Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
New Zealand Police / Ukash
Message
<blockquote data-quote="Sue64" data-source="post: 131221" data-attributes="member: 10541"><p>Hi, we have done all of that and the logs are below. (Some light reading for you, haha <img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite109" alt=":)" title="Smile :)" loading="lazy" data-shortname=":)" /> )</p><p></p><p># AdwCleaner v2.306 - Logfile created 08/01/2013 at 15:27:29</p><p># Updated 19/07/2013 by Xplode</p><p># Operating system : Microsoft Windows XP Service Pack 3 (32 bits)</p><p># User : Roger - DESKTOP</p><p># Boot Mode : Normal</p><p># Running from : C:\Documents and Settings\Roger\Desktop\adwcleaner.exe</p><p># Option [Delete]</p><p></p><p></p><p>***** [Services] *****</p><p></p><p></p><p>***** [Files / Folders] *****</p><p></p><p>Deleted on reboot : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde</p><p>File Deleted : C:\WINDOWS\system32\roboot.exe</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\BabSolution</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\Babylon</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\delta</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\ExpressFiles</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\imeshbandmltbpi</p><p>Folder Deleted : C:\Documents and Settings\Roger\Application Data\mediabarim</p><p>Folder Deleted : C:\Documents and Settings\Roger\Local Settings\Application Data\PackageAware</p><p>Folder Deleted : C:\Program Files\delta</p><p>Folder Deleted : C:\Program Files\ExpressFiles</p><p>Folder Deleted : C:\Program Files\iMesh Applications</p><p>Folder Deleted : C:\Program Files\utilitychest_49</p><p></p><p>***** [Registry] *****</p><p></p><p>Key Deleted : HKCU\Software\5d2d6dbb36dec12</p><p>Key Deleted : HKCU\Software\BabSolution</p><p>Key Deleted : HKCU\Software\DataMngr</p><p>Key Deleted : HKCU\Software\DataMngr_Toolbar</p><p>Key Deleted : HKCU\Software\Delta</p><p>Key Deleted : HKCU\Software\ExpressFiles</p><p>Key Deleted : HKCU\Software\ilivid</p><p>Key Deleted : HKCU\Software\Imesh</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles</p><p>Key Deleted : HKCU\Software\Softonic</p><p>Key Deleted : HKCU\Software\systweak</p><p>Key Deleted : HKCU\Software\YahooPartnerToolbar</p><p>Key Deleted : HKLM\SOFTWARE\5d2d6dbb36dec12</p><p>Key Deleted : HKLM\Software\Babylon</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr</p><p>Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane</p><p>Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc</p><p>Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}</p><p>Key Deleted : HKLM\Software\DataMngr</p><p>Key Deleted : HKLM\Software\Delta</p><p>Key Deleted : HKLM\Software\ExpressFiles</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar</p><p>Key Deleted : HKLM\Software\systweak</p><p>Key Deleted : HKLM\Software\TENCENT</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]</p><p></p><p>***** [Internet Browsers] *****</p><p></p><p>-\\ Internet Explorer v8.0.6001.18702</p><p></p><p>Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm038^YY^nz&ptb=4DB43EA2-18A2-4F84-A189-CD7E1D2C32BD&si=UTDO_AUS_CAN --> hxxp://www.google.com</p><p>Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=4949 --> hxxp://www.google.com</p><p></p><p>-\\ Google Chrome v28.0.1500.72</p><p></p><p>File : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences</p><p></p><p>Deleted [l.216] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=[...]</p><p>Deleted [l.269] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF19[...]</p><p></p><p>*************************</p><p></p><p>AdwCleaner[S1].txt - [12208 octets] - [01/08/2013 15:27:29]</p><p></p><p>########## EOF - C:\AdwCleaner[S1].txt - [12269 octets] ##########</p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Junkware Removal Tool (JRT) by Thisisu</p><p>Version: 5.2.9 (07.30.2013:1)</p><p>OS: Microsoft Windows XP x86</p><p>Ran by Roger on Thu 01/08/2013 at 16:00:05.12</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p></p><p></p><p></p><p>~~~ Services</p><p></p><p></p><p></p><p>~~~ Registry Values</p><p></p><p>Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utility chest search scope monitor</p><p>Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utilitychest_49 browser plugin loader</p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs</p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName</p><p>Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL</p><p></p><p></p><p></p><p>~~~ Registry Keys</p><p></p><p></p><p></p><p>~~~ Files</p><p></p><p></p><p></p><p>~~~ Folders</p><p></p><p>Successfully deleted: [Folder] "C:\Documents and Settings\Roger\Application Data\systweak"</p><p>Successfully deleted: [Folder] "C:\Documents and Settings\Roger\appdata\locallow\datamngr"</p><p></p><p></p><p></p><p></p><p></p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p>Scan was completed on Thu 01/08/2013 at 16:05:22.93</p><p>End of JRT log</p><p>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</p><p></p><p>Malwarebytes Anti-Malware (Trial) 1.75.0.1300</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.08.01.01</p><p></p><p>Windows XP Service Pack 3 x86 NTFS</p><p>Internet Explorer 8.0.6001.18702</p><p>Roger :: DESKTOP [administrator]</p><p></p><p>Protection: Enabled</p><p></p><p>1/08/2013 6:34:49 PM</p><p>mbam-log-2013-08-01 (18-34-49).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</p><p>Scan options disabled: P2P</p><p>Objects scanned: 288871</p><p>Time elapsed: 12 minute(s), 12 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 1</p><p>HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 2</p><p>C:\RECYCLER\S-1-5-21-3832377769-2810668422-4075739219-1011\Dc6.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.</p><p>C:\Documents and Settings\Roger\Local Settings\Temp\E7DA0732-BAB0-7891-B650-335E3BD93F23\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.</p><p></p><p>(end)</p><p></p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p>www.malwarebytes.org</p><p></p><p>Database version: v2013.07.31.07</p><p></p><p>Windows XP Service Pack 3 x86 NTFS</p><p>Internet Explorer 8.0.6001.18702</p><p>Roger :: DESKTOP [administrator]</p><p></p><p>1/08/2013 5:12:43 PM</p><p>mbar-log-2013-08-01 (17-12-43).txt</p><p></p><p>Scan type: Quick scan</p><p>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P</p><p>Scan options disabled: PUP</p><p>Objects scanned: 291074</p><p>Time elapsed: 1 hour(s), 6 minute(s), 26 second(s)</p><p></p><p>Memory Processes Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Memory Modules Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Keys Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Values Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Registry Data Items Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Folders Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Files Detected: 0</p><p>(No malicious items detected)</p><p></p><p>Physical Sectors Detected: 0</p><p>(No malicious items detected)</p><p></p><p>(end)</p><p></p><p></p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.6001.18702</p><p></p><p>Java version: 1.6.0_20</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 3.066000 GHz</p><p>Memory total: 1332523008, free: 923570176</p><p></p><p>Downloaded database version: v2013.07.31.07</p><p>Downloaded database version: v2013.07.29.01</p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 08/01/2013 16:18:38</p><p>------------ Loaded modules -----------</p><p>\WINDOWS\system32\ntoskrnl.exe</p><p>\WINDOWS\system32\hal.dll</p><p>\WINDOWS\system32\KDCOM.DLL</p><p>\WINDOWS\system32\BOOTVID.dll</p><p>ACPI.sys</p><p>\WINDOWS\System32\DRIVERS\WMILIB.SYS</p><p>pci.sys</p><p>isapnp.sys</p><p>pciide.sys</p><p>\WINDOWS\System32\DRIVERS\PCIIDEX.SYS</p><p>aliide.sys</p><p>intelide.sys</p><p>toside.sys</p><p>viaide.sys</p><p>cmdide.sys</p><p>MountMgr.sys</p><p>ftdisk.sys</p><p>PartMgr.sys</p><p>IdeBusDr.sys</p><p>VolSnap.sys</p><p>cpqarray.sys</p><p>\WINDOWS\System32\DRIVERS\SCSIPORT.SYS</p><p>atapi.sys</p><p>aha154x.sys</p><p>sparrow.sys</p><p>symc810.sys</p><p>aic78xx.sys</p><p>dac960nt.sys</p><p>ql10wnt.sys</p><p>amsint.sys</p><p>asc.sys</p><p>asc3550.sys</p><p>mraid35x.sys</p><p>i2omp.sys</p><p>ini910u.sys</p><p>ql1240.sys</p><p>aic78u2.sys</p><p>symc8xx.sys</p><p>sym_hi.sys</p><p>sym_u3.sys</p><p>ABP480N5.SYS</p><p>asc3350p.sys</p><p>cd20xrnt.sys</p><p>ultra.sys</p><p>adpu160m.sys</p><p>dpti2o.sys</p><p>ql1080.sys</p><p>ql1280.sys</p><p>ql12160.sys</p><p>perc2.sys</p><p>perc2hib.sys</p><p>hpn.sys</p><p>cbidf2k.sys</p><p>dac2w2k.sys</p><p>IdeChnDr.sys</p><p>disk.sys</p><p>\WINDOWS\System32\DRIVERS\CLASSPNP.SYS</p><p>fltmgr.sys</p><p>sr.sys</p><p>mfehidk.sys</p><p>PxHelp20.sys</p><p>KSecDD.sys</p><p>Ntfs.sys</p><p>NDIS.sys</p><p>sonypvl3.sys</p><p>sisagp.sys</p><p>viaagp.sys</p><p>RecAgent.sys</p><p>Mup.sys</p><p>alim1541.sys</p><p>amdagp.sys</p><p>agp440.sys</p><p>agpCPQ.sys</p><p>\SystemRoot\system32\DRIVERS\tunmp.sys</p><p>\SystemRoot\System32\DRIVERS\intelppm.sys</p><p>\SystemRoot\System32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\System32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\System32\DRIVERS\usbehci.sys</p><p>\SystemRoot\System32\DRIVERS\slntamr.sys</p><p>\SystemRoot\System32\DRIVERS\SlWdmSup.sys</p><p>\SystemRoot\system32\drivers\mfeavfk.sys</p><p>\SystemRoot\system32\drivers\mfefirek.sys</p><p>\SystemRoot\System32\DRIVERS\Mtlmnt5.sys</p><p>\SystemRoot\System32\Drivers\Modem.SYS</p><p>\SystemRoot\system32\DRIVERS\nv4_mini.sys</p><p>\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS</p><p>\SystemRoot\System32\DRIVERS\e100b325.sys</p><p>\SystemRoot\System32\DRIVERS\serial.sys</p><p>\SystemRoot\System32\DRIVERS\serenum.sys</p><p>\SystemRoot\System32\DRIVERS\fdc.sys</p><p>\SystemRoot\System32\DRIVERS\parport.sys</p><p>\SystemRoot\System32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\System32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\System32\DRIVERS\imapi.sys</p><p>\SystemRoot\System32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\DRIVERS\redbook.sys</p><p>\SystemRoot\System32\DRIVERS\ks.sys</p><p>\SystemRoot\System32\Drivers\incdrm.SYS</p><p>\SystemRoot\System32\DRIVERS\InCDPass.sys</p><p>\SystemRoot\system32\drivers\STAC97.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\DRIVERS\audstub.sys</p><p>\SystemRoot\system32\DRIVERS\mfendisk.sys</p><p>\SystemRoot\System32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\System32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\System32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\System32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\System32\DRIVERS\raspptp.sys</p><p>\SystemRoot\System32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\psched.sys</p><p>\SystemRoot\System32\DRIVERS\msgpc.sys</p><p>\SystemRoot\System32\DRIVERS\ptilink.sys</p><p>\SystemRoot\System32\DRIVERS\raspti.sys</p><p>\SystemRoot\System32\DRIVERS\termdd.sys</p><p>\SystemRoot\System32\DRIVERS\mouclass.sys</p><p>\SystemRoot\System32\DRIVERS\swenum.sys</p><p>\SystemRoot\System32\DRIVERS\update.sys</p><p>\SystemRoot\System32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\System32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\drivers\MODEMCSA.sys</p><p>\SystemRoot\System32\DRIVERS\flpydisk.sys</p><p>\SystemRoot\System32\Drivers\i2omgmt.SYS</p><p>\SystemRoot\System32\Drivers\cdrbsvsd.SYS</p><p>\SystemRoot\System32\Drivers\Asapi.SYS</p><p>\SystemRoot\System32\Drivers\Fs_Rec.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\Drivers\mnmdd.SYS</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\System32\Drivers\InCDrec.SYS</p><p>\SystemRoot\System32\Drivers\InCDfs.SYS</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\System32\Drivers\sonypvf3.SYS</p><p>\SystemRoot\System32\Drivers\sonypvt3.SYS</p><p>\SystemRoot\System32\DRIVERS\rasacd.sys</p><p>\SystemRoot\System32\DRIVERS\ipsec.sys</p><p>\SystemRoot\System32\DRIVERS\tcpip.sys</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\system32\drivers\mfetdi2k.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\System32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\tcpip6.sys</p><p>\SystemRoot\System32\drivers\ws2ifsl.sys</p><p>\SystemRoot\System32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbios.sys</p><p>\SystemRoot\System32\DRIVERS\rdbss.sys</p><p>\SystemRoot\System32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\System32\Drivers\Fips.SYS</p><p>\SystemRoot\System32\DRIVERS\hidusb.sys</p><p>\SystemRoot\System32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\System32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\Drivers\Cdfs.SYS</p><p>\SystemRoot\System32\Drivers\dump_IdeChnDr.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\System32\drivers\dxgthk.sys</p><p>\SystemRoot\System32\nv4_disp.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\System32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\System32\DRIVERS\mrxdav.sys</p><p>\SystemRoot\System32\Drivers\ParVdm.SYS</p><p>\SystemRoot\System32\Drivers\MASPINT.SYS</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\wdmaud.sys</p><p>\SystemRoot\system32\drivers\sysaudio.sys</p><p>\SystemRoot\system32\drivers\mfeapfk.sys</p><p>\SystemRoot\System32\Drivers\HTTP.sys</p><p>\SystemRoot\system32\drivers\cfwids.sys</p><p>\SystemRoot\System32\DRIVERS\asyncmac.sys</p><p>\SystemRoot\System32\Drivers\Fastfat.SYS</p><p>\SystemRoot\System32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\system32\drivers\kmixer.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys</p><p>\WINDOWS\system32\ntdll.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR5</p><p>Upper Device Object: 0xffffffff8807a030</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\000000ab\</p><p>Lower Device Object: 0xffffffff88bbf690</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff8a4269c0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\</p><p>Lower Device Object: 0xffffffff8a419030</p><p>Lower Device Driver Name: \Driver\IdeChnDr\</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff8a426798, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8a42ee90, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff8a419030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 165E8AA</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x1b)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 12594897</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 12594960 Numsec = 67681845</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 41110142976 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)...</p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff88e0eb28, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff88bbf690, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E54FA68B</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0xb)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 7823655</p><p> Partition file system is FAT32</p><p> Partition is not bootable</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 4007657472 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Infected: c:\Documents and Settings\Roger\Application Data\cache.dat --> [Trojan.Agent.rfz]</p><p>Infected: c:\Documents and Settings\Roger\Local Settings\Temp\hsyejshgwvbqmsvav.exe --> [Trojan.Agent.rfz]</p><p>Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)</p><p>Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)</p><p>Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter]</p><p>Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter]</p><p>Scan finished</p><p>Creating System Restore point...</p><p>Cleaning up...</p><p>Removal scheduling successful. System shutdown needed.</p><p>System shutdown occurred</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.6001.18702</p><p></p><p>Java version: 1.6.0_20</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 3.066000 GHz</p><p>Memory total: 1332523008, free: 886857728</p><p></p><p>Initializing...</p><p>------------ Kernel report ------------</p><p> 08/01/2013 17:12:22</p><p>------------ Loaded modules -----------</p><p>\WINDOWS\system32\ntoskrnl.exe</p><p>\WINDOWS\system32\hal.dll</p><p>\WINDOWS\system32\KDCOM.DLL</p><p>\WINDOWS\system32\BOOTVID.dll</p><p>imofugc.sys</p><p>ACPI.sys</p><p>\WINDOWS\System32\DRIVERS\WMILIB.SYS</p><p>pci.sys</p><p>isapnp.sys</p><p>\WINDOWS\System32\DRIVERS\PCIIDEX.SYS</p><p>MountMgr.sys</p><p>ftdisk.sys</p><p>PartMgr.sys</p><p>IdeBusDr.sys</p><p>VolSnap.sys</p><p>\WINDOWS\System32\DRIVERS\SCSIPORT.SYS</p><p>IdeChnDr.sys</p><p>disk.sys</p><p>\WINDOWS\System32\DRIVERS\CLASSPNP.SYS</p><p>fltmgr.sys</p><p>sr.sys</p><p>mfehidk.sys</p><p>PxHelp20.sys</p><p>KSecDD.sys</p><p>Ntfs.sys</p><p>NDIS.sys</p><p>sonypvl3.sys</p><p>RecAgent.sys</p><p>Mup.sys</p><p>\SystemRoot\system32\DRIVERS\tunmp.sys</p><p>\SystemRoot\System32\DRIVERS\intelppm.sys</p><p>\SystemRoot\System32\DRIVERS\usbuhci.sys</p><p>\SystemRoot\System32\DRIVERS\USBPORT.SYS</p><p>\SystemRoot\System32\DRIVERS\usbehci.sys</p><p>\SystemRoot\System32\DRIVERS\slntamr.sys</p><p>\SystemRoot\System32\DRIVERS\SlWdmSup.sys</p><p>\SystemRoot\system32\drivers\mfeavfk.sys</p><p>\SystemRoot\system32\drivers\mfefirek.sys</p><p>\SystemRoot\System32\DRIVERS\Mtlmnt5.sys</p><p>\SystemRoot\System32\Drivers\Modem.SYS</p><p>\SystemRoot\system32\DRIVERS\nv4_mini.sys</p><p>\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS</p><p>\SystemRoot\System32\DRIVERS\e100b325.sys</p><p>\SystemRoot\System32\DRIVERS\serial.sys</p><p>\SystemRoot\System32\DRIVERS\serenum.sys</p><p>\SystemRoot\System32\DRIVERS\fdc.sys</p><p>\SystemRoot\System32\DRIVERS\parport.sys</p><p>\SystemRoot\System32\DRIVERS\i8042prt.sys</p><p>\SystemRoot\System32\DRIVERS\kbdclass.sys</p><p>\SystemRoot\System32\DRIVERS\imapi.sys</p><p>\SystemRoot\System32\DRIVERS\cdrom.sys</p><p>\SystemRoot\System32\DRIVERS\redbook.sys</p><p>\SystemRoot\System32\DRIVERS\ks.sys</p><p>\SystemRoot\System32\Drivers\incdrm.SYS</p><p>\SystemRoot\System32\DRIVERS\InCDPass.sys</p><p>\SystemRoot\system32\drivers\STAC97.sys</p><p>\SystemRoot\system32\drivers\portcls.sys</p><p>\SystemRoot\system32\drivers\drmk.sys</p><p>\SystemRoot\System32\DRIVERS\audstub.sys</p><p>\SystemRoot\system32\DRIVERS\mfendisk.sys</p><p>\SystemRoot\System32\DRIVERS\rasl2tp.sys</p><p>\SystemRoot\System32\DRIVERS\ndistapi.sys</p><p>\SystemRoot\System32\DRIVERS\ndiswan.sys</p><p>\SystemRoot\System32\DRIVERS\raspppoe.sys</p><p>\SystemRoot\System32\DRIVERS\raspptp.sys</p><p>\SystemRoot\System32\DRIVERS\TDI.SYS</p><p>\SystemRoot\System32\DRIVERS\psched.sys</p><p>\SystemRoot\System32\DRIVERS\msgpc.sys</p><p>\SystemRoot\System32\DRIVERS\ptilink.sys</p><p>\SystemRoot\System32\DRIVERS\raspti.sys</p><p>\SystemRoot\System32\DRIVERS\termdd.sys</p><p>\SystemRoot\System32\DRIVERS\mouclass.sys</p><p>\SystemRoot\System32\DRIVERS\swenum.sys</p><p>\SystemRoot\System32\DRIVERS\update.sys</p><p>\SystemRoot\System32\DRIVERS\mssmbios.sys</p><p>\SystemRoot\System32\Drivers\NDProxy.SYS</p><p>\SystemRoot\System32\DRIVERS\usbhub.sys</p><p>\SystemRoot\System32\DRIVERS\USBD.SYS</p><p>\SystemRoot\system32\drivers\MODEMCSA.sys</p><p>\SystemRoot\System32\DRIVERS\flpydisk.sys</p><p>\SystemRoot\System32\Drivers\i2omgmt.SYS</p><p>\SystemRoot\System32\Drivers\cdrbsvsd.SYS</p><p>\SystemRoot\System32\Drivers\Asapi.SYS</p><p>\SystemRoot\System32\Drivers\Fs_Rec.SYS</p><p>\SystemRoot\System32\Drivers\Null.SYS</p><p>\SystemRoot\System32\Drivers\Beep.SYS</p><p>\SystemRoot\system32\DRIVERS\HIDPARSE.SYS</p><p>\SystemRoot\System32\drivers\vga.sys</p><p>\SystemRoot\System32\Drivers\mnmdd.SYS</p><p>\SystemRoot\System32\DRIVERS\RDPCDD.sys</p><p>\SystemRoot\System32\Drivers\InCDrec.SYS</p><p>\SystemRoot\System32\Drivers\InCDfs.SYS</p><p>\SystemRoot\System32\Drivers\Msfs.SYS</p><p>\SystemRoot\System32\Drivers\Npfs.SYS</p><p>\SystemRoot\System32\Drivers\sonypvf3.SYS</p><p>\SystemRoot\System32\Drivers\sonypvt3.SYS</p><p>\SystemRoot\System32\DRIVERS\rasacd.sys</p><p>\SystemRoot\System32\DRIVERS\ipsec.sys</p><p>\SystemRoot\System32\DRIVERS\tcpip.sys</p><p>\SystemRoot\system32\drivers\mfetdi2k.sys</p><p>\SystemRoot\System32\DRIVERS\netbt.sys</p><p>\SystemRoot\System32\DRIVERS\wanarp.sys</p><p>\SystemRoot\system32\DRIVERS\tcpip6.sys</p><p>\SystemRoot\System32\drivers\ws2ifsl.sys</p><p>\SystemRoot\System32\drivers\afd.sys</p><p>\SystemRoot\System32\DRIVERS\netbios.sys</p><p>\SystemRoot\System32\DRIVERS\rdbss.sys</p><p>\SystemRoot\System32\DRIVERS\mrxsmb.sys</p><p>\SystemRoot\System32\Drivers\Fips.SYS</p><p>\SystemRoot\system32\DRIVERS\usbccgp.sys</p><p>\SystemRoot\System32\DRIVERS\USBSTOR.SYS</p><p>\SystemRoot\System32\DRIVERS\hidusb.sys</p><p>\SystemRoot\System32\DRIVERS\HIDCLASS.SYS</p><p>\SystemRoot\System32\DRIVERS\mouhid.sys</p><p>\SystemRoot\System32\Drivers\Fastfat.SYS</p><p>\SystemRoot\System32\Drivers\dump_IdeChnDr.sys</p><p>\SystemRoot\System32\win32k.sys</p><p>\SystemRoot\System32\drivers\Dxapi.sys</p><p>\SystemRoot\System32\watchdog.sys</p><p>\SystemRoot\System32\drivers\dxg.sys</p><p>\SystemRoot\System32\drivers\dxgthk.sys</p><p>\SystemRoot\System32\nv4_disp.dll</p><p>\SystemRoot\System32\ATMFD.DLL</p><p>\SystemRoot\System32\DRIVERS\ndisuio.sys</p><p>\SystemRoot\system32\DRIVERS\rspndr.sys</p><p>\SystemRoot\System32\DRIVERS\mrxdav.sys</p><p>\SystemRoot\System32\Drivers\ParVdm.SYS</p><p>\SystemRoot\System32\Drivers\MASPINT.SYS</p><p>\SystemRoot\System32\DRIVERS\srv.sys</p><p>\SystemRoot\system32\drivers\wdmaud.sys</p><p>\SystemRoot\system32\drivers\sysaudio.sys</p><p>\SystemRoot\system32\drivers\mfeapfk.sys</p><p>\SystemRoot\System32\Drivers\HTTP.sys</p><p>\SystemRoot\system32\drivers\cfwids.sys</p><p>\SystemRoot\System32\DRIVERS\asyncmac.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys</p><p>\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys</p><p>\WINDOWS\system32\ntdll.dll</p><p>----------- End -----------</p><p>Done!</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk1\DR3</p><p>Upper Device Object: 0xffffffff882fe918</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\000000a4\</p><p>Lower Device Object: 0xffffffff88f76ea0</p><p>Lower Device Driver Name: \Driver\USBSTOR\</p><p><<<1>>></p><p>Upper Device Name: \Device\Harddisk0\DR0</p><p>Upper Device Object: 0xffffffff8a4229c0</p><p>Upper Device Driver Name: \Driver\Disk\</p><p>Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\</p><p>Lower Device Object: 0xffffffff8a42b030</p><p>Lower Device Driver Name: \Driver\IdeChnDr\</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p>Physical Sector Size: 512</p><p>Drive: 0, DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff8a422798, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff8a423ac0, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\</p><p>DevicePointer: 0xffffffff8a42b030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Scanning drivers directory: C:\WINDOWS\system32\drivers...</p><p><<<2>>></p><p>Device number: 0, partition: 2</p><p><<<3>>></p><p>Volume: C:</p><p>File system type: NTFS</p><p>SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes</p><p>Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1)</p><p>Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)</p><p>Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1)</p><p>Done!</p><p>Drive 0</p><p>Scanning MBR on drive 0...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: 165E8AA</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0x1b)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 12594897</p><p></p><p> Partition 1 type is Primary (0x7)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 12594960 Numsec = 67681845</p><p> Partition file system is NTFS</p><p> Partition is bootable</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 41110142976 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)...</p><p>Done!</p><p>Physical Sector Size: 512</p><p>Drive: 1, DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\</p><p>--------- Disk Stack ------</p><p>DevicePointer: 0xffffffff88303e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\</p><p>DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\</p><p>DevicePointer: 0xffffffff88f76ea0, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\</p><p>------------ End ----------</p><p>Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\</p><p>Upper DeviceData: 0x0, 0x0, 0x0</p><p>Lower DeviceData: 0x0, 0x0, 0x0</p><p>Drive 1</p><p>Scanning MBR on drive 1...</p><p>Inspecting partition table:</p><p>MBR Signature: 55AA</p><p>Disk Signature: E54FA68B</p><p></p><p>Partition information:</p><p></p><p> Partition 0 type is Other (0xb)</p><p> Partition is ACTIVE.</p><p> Partition starts at LBA: 63 Numsec = 7823655</p><p> Partition file system is FAT32</p><p> Partition is not bootable</p><p></p><p> Partition 1 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 2 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p> Partition 3 type is Empty (0x0)</p><p> Partition is NOT ACTIVE.</p><p> Partition starts at LBA: 0 Numsec = 0</p><p></p><p>Disk Size: 4007657472 bytes</p><p>Sector size: 512 bytes</p><p></p><p>Done!</p><p>Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)</p><p>Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1)</p><p>Scan finished</p><p>=======================================</p><p></p><p></p><p>Removal queue found; removal started</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam...</p><p>Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...</p><p>Removal finished</p><p>---------------------------------------</p><p>Malwarebytes Anti-Rootkit BETA 1.06.0.1004</p><p></p><p>(c) Malwarebytes Corporation 2011-2012</p><p></p><p>OS version: 5.1.2600 Windows XP Service Pack 3 x86</p><p></p><p>Account is Administrative</p><p></p><p>Internet Explorer version: 8.0.6001.18702</p><p></p><p>Java version: 1.6.0_20</p><p></p><p>File system is: NTFS</p><p>Disk drives: C:\ DRIVE_FIXED</p><p>CPU speed: 3.066000 GHz</p><p>Memory total: 1332523008, free: 945258496</p><p></p><p>=======================================</p></blockquote><p></p>
[QUOTE="Sue64, post: 131221, member: 10541"] Hi, we have done all of that and the logs are below. (Some light reading for you, haha :-) ) # AdwCleaner v2.306 - Logfile created 08/01/2013 at 15:27:29 # Updated 19/07/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Roger - DESKTOP # Boot Mode : Normal # Running from : C:\Documents and Settings\Roger\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde File Deleted : C:\WINDOWS\system32\roboot.exe Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP Folder Deleted : C:\Documents and Settings\Roger\Application Data\BabSolution Folder Deleted : C:\Documents and Settings\Roger\Application Data\Babylon Folder Deleted : C:\Documents and Settings\Roger\Application Data\delta Folder Deleted : C:\Documents and Settings\Roger\Application Data\ExpressFiles Folder Deleted : C:\Documents and Settings\Roger\Application Data\imeshbandmltbpi Folder Deleted : C:\Documents and Settings\Roger\Application Data\mediabarim Folder Deleted : C:\Documents and Settings\Roger\Local Settings\Application Data\PackageAware Folder Deleted : C:\Program Files\delta Folder Deleted : C:\Program Files\ExpressFiles Folder Deleted : C:\Program Files\iMesh Applications Folder Deleted : C:\Program Files\utilitychest_49 ***** [Registry] ***** Key Deleted : HKCU\Software\5d2d6dbb36dec12 Key Deleted : HKCU\Software\BabSolution Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Delta Key Deleted : HKCU\Software\ExpressFiles Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Imesh Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E634228A-03CF-4BC8-B0AB-668257F1FD8C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\systweak Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\5d2d6dbb36dec12 Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1A03F196-9617-4CA0-842B-A83CEECB022B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd Key Deleted : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc Key Deleted : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Delta Key Deleted : HKLM\Software\ExpressFiles Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iMesh 1 MediaBar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E05B40-77FA-40B6-9077-ED1A7577B1EF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28387537-E3F9-4ED7-860C-11E69AF4A8A0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49D6-A4D5-2E8D7341384E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58F7B5CA-1162-42E8-8BBC-D543B4EDD780} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 1 MediaBar Key Deleted : HKLM\Software\systweak Key Deleted : HKLM\Software\TENCENT Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{28387537-E3F9-4ED7-860C-11E69AF4A8A0}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr] ***** [Internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^ZO^xdm038^YY^nz&ptb=4DB43EA2-18A2-4F84-A189-CD7E1D2C32BD&si=UTDO_AUS_CAN --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=4949 --> hxxp://www.google.com -\\ Google Chrome v28.0.1500.72 File : C:\Documents and Settings\Roger\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences Deleted [l.216] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF197B8EF&affID=119557&tsp=[...] Deleted [l.269] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=6482000CF19[...] ************************* AdwCleaner[S1].txt - [12208 octets] - [01/08/2013 15:27:29] ########## EOF - C:\AdwCleaner[S1].txt - [12269 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.9 (07.30.2013:1) OS: Microsoft Windows XP x86 Ran by Roger on Thu 01/08/2013 at 16:00:05.12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utility chest search scope monitor Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\utilitychest_49 browser plugin loader Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\Roger\Application Data\systweak" Successfully deleted: [Folder] "C:\Documents and Settings\Roger\appdata\locallow\datamngr" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 01/08/2013 at 16:05:22.93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.01.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Roger :: DESKTOP [administrator] Protection: Enabled 1/08/2013 6:34:49 PM mbam-log-2013-08-01 (18-34-49).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 288871 Time elapsed: 12 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\RECYCLER\S-1-5-21-3832377769-2810668422-4075739219-1011\Dc6.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully. C:\Documents and Settings\Roger\Local Settings\Temp\E7DA0732-BAB0-7891-B650-335E3BD93F23\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.07.31.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Roger :: DESKTOP [administrator] 1/08/2013 5:12:43 PM mbar-log-2013-08-01 (17-12-43).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 291074 Time elapsed: 1 hour(s), 6 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.066000 GHz Memory total: 1332523008, free: 923570176 Downloaded database version: v2013.07.31.07 Downloaded database version: v2013.07.29.01 Initializing... ------------ Kernel report ------------ 08/01/2013 16:18:38 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys pciide.sys \WINDOWS\System32\DRIVERS\PCIIDEX.SYS aliide.sys intelide.sys toside.sys viaide.sys cmdide.sys MountMgr.sys ftdisk.sys PartMgr.sys IdeBusDr.sys VolSnap.sys cpqarray.sys \WINDOWS\System32\DRIVERS\SCSIPORT.SYS atapi.sys aha154x.sys sparrow.sys symc810.sys aic78xx.sys dac960nt.sys ql10wnt.sys amsint.sys asc.sys asc3550.sys mraid35x.sys i2omp.sys ini910u.sys ql1240.sys aic78u2.sys symc8xx.sys sym_hi.sys sym_u3.sys ABP480N5.SYS asc3350p.sys cd20xrnt.sys ultra.sys adpu160m.sys dpti2o.sys ql1080.sys ql1280.sys ql12160.sys perc2.sys perc2hib.sys hpn.sys cbidf2k.sys dac2w2k.sys IdeChnDr.sys disk.sys \WINDOWS\System32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys mfehidk.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys sonypvl3.sys sisagp.sys viaagp.sys RecAgent.sys Mup.sys alim1541.sys amdagp.sys agp440.sys agpCPQ.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\System32\DRIVERS\intelppm.sys \SystemRoot\System32\DRIVERS\usbuhci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\DRIVERS\usbehci.sys \SystemRoot\System32\DRIVERS\slntamr.sys \SystemRoot\System32\DRIVERS\SlWdmSup.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\System32\DRIVERS\Mtlmnt5.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\e100b325.sys \SystemRoot\System32\DRIVERS\serial.sys \SystemRoot\System32\DRIVERS\serenum.sys \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\System32\DRIVERS\parport.sys \SystemRoot\System32\DRIVERS\i8042prt.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\System32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\incdrm.SYS \SystemRoot\System32\DRIVERS\InCDPass.sys \SystemRoot\system32\drivers\STAC97.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\mfendisk.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\psched.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\MODEMCSA.sys \SystemRoot\System32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\cdrbsvsd.SYS \SystemRoot\System32\Drivers\Asapi.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\InCDrec.SYS \SystemRoot\System32\Drivers\InCDfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\sonypvf3.SYS \SystemRoot\System32\Drivers\sonypvt3.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\System32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\tcpip.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\drivers\mfetdi2k.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tcpip6.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\System32\DRIVERS\hidusb.sys \SystemRoot\System32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Cdfs.SYS \SystemRoot\System32\Drivers\dump_IdeChnDr.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\Drivers\MASPINT.SYS \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\DRIVERS\asyncmac.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\drivers\kmixer.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR5 Upper Device Object: 0xffffffff8807a030 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000ab\ Lower Device Object: 0xffffffff88bbf690 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a4269c0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\ Lower Device Object: 0xffffffff8a419030 Lower Device Driver Name: \Driver\IdeChnDr\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a426798, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a4269c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a42ee90, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a419030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 165E8AA Partition information: Partition 0 type is Other (0x1b) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 12594897 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 12594960 Numsec = 67681845 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 41110142976 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff88e0eb28, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8807a030, DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff88bbf690, DeviceName: \Device\000000ab\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR5\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: E54FA68B Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 7823655 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4007657472 bytes Sector size: 512 bytes Done! Infected: c:\Documents and Settings\Roger\Application Data\cache.dat --> [Trojan.Agent.rfz] Infected: c:\Documents and Settings\Roger\Local Settings\Temp\hsyejshgwvbqmsvav.exe --> [Trojan.Agent.rfz] Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify --> [PUM.Disabled.SecurityCenter] Infected: HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify --> [PUM.Disabled.SecurityCenter] Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.066000 GHz Memory total: 1332523008, free: 886857728 Initializing... ------------ Kernel report ------------ 08/01/2013 17:12:22 ------------ Loaded modules ----------- \WINDOWS\system32\ntoskrnl.exe \WINDOWS\system32\hal.dll \WINDOWS\system32\KDCOM.DLL \WINDOWS\system32\BOOTVID.dll imofugc.sys ACPI.sys \WINDOWS\System32\DRIVERS\WMILIB.SYS pci.sys isapnp.sys \WINDOWS\System32\DRIVERS\PCIIDEX.SYS MountMgr.sys ftdisk.sys PartMgr.sys IdeBusDr.sys VolSnap.sys \WINDOWS\System32\DRIVERS\SCSIPORT.SYS IdeChnDr.sys disk.sys \WINDOWS\System32\DRIVERS\CLASSPNP.SYS fltmgr.sys sr.sys mfehidk.sys PxHelp20.sys KSecDD.sys Ntfs.sys NDIS.sys sonypvl3.sys RecAgent.sys Mup.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\System32\DRIVERS\intelppm.sys \SystemRoot\System32\DRIVERS\usbuhci.sys \SystemRoot\System32\DRIVERS\USBPORT.SYS \SystemRoot\System32\DRIVERS\usbehci.sys \SystemRoot\System32\DRIVERS\slntamr.sys \SystemRoot\System32\DRIVERS\SlWdmSup.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\System32\DRIVERS\Mtlmnt5.sys \SystemRoot\System32\Drivers\Modem.SYS \SystemRoot\system32\DRIVERS\nv4_mini.sys \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\e100b325.sys \SystemRoot\System32\DRIVERS\serial.sys \SystemRoot\System32\DRIVERS\serenum.sys \SystemRoot\System32\DRIVERS\fdc.sys \SystemRoot\System32\DRIVERS\parport.sys \SystemRoot\System32\DRIVERS\i8042prt.sys \SystemRoot\System32\DRIVERS\kbdclass.sys \SystemRoot\System32\DRIVERS\imapi.sys \SystemRoot\System32\DRIVERS\cdrom.sys \SystemRoot\System32\DRIVERS\redbook.sys \SystemRoot\System32\DRIVERS\ks.sys \SystemRoot\System32\Drivers\incdrm.SYS \SystemRoot\System32\DRIVERS\InCDPass.sys \SystemRoot\system32\drivers\STAC97.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\System32\DRIVERS\audstub.sys \SystemRoot\system32\DRIVERS\mfendisk.sys \SystemRoot\System32\DRIVERS\rasl2tp.sys \SystemRoot\System32\DRIVERS\ndistapi.sys \SystemRoot\System32\DRIVERS\ndiswan.sys \SystemRoot\System32\DRIVERS\raspppoe.sys \SystemRoot\System32\DRIVERS\raspptp.sys \SystemRoot\System32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\psched.sys \SystemRoot\System32\DRIVERS\msgpc.sys \SystemRoot\System32\DRIVERS\ptilink.sys \SystemRoot\System32\DRIVERS\raspti.sys \SystemRoot\System32\DRIVERS\termdd.sys \SystemRoot\System32\DRIVERS\mouclass.sys \SystemRoot\System32\DRIVERS\swenum.sys \SystemRoot\System32\DRIVERS\update.sys \SystemRoot\System32\DRIVERS\mssmbios.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\DRIVERS\usbhub.sys \SystemRoot\System32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\MODEMCSA.sys \SystemRoot\System32\DRIVERS\flpydisk.sys \SystemRoot\System32\Drivers\i2omgmt.SYS \SystemRoot\System32\Drivers\cdrbsvsd.SYS \SystemRoot\System32\Drivers\Asapi.SYS \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\Drivers\mnmdd.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\System32\Drivers\InCDrec.SYS \SystemRoot\System32\Drivers\InCDfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\sonypvf3.SYS \SystemRoot\System32\Drivers\sonypvt3.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\System32\DRIVERS\ipsec.sys \SystemRoot\System32\DRIVERS\tcpip.sys \SystemRoot\system32\drivers\mfetdi2k.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tcpip6.sys \SystemRoot\System32\drivers\ws2ifsl.sys \SystemRoot\System32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbios.sys \SystemRoot\System32\DRIVERS\rdbss.sys \SystemRoot\System32\DRIVERS\mrxsmb.sys \SystemRoot\System32\Drivers\Fips.SYS \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\DRIVERS\hidusb.sys \SystemRoot\System32\DRIVERS\HIDCLASS.SYS \SystemRoot\System32\DRIVERS\mouhid.sys \SystemRoot\System32\Drivers\Fastfat.SYS \SystemRoot\System32\Drivers\dump_IdeChnDr.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\watchdog.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\drivers\dxgthk.sys \SystemRoot\System32\nv4_disp.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\DRIVERS\mrxdav.sys \SystemRoot\System32\Drivers\ParVdm.SYS \SystemRoot\System32\Drivers\MASPINT.SYS \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\wdmaud.sys \SystemRoot\system32\drivers\sysaudio.sys \SystemRoot\system32\drivers\mfeapfk.sys \SystemRoot\System32\Drivers\HTTP.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\System32\DRIVERS\asyncmac.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys \WINDOWS\system32\ntdll.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xffffffff882fe918 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\000000a4\ Lower Device Object: 0xffffffff88f76ea0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xffffffff8a4229c0 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0\ Lower Device Object: 0xffffffff8a42b030 Lower Device Driver Name: \Driver\IdeChnDr\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff8a422798, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff8a4229c0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff8a423ac0, DeviceName: \Device\00000097\, DriverName: \Driver\ACPI\ DevicePointer: 0xffffffff8a42b030, DeviceName: \Device\Ide\IdeDeviceP0T0L0\, DriverName: \Driver\IdeChnDr\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "c:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tosdvd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\tsbvcap.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\oprghdlr.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rawwan.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cinemst2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cpqdap01.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\cxthsfs2.cty" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1snxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ativmc20.cod" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mcd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mtxparhm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnkspx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rio8drv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\smclib.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\riodrv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\rootmdm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\s3gnbm.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\slnt7554.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1btxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1mdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1pdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1raxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1rvxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\fsvga.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gm.dls" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\gmreadme.txt" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a302.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a303.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a304.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a305.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a306.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a307.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a308.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a309.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a310.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a311.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\a312.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\acpiec.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vch.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\vdmindvd.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wa301a.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wa301b.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv07nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv08nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv09nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wadv11nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv06nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\watv10nt.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\winddx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\wmilib.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmepvc.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atmuni.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1ttxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1tuxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xbxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati1xsxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtaa.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\ati2mtag.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinbtxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinmdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinpdxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinraxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinrvxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinsnxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinttxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atintuxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxbxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\atinxsxx.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfbs2s2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfcxts2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\hsfdpsp2.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\netwlan5.img" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nikedrv.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\nwlnknb.sys" is compressed (flags = 1) Read File: File "c:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Read File: File "C:\WINDOWS\system32\drivers\mdmxsdk.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 165E8AA Partition information: Partition 0 type is Other (0x1b) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 12594897 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 12594960 Numsec = 67681845 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 41110142976 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-80273248-80293248)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xffffffff88303e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\ DevicePointer: 0xffffffff882fe918, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xffffffff88f76ea0, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: E54FA68B Partition information: Partition 0 type is Other (0xb) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 7823655 Partition file system is FAT32 Partition is not bootable Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4007657472 bytes Sector size: 512 bytes Done! Read File: File "c:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Read File: File "c:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_0_1_12594960_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\bootstrap_1_0_63_i.mbam... Removing c:\documents and settings\all users\application data\malwarebytes' anti-malware (portable)\mbr_1_r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1004 (c) Malwarebytes Corporation 2011-2012 OS version: 5.1.2600 Windows XP Service Pack 3 x86 Account is Administrative Internet Explorer version: 8.0.6001.18702 Java version: 1.6.0_20 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 3.066000 GHz Memory total: 1332523008, free: 945258496 ======================================= [/QUOTE]
Insert quotes…
Verification
Post reply
Top
