migrate.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\msobe.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\obeip.dun" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\oobeinfo.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\oobe\reg.isp" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\wbem\wmiclivalueformat.xsl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\6BQ9A7OJ\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\C30DCXKT\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\CBUVWTY3\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\OHEZE1UF\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\{853E6A26-AF43-4F0B-8D3B-DE253399862E}.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\IntelGFX.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\configuration_0.css" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\avg@toolbar\modules\skin\window-close.png" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ODQJ096B\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OTUVGXEJ\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S52RWP6R\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ST2VWLAV\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\ntuser.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\spupdsvc.log.1.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\explorer.scf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vb.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\vbaddin.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\wiaservc.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Downloaded Program Files\wuweb.inf" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ciadmin.htm" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\conf.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\connect.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\ratings.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\mshearts.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\nocontnt.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\update.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\windows.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\winhlp32.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Help\msnauth.cnt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\AddInUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\applaunch.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\csc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cvtres.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\default.win32manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regasm.exe.config" is compressed (flags = 1)
Read File: File
 
"c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\caspol.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\jsc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\_dataperfcounters_shared12_neutral.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\XPThemes.manifest" is compressed (flags = 1)
Read File: File "c:\WINDOWS\Web\bullet.gif" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe\Updater5\AdobeUpdaterPrefs.dat" is compressed (flags = 1)
Infected: c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe --> [PUP.RiskwareTool.CK]
Read File: File "c:\Documents and Settings\Administrator\Desktop\Mike's Folder\Aimersoft Video Converter Ultimate 4.1.0.2 + Serial-[HB]\serial.txt" is sparse (flags = 32768)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 352432128

Removal queue found; removal started
Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 115933184

DDA driver unhooking procedure failed
Downloaded database version: v2013.05.20.06
Downloaded database version: v2013.05.14.03
Initializing...
Scan Interrupted
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 334581760

Removal queue found; removal started
Removing c:\Documents and Settings\Administrator\Desktop\Adobe CS6\Adobe Creative Suite 6 Master Collection - X-FORCE Keygen\Keygen.exe...
Removal finished
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 5.1.2600 Windows XP Service Pack 3 x86

Account is Administrative

Internet Explorer version: 6.0.2900.5512

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.793000 GHz
Memory total: 534757376, free: 156323840

------------ Kernel report ------------
05/22/2013 06:52:06
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
NBVol.sys
NBVolUp.sys
Mup.sys
aswVmm.sys
aswRvrt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ialmnt5.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\e100b325.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\senfilt.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\drivers\avgtpx86.sys
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\AswRdr.SYS
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\pelusblf.sys
\SystemRoot\system32\DRIVERS\pelmouse.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\KMW_SYS.sys
\SystemRoot\system32\DRIVERS\KID_LIB.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ialmdnt5.dll
\SystemRoot\System32\ialmrnt5.dll
\SystemRoot\System32\ialmdev5.DLL
\SystemRoot\System32\ialmdd5.DLL
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\atksgt.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\lirsgt.sys
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff82fd6ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff82fe3d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff82fd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff82f58958, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff82fd6ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff82fe3d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1a694e0, 0xffffffff82fd6ab8, 0xffffffffffbcc8b8
Lower DeviceData: 0xffffffffe17f83a0, 0xffffffff82fe3d98, 0xffffffff81de6a28
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a313.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\a314.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpi.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv05nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv07nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlmnt5.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtlstrm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mutohpen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVol.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\NBVolUp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ndis.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nic1394.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nmnt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ntmtlfax.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nv4_mini.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkflt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkfwd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkipx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ftdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gagp30kx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hdaudbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidbth.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hidir.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmkchw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ialmsbw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\intelide.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ip6fw.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\recagent.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rfcomm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rmcast.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rndismpx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\scsiport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sdbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\secdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffdisk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_mmc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sffp_sd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\siint5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sisagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slntamr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slnthal.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\slwdmsup.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smbali.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sonydcam.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\sr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\stream.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tape.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tcpip6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdpipe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tdtcp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\tunmp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\uagp35.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\udfs.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usb8023x.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBAUDIO.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbcamd2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\classpnp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\crusoe.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\disk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\diskdump.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmboot.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmio.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\dmload.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fltmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv08nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\asyncmac.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv01nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipfltdrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspqm.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ipinip.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irbus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\irenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ksecdd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\modem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mountmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mskssrv.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\mspclock.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbintel.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\USBSTOR.SYS" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\usbvideo.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vchnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\viaagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\volsnap.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wacompen.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\wpdusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ws2ifsl.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfPf.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\WudfRd.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\nwrdr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\p3.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\partmgr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\pcmcia.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\processr.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\PxHelp20.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmarpc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmlane.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv02nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv04nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv06nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\atv10nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bridge.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthenum.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthmodem.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthpan.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthport.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthprint.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\bthusb.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cbidf2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdr4_xp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\cdralw2k.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\ch7xxnt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv09nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\adv11nt5.dll" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agp440.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\agpcpq.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\alim1541.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdagp.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk6.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\amdk7.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\system32\drivers\arp1394.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 14481448

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 78107967
Partition file system is NTFS
Partition is bootable

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 40000000000 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-78105000-78125000)...
Done!
Performing system, memory and registry scan...
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\(Ebook Martial Arts) Aikido - Pressure Points.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Browne-H-Jackson-Lifes-Little-Instruction-Book-I-II-III-Maxims.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Mark Twain - The Adventures of Tom Sawyer.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\Arturo Perez-Reverte - The Fencing Master.pdf.torrent" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\BitTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Media Player\00D68B18.wpl" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Administrator\Application Data\WinRAR\version.dat" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\All Users\Application Data\Mozilla\logs\maintenanceservice-install.log" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Outlook Express\msoe.txt" is compressed (flags = 1)
Read File: File "c:\Program Files\Windows Media Player\npdrmv2.zip" is compressed (flags = 1)
Read File: File "c:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\dsound.vxd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\l_except.nls" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfwci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pscript.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\cmos.ram" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\desktop.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\login.cmd" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\pcl.sep" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perfci.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\perffilt.h" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\spupdwxp.log" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\Registration.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\prodspec.ini" is compressed (flags = 1)
Read File: File "c:\WINDOWS\system32\View Channels.scf" is compressed (flags = 1)
 
Status
Not open for further replies.
Back