Uninstalled aboved mentioned (Java & ViewPoint) Restarted computer and ran above scans.
Had no problems with Malwarbytes removal process....RootKit scan took about 4 hours to complete.
Thanks so much for helping!!
~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.orgDatabase version: 4473
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/24/2010 7:33:47 PM
mbam-log-2010-08-24 (19-33-47).txt
Scan type: Quick scan
Objects scanned: 134220
Time elapsed: 13 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{3feca576-7ad2-4e11-a6ad-6b59d4fb5db9} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
~~~~~~~~~~~~~~~~
RootKit UnHooker log:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xAA3D9000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\NAVEX15.SYS 1359872 bytes (Symantec Corporation, AV Engine)
0xF7908000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF76C3000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7616000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA8AD7000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF82A3000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA9F99000 C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys 503808 bytes (Symantec Corporation, Common Client Hash Provider Driver)
0xAA325000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
0xAA08F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA031000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF751D000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA273000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA981A000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xAA187000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100818.002\IDSxpx86.sys 348160 bytes (Symantec Corporation, IDS Core Driver)
0xAA575000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS 339968 bytes (Symantec Corporation, Symantec AutoProtect)
0xF835C000 SYMEFA.SYS 323584 bytes
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF783A000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xA9F57000 C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys 270336 bytes (Symantec Corporation, BASH Driver)
0xA8F2E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xAA217000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS 212992 bytes (Symantec Corporation, Network Dispatch Driver)
0xF77C0000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF74EC000 C:\WINDOWS\system32\DRIVERS\TMPassthru.sys 200704 bytes (Trend Micro Inc., -)
0xF8443000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9939000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8276000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF75E9000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 184320 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xA8C0B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xAA0FF000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF787D000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 163840 bytes (Intel Corporation, Intel(R) PRO/100 Adapter NDIS 5.1 driver)
0xAA15F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA2FF000 C:\WINDOWS\system32\DRIVERS\EXPORTIT.SYS 155648 bytes (Eastman Kodak Company, Kodak DC File System driver)
0xAA1F1000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA3B4000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0xF7816000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF78D0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF77F3000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA13D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF83BD000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF83F5000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8414000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xAA014000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF825C000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA9BAF000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9AF6000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF83DD000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9CA6000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8330000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF758C000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9BC8000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8347000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xAA1DC000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS 86016 bytes (Symantec Corporation, Firewall Filter Driver)
0xA950D000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xAA3A0000 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xF78F4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA2CC000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xAA12A000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 77824 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF83AB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75D8000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 69632 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xF8432000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF757B000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF74AC000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8602000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF87D2000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8612000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA95BA000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF8702000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8572000 oklta.sys 57344 bytes
0xF85C2000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF87E2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8672000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF85A2000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8722000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xF8692000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8792000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF85F2000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8592000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8682000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8752000 C:\WINDOWS\system32\DRIVERS\DcCam.sys 40960 bytes (Eastman Kodak Company, Kodak Digital Camera Driver)
0xA9F47000 C:\WINDOWS\system32\drivers\dcfs2k.sys 40960 bytes (Eastman Kodak Company, Kodak DC File System Driver (NT))
0xF8622000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8582000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF86C2000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF8732000 C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xF86B2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF85B2000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF8712000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF87A2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF86A2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8772000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8B7B000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA9F17000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8762000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF88F2000 C:\WINDOWS\system32\drivers\ASAPIW2k.sys 32768 bytes (Pinnacle Systems GmbH, ASAPI)
0xF88D2000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8822000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8922000 C:\WINDOWS\system32\DRIVERS\SymIM.sys 32768 bytes (Symantec Corporation, NDIS Intermediate Driver)
0xF882A000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS 32768 bytes (Symantec Corporation, NDIS Filter Driver)
0xF88CA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF88EA000 C:\WINDOWS\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0xF8942000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF894A000 C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0xF87F2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8832000 C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS 28672 bytes (Symantec Corporation, IDS Filter Driver)
0xF88B2000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF88FA000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF88E2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF88DA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF897A000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF88C2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8812000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF881A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF892A000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF87FA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8912000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8802000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF891A000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF8902000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8892000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA5E4000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF898A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF8A4E000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8A66000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9BFA000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA9C72000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8982000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8986000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF8207000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7A5F000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8A12000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA999A000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A5B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8A56000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8A32000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8B28000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows (R) 2000 DDK provider, TR Manager)
0xF8ADE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8AFA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8AEE000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 8192 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xF8AA6000 C:\WINDOWS\System32\Drivers\ElbyDelay.sys 8192 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0xF8ADC000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A72000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8AE0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8AE2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8AA8000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8AAC000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8B06000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8AA4000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8A74000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8CAA000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8B9E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8CAE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8B3A000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8C5A000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8B7D000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [adpu160m.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [hsfdpsp2.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [RegKill.sys]
WARNING: Virus alike driver modification [amsint.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [aha154x.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [dac960nt.sys]
WARNING: Virus alike driver modification [asc3550.sys]
WARNING: Virus alike driver modification [cpqarray.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [ini910u.sys]
WARNING: Virus alike driver modification [symc810.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [mraid35x.sys]
WARNING: Virus alike driver modification [dac2w2k.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [i2omp.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [sparrow.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [iqvw32.sys]
WARNING: Virus alike driver modification [dpti2o.sys]
WARNING: Virus alike driver modification [pxhelp20.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [hsfbs2s2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [asc3350p.sys]
WARNING: Virus alike driver modification [ABP480N5.SYS]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [hpn.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [asc.sys]
WARNING: Virus alike driver modification [perc2.sys]
WARNING: Virus alike driver modification [sym_hi.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [sym_u3.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [symc8xx.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [ql10wnt.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [ultra.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [ql1080.sys]
WARNING: Virus alike driver modification [ql1240.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [ql12160.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [ql1280.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [toside.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [aliide.sys]
WARNING: Virus alike driver modification [viaide.sys]
WARNING: Virus alike driver modification [perc2hib.sys]
WARNING: Virus alike driver modification [aic78u2.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [aic78xx.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [cmdide.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [hsfcxts2.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [cd20xrnt.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [drvmcdb.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\CATALOG.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSVia64.cat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSVia64.inf
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSviA64.sys
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSVix86.cat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSVix86.inf
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSvix86.sys
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSxpx86.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\IDSXpx86.sys
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\MetaData.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\scrx86ff.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\scrx86ie.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\Scxpx86.dll
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\sigs.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\v.grd
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\v.sig
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\virscan1.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\vulnxml.z
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\vulnxsd.z
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100823.002\Zdone.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\CATALOG.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\CCERASER.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ECMSVR32.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\EECTRL.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ERASER.GRD
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ERASER.SIG
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ERASER.SPM
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ERASER.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ESRDEF.BIN
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\HH
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVENG.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVENG32.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVEX15.SYS
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVEX32A.DLL
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NCSACERT.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\SCRAUTH.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\streamset.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\SYMAVENG.CAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\SYMAVENG.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\SYMERASE.CAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\SYMERASE.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TCDEFS.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TCSCAN7.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TCSCAN8.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TCSCAN9.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TECHNOTE.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TINF.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TINFIDX.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TINFL.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TSCAN1.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\TSCAN1HD.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\V.GRD
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\V.SIG
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VersionInfo.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN.INF
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN1.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN2.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN3.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN4.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN5.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN6.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN7.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN8.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\VIRSCAN9.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\virscant.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\WHATSNEW.TXT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\ZDONE.DAT
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tagfiles\20100824.050.sst
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\tagfiles\20100824.051.sst
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100825.001\Catalog.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100825.001\v.grd
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100825.001\v.sig
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\WebProtectionDefs\20100825.001\virscan1.dat
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp\102C97BE.TMP
!-->[Hidden] C:\Documents and Settings\Beverly\Cookies\beverly@apps.facebook[2].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Cookies\beverly@malwareremoval[1].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Desktop\Malware\Malwarebytes' Anti-Malware.lnk
!-->[Hidden] C:\Documents and Settings\Beverly\Desktop\Malware\mbam-log-2010-08-24 (19-33-47).txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{09D7D2E1-AFEB-11DF-A715-0014A441857A}.dat
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{11F6D56E-AFEB-11DF-A715-0014A441857A}.dat
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{CC5446CC-AFEA-11DF-A715-0014A441857A}.dat
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\downloads[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\forum_home[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\icon_mini_profile[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\icon_user_offline[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\mvps_here[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\p_100000311001908=0[1].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\p_100000311001908=0[4].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\p_100000311001908=0[5].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\view[1].htm
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\view[2].htm
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BPRLWRXW\view[3].htm
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\icon_mini_search[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\icon_post_quote[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\icon_post_report[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\new_to_board[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\p_100000311001908=0[5].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\BXABUATU\spacer[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\DY59CBPE\icon_contact_email[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\DY59CBPE\icon_mini_faq[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\DY59CBPE\p_100000311001908=0[3].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\DY59CBPE\p_100000311001908=0[4].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\DY59CBPE\p_100000311001908=0[5].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\F6Q3IY3U\14181[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\F6Q3IY3U\759e049a0d975a86f1093a8934b2480d[2].htm
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\F6Q3IY3U\cellpic3[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\F6Q3IY3U\icon_mini_login[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\F6Q3IY3U\p2p_programs[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\button_topic_new[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\cdacs[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\cellpic1[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\malwareremoval[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\mbam-1[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\mwr_university[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\p_100000311001908=0[2].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\GAXTXQWY\p_100000311001908=0[6].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\590x110_standard[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\background[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\icon_mini_message[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\icon_post_edit[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\icon_user_online[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\icon_user_profile[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\our_rules[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\p_100000311001908=0[1].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\stylesheet[1].css
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\support_us[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\viewtopic[1].htm
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\JDPF36QF\website[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\asap_member[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\button_topic_reply[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\icon_mini_members[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\icon_post_target[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\irc_chatroom[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\mwr_logo[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\p_100000311001908=0[3].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\SKKX32G5\who_runs_this[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\VLR5IALY\icon_contact_pm[1].gif
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\VLR5IALY\MRUHonorsGrad-1[1].jpg
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\VLR5IALY\p_100000311001908=0[1].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\VLR5IALY\p_100000311001908=0[6].txt
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temporary Internet Files\Content.IE5\VLR5IALY\software_list[1].png
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temp\~DF5531.tmp
!-->[Hidden] C:\Documents and Settings\Beverly\Local Settings\Temp\~DF65A2.tmp
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120529.cat
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120530.inf
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120531.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120532.cat
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120533.inf
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120534.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120535.dll
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120536.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120537.dll
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120538.cat
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120539.inf
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120540.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120541.cat
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120542.inf
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120543.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120544.dll
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120545.sys
!-->[Hidden] C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP402\A0120546.dll
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002AC00, Type: Inline - RelativeJump 0x80501C00-->80501C1E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002AC8C, Type: Inline - RelativeJump 0x80501C8C-->80501CE7 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002ACA0, Type: Inline - RelativeJump 0x80501CA0-->80501CEE [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002AD20, Type: Inline - RelativeJump 0x80501D20-->80501CEB [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002ADBC, Type: Inline - RelativeJump 0x80501DBC-->80501DDC [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002AFC0, Type: Inline - RelativeCall 0x80501FC0-->F8D30C10 [unknown_code_page]
ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe]
[1100]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1100]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1100]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[1100]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1100]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1100]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1100]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1100]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1192]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[1192]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[1192]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[1192]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[1192]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[1192]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[1192]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[1192]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[1192]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[1192]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[1192]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[1192]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[1192]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[1192]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[1192]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[1192]iexplore.exe-->ntdll.dll+0x000163BE, Type: Inline - RelativeJump 0x7C9163BE-->00000000 [unknown_code_page]
[1192]iexplore.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C9163C3-->00000000 [ntdll.dll]
[1192]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[1192]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[1192]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[1192]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[1192]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[1192]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1192]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[1192]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[1192]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[1192]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[1192]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[1192]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[1192]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[1192]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[1192]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[1192]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[1192]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[3004]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[3004]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[3004]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[3004]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[3004]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[3004]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[3004]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[3004]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[3004]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[3004]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[3004]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[3004]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[3004]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[3004]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[3004]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[3004]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[3004]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[3004]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[3004]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[3004]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[3004]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[3004]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[3004]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[3004]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[3004]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[3004]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[3004]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[3004]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[3004]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[3004]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[3004]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[3004]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
~~~~~~~~~~~~~~~~~~~~~~~
MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c
Kernel Drivers (total 160):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF8A72000 \WINDOWS\system32\KDCOM.DLL
0xF8982000 \WINDOWS\system32\BOOTVID.dll
0xF8572000 oklta.sys
0xF8443000 ACPI.sys
0xF8A74000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8432000 pci.sys
0xF8582000 isapnp.sys
0xF8986000 compbatt.sys
0xF898A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8B3A000 pciide.sys
0xF87F2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8414000 pcmcia.sys
0xF8592000 MountMgr.sys
0xF83F5000 ftdisk.sys
0xF87FA000 PartMgr.sys
0xF85A2000 VolSnap.sys
0xF83DD000 atapi.sys
0xF85B2000 disk.sys
0xF85C2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83BD000 fltmgr.sys
0xF83AB000 sr.sys
0xF835C000 SYMEFA.SYS
0xF8347000 drvmcdb.sys
0xF8802000 PxHelp20.sys
0xF8330000 KSecDD.sys
0xF82A3000 Ntfs.sys
0xF8276000 NDIS.sys
0xF825C000 Mup.sys
0xF87A2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8A4E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7908000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF78F4000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF88C2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF78D0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF88CA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF787D000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF783A000 \SystemRoot\system32\drivers\STAC97.sys
0xF7816000 \SystemRoot\system32\drivers\portcls.sys
0xF87D2000 \SystemRoot\system32\drivers\drmk.sys
0xF77F3000 \SystemRoot\system32\drivers\ks.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF76C3000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xF7616000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF88D2000 \SystemRoot\System32\Drivers\Modem.SYS
0xF87E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF75E9000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF8AA4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF88DA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF88E2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF85F2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75D8000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xF88EA000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0xF8AA6000 \SystemRoot\System32\Drivers\ElbyDelay.sys
0xF88F2000 \SystemRoot\system32\drivers\ASAPIW2k.sys
0xF8AA8000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF8602000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8612000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF88FA000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF8CAA000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8672000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8A56000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF758C000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8682000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8692000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8902000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF757B000 \SystemRoot\system32\DRIVERS\psched.sys
0xF86A2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8912000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF891A000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF86B2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8922000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF8AAC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF751D000 \SystemRoot\system32\DRIVERS\update.sys
0xF8A66000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF892A000 \SystemRoot\system32\DRIVERS\omci.sys
0xF74EC000 \SystemRoot\system32\DRIVERS\TMPassthru.sys
0xF86C2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF8702000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8A12000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xAA575000 \SystemRoot\System32\Drivers\N360\0308000.029\SRTSP.SYS
0xAA3B4000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF7A5F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8712000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8942000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF894A000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0xF8722000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xAA325000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xF7A5B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8732000 \SystemRoot\system32\drivers\N360\0308000.029\SRTSPX.SYS
0xF8ADC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8752000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xAA2FF000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF8CAE000 \SystemRoot\System32\Drivers\Null.SYS
0xF8ADE000 \SystemRoot\System32\Drivers\Beep.SYS
0xF897A000 \SystemRoot\system32\drivers\ssrtln.sys
0xF8812000 \SystemRoot\System32\drivers\vga.sys
0xF8AE0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8AE2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF881A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8822000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8A32000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA2CC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA273000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA217000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMTDI.SYS
0xAA1F1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8762000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF882A000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMNDIS.SYS
0xAA1DC000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMFW.SYS
0xF8832000 \SystemRoot\System32\Drivers\N360\0308000.029\SYMIDS.SYS
0xAA15F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA13D000 \SystemRoot\System32\drivers\afd.sys
0xF8772000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA12A000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0xAA0FF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA08F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8792000 \SystemRoot\System32\Drivers\Fips.SYS
0xF8AEE000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xAA031000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xAA014000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xA9F99000 \SystemRoot\System32\Drivers\N360\0308000.029\ccHPx86.sys
0xA9F57000 \SystemRoot\System32\Drivers\N360\0308000.029\BHDrvx86.sys
0xAA5E4000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF74AC000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA9CA6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8AFA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8207000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8892000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8B9E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF042000 \SystemRoot\System32\ialmdev5.DLL
0xBF077000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8622000 \SystemRoot\system32\drivers\drvnddm.sys
0xA9F47000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF8B7D000 \SystemRoot\system32\dla\tfsndres.sys
0xA9BC8000 \SystemRoot\system32\dla\tfsnifs.sys
0xA9C72000 \SystemRoot\system32\dla\tfsnopio.sys
0xF8B06000 \SystemRoot\system32\dla\tfsnpool.sys
0xF88B2000 \SystemRoot\system32\dla\tfsnboio.sys
0xA9F17000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8C5A000 \SystemRoot\system32\dla\tfsndrct.sys
0xA9BAF000 \SystemRoot\system32\dla\tfsnudf.sys
0xA9AF6000 \SystemRoot\system32\dla\tfsnudfa.sys
0xA9BFA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9939000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8B28000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA981A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA999A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA950D000 \SystemRoot\system32\drivers\wdmaud.sys
0xA95BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xA8F2E000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8444000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVEX15.SYS
0xA8430000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100824.025\NAVENG.SYS
0xA83DB000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100823.002\IDSxpx86.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 40):
0 System Idle Process
4 System
1176 C:\WINDOWS\system32\smss.exe
1224 csrss.exe
1248 C:\WINDOWS\system32\winlogon.exe
1292 C:\WINDOWS\system32\services.exe
1304 C:\WINDOWS\system32\lsass.exe
1492 C:\WINDOWS\system32\svchost.exe
1580 svchost.exe
1620 C:\WINDOWS\system32\svchost.exe
1732 svchost.exe
1812 svchost.exe
1856 C:\WINDOWS\system32\WLTRYSVC.EXE
1868 C:\WINDOWS\system32\BCMWLTRY.EXE
1928 C:\WINDOWS\system32\spoolsv.exe
2012 svchost.exe
120 C:\WINDOWS\system32\cisvc.exe
176 C:\Program Files\Java\jre6\bin\jqs.exe
208 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
240 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
344 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
388 C:\WINDOWS\system32\svchost.exe
428 C:\Program Files\Trend Micro\Web Protection Add-On\TmProxy.exe
504 C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtect.exe
1100 C:\WINDOWS\explorer.exe
1352 C:\WINDOWS\system32\WLTRAY.EXE
1512 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
1532 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1716 C:\WINDOWS\system32\hkcmd.exe
1776 C:\WINDOWS\system32\igfxsrvc.exe
2060 C:\WINDOWS\system32\igfxpers.exe
2092 C:\WINDOWS\system32\LVCOMSX.EXE
2156 C:\Program Files\Trend Micro\Web Protection Add-On\TMWebProtectTray.exe
2348 C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
2688 wmiprvse.exe
2760 alg.exe
708 C:\WINDOWS\system32\svchost.exe
3004 C:\Program Files\Internet Explorer\iexplore.exe
1192 C:\Program Files\Internet Explorer\iexplore.exe
3732 C:\Documents and Settings\Beverly\Desktop\Malware\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)
PhysicalDrive0 Model Number: WDCWD400VE-75HDT1, Rev: 11.07D11
Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365
Done!