Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.orgDatabase version:
main: v2015.05.06.06
rootkit: v2015.04.21.01
Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17728
alfred :: IDEA-PC [administrator]
5/6/2015 6:24:48 PM
mbar-log-2015-05-06 (18-24-48).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 445005
Time elapsed: 14 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004
(c) Malwarebytes Corporation 2011-2012
OS version: 6.3.9200 Windows 8.1 x64
Account is Administrative
Internet Explorer version: 11.0.9600.17728
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.993000 GHz
Memory total: 8486227968, free: 6002311168
Downloaded database version: v2015.05.06.06
Downloaded database version: v2015.04.21.01
Downloaded database version: v2015.05.06.01
=======================================
------------ Kernel report ------------
05/06/2015 18:24:39
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\SmartDefragDriver.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\wanatw64.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\umpass.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2015.05.06.06
rootkit: v2015.04.21.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000caeb7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000caeb7a40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000caeb7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000c9aad980, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000c9bff400, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000c9aab060, DeviceName: \Device\0000002d\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 127EF1E5
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 3277373054
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid a2580cbd-891b-44cc-869f-ca6abf80e693
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 3277373054
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid a2580cbd-891b-44cc-869f-ca6abf80e693
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID f5b54b73-40c7-40d8-b87c-417b7b6adc46
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name
Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 2d6752f4-d102-4d87-97b0-9ac5a388cd6b
FirstLBA 2050048 Last LBA 2582527
Attributes 0
Partition Name EFI system partition
GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID 105c5709-1f36-4491-8efd-2434a1dfef46
FirstLBA 2582528 Last LBA 3606527
Attributes 1
Partition Name
Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID 6c7b3e6f-27d6-4815-83a1-78d8fa2b45c
FirstLBA 3606528 Last LBA 3868671
Attributes 0
Partition Name Microsoft reserved partition
Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID ade477c0-591e-453e-84ce-d0ef52b67289
FirstLBA 3868672 Last LBA 1900685311
Attributes 0
Partition Name Basic data partition
Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID b1190fa2-c287-4a99-9297-55bdcc43df28
FirstLBA 1900685312 Last LBA 1901606911
Attributes 1
Partition Name
Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e83d391a-3d73-4475-aaac-f7de68a31c9
FirstLBA 1901606912 Last LBA 1902323711
Attributes 1
Partition Name
Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 6549b3c1-db28-4fc5-b8c4-48dc5a22da69
FirstLBA 1902323712 Last LBA 1953523711
Attributes 1
Partition Name
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r0pinv7.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r0pinv7.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r0vfbo1.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r0vfbo1.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r18q8tc.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r18q8tc.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rw2n6ly.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rw2n6ly.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rkmupcp.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rkmupcp.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r1ghcj2.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r1ghcj2.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r939078.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r939078.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rdqu4pw.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rdqu4pw.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$riesydm.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$riesydm.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnuc6vm.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnuc6vm.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rrucjzg.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rrucjzg.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rw951qs.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rw951qs.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rcciq5u.xlsx:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rdo1t6d.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rdo1t6d.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r8bkld6.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r8bkld6.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rubzs7e.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rubzs7e.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rp69uvz.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rp69uvz.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r9ylbyf.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r9ylbyf.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ralprfd.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ralprfd.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r1r92sh.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r1r92sh.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r60q8pm.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r60q8pm.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6qw431.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6qw431.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ram4fz2.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ram4fz2.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rvczrtq.exe:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rxbkde9.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rxbkde9.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rgf4lpq.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rgf4lpq.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rjzgmew.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rjzgmew.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6sheiq.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6sheiq.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r730g4t.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r730g4t.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r7tzhn2.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r7tzhn2.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rfgkda1.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rfgkda1.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rgnepwq.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rgnepwq.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rhn2m0e.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rhn2m0e.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6vcl5o.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6vcl5o.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6vq32u.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r6vq32u.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rpaygh4.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rpaygh4.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rp8s73u.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rp8s73u.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rz64mzd.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rz64mzd.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqblp7s.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqblp7s.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqvirfb.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqvirfb.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqydikk.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rqydikk.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$reptlid.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$reptlid.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ri6ccdb.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$ri6ccdb.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r7e27kh.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$r7e27kh.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rkx7a1s.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rkx7a1s.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rna3rpv.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rna3rpv.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnj2ueh.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnj2ueh.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnnh63u.jpg:ms-properties" is compressed (flags = 1)
File "c:\$recycle.bin\s-1-5-21-1499415880-312496788-4231229902-1001\$rnnh63u.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\dsc02448.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\dsc02448.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\dsc02449.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\dsc02449.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_102130.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_102130.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_140358.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_140358.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_141826.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_141826.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_142007.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_142007.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_142057.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150224_142057.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150318_091203.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\img_20150318_091203.jpg:ms-thumbnail" is compressed (flags = 1)
File "c:\users\alfred\onedrive\photo0008.jpg:ms-properties" is compressed (flags = 1)
File "c:\users\alfred\onedrive\photo0008.jpg:ms-thumbnail" is compressed (flags = 1)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished