Hi,

My PC freezes, would it be infected? Or would it be a hard disc error.
I can only work in SAFE MODE, and have created the logs in Safe Mode.

Analysis log at the bottom and below some background information:

My daughter’s laptop is extremely slow and freezes after startup, very occasionally you can open for example a WORD document. Often you click on the Start button and get “Windows Explorer has stopped working …”.

Some history: I ran Kaspersky Antivirus software for about a year but the latest edition always hung at about 65%. Kaspersky support was unable to help and pointed to a Hard disc error.

I can remember we had problems downloading Vista SP2 and Microsoft had to give us some assistance.



2 months ago I installed AVG and it scanned the PC fine for a couple of weeks but then started hanging after 5 mins.

I ran AVG in Safe Mode and got the Blue Screen error.

When the PC is doing the Check disk after a crash it goes through the three stages and cannot find any errors.



I think it got worse two weeks ago after I downloaded numerous MS Patches on 14.10.2010.



I tried to roll back the Restore Point but get the error”System Restore did not complete successfully, your computer’s system files and settings were not changed.“.

I retreid the Roll back in Safe Mode but got the same error msg. I tried different Restore Dates, too.



Still, some Rollback must have taken place since so many MS updates are now available, they must be the ones from 14.10.2010. So the system is currently not fully patched with MS updates.

Thanking you in advance
Blackredgold1964


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=


DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by Sophie at 22:48:14.92 on 24/10/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1522 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sophie\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1262212074&rver=6.0.5285.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=2057&id=64855&mkt=en-gb
uWindow Title = Sofie!
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.3; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"http://get.adobe.com/shockwave/thankyou/activex/?installer=Shockwave_11.5.7.609_for_Windows_Slim_ActiveX&p=Google_Toolbar_6.3"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Babylon Client] c:\program files\babylon\babylon-pro\Babylon.exe -AutoStart
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\sophie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\sophie\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\canonl~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\CNAC4LAK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
IE: Translate with &Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Translate.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {7AFC9A40-967F-4389-88A9-523B18DD5150} = 208.67.220.220,208.67.222.222
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll,c:\progra~1\google\google~2\GOEC62~1.DLL,avgrsstx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-3 243024]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-3 216400]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-3 29584]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-4-1 73728]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-3 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-3 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-9-3 1153368]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-12-25 21504]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-4-1 29744]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-4-2 111616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-10-17 08:18:43 -------- d-sh--w- C:\found.000
2010-09-30 15:42:29 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 15:42:09 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

==================== Find3M ====================

2010-09-03 00:14:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 04:15:58 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-08-10 04:15:58 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 22:50:12.81 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.




Please Download Rootkit Unhooker (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) and Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
Wait till the scanner has finished and then click File, Save Report.
Save the report somewhere where you can find it. Click Close.


Copy the entire contents of the report and paste it in your next reply here.

Note: You may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"






Download MBRCheck.exe (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop.
Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

Dear Ken,
Thank you very much for your reply.
Some info: Meanwhile I did
msconfig - STARTUP tab and DISABLE ALL
Services tab: HIDE ALL.

This allowed me at least to work occasionally in "normal" mode, since SAFE mode only sometimes has the internet connection.
I ran the scans now in normal mode, but I am not sure if the AVG Antiviurs software is now enabled, or disabled as you required.

Anyway, please see the scans:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Inspiron 1525
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 162):
0x85448000 \SystemRoot\system32\ntkrnlpa.exe
0x85415000 \SystemRoot\system32\hal.dll
0x8060C000 \SystemRoot\system32\kdcom.dll
0x80613000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80683000 \SystemRoot\system32\PSHED.dll
0x80694000 \SystemRoot\system32\BOOTVID.dll
0x8069C000 \SystemRoot\system32\CLFS.SYS
0x806DD000 \SystemRoot\system32\CI.dll
0x85A0C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x85A88000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x85A95000 \SystemRoot\System32\Drivers\spdu.sys
0x85B95000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x85B9E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8B009000 \SystemRoot\system32\drivers\acpi.sys
0x8B04F000 \SystemRoot\system32\drivers\msisadrv.sys
0x8B057000 \SystemRoot\system32\drivers\pci.sys
0x8B07E000 \SystemRoot\System32\drivers\partmgr.sys
0x8B08D000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B090000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B09A000 \SystemRoot\system32\drivers\volmgr.sys
0x8B0A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B0F3000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8B0FA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8B108000 \SystemRoot\system32\drivers\pciide.sys
0x8B10F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B11F000 \SystemRoot\system32\drivers\iastor.sys
0x8B1E6000 \SystemRoot\system32\drivers\atapi.sys
0x85BC4000 \SystemRoot\system32\drivers\ataport.SYS
0x807BD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B1EE000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B000000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B208000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B279000 \SystemRoot\system32\drivers\ndis.sys
0x8B384000 \SystemRoot\system32\drivers\msrpc.sys
0x8B3AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B405000 \SystemRoot\System32\drivers\tcpip.sys
0x8B4EF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B60B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B71B000 \SystemRoot\system32\drivers\volsnap.sys
0x8B754000 \SystemRoot\System32\Drivers\spldr.sys
0x8B75C000 \SystemRoot\System32\Drivers\mup.sys
0x8B76B000 \SystemRoot\System32\drivers\ecache.sys
0x8B792000 \SystemRoot\system32\drivers\disk.sys
0x8B7A3000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B7C4000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B7DA000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B7E5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B7EE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8EE0D000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8F45A000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8F4FB000 \SystemRoot\System32\drivers\watchdog.sys
0x8F507000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8F512000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8F550000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8F55F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EC52000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
0x8ED54000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8ED64000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8ED72000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8ED8C000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8ED9B000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8EDAF000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F5EC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B5D1000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x8EE00000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B600000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B3EA000 \SystemRoot\System32\Drivers\ElbyCDFL.sys
0x85BE2000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x8FC07000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FC1F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8FC25000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8FC29000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8FC32000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8FC61000 \SystemRoot\system32\DRIVERS\storport.sys
0x8FCA2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8FCAD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8FCC4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8FCCF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8FCF2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8FD01000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8FD15000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8FD2A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8FD3A000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FD3C000 \SystemRoot\system32\DRIVERS\ks.sys
0x8FD66000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8FD70000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FD7D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FDB2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8FDC3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8FE0C000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8FF0F000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8FFC3000 \SystemRoot\system32\drivers\modem.sys
0x8FFD0000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x90007000 \SystemRoot\system32\drivers\portcls.sys
0x90034000 \SystemRoot\system32\drivers\drmk.sys
0x90059000 \SystemRoot\system32\drivers\stwrt.sys
0x900AE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x900C5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x900C7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x900D0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x900E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x900E7000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x90121000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x90123000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x9012B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x90134000 \SystemRoot\System32\Drivers\Null.SYS
0x9013B000 \SystemRoot\System32\Drivers\Beep.SYS
0x90142000 \SystemRoot\System32\drivers\vga.sys
0x9014E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x9016F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x90177000 \SystemRoot\system32\drivers\rdpencdd.sys
0x9017F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x9018A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90198000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x901A1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x901B7000 \SystemRoot\System32\Drivers\avgtdix.sys
0x91607000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91639000 \SystemRoot\system32\DRIVERS\smb.sys
0x9164D000 \SystemRoot\system32\drivers\afd.sys
0x91695000 \SystemRoot\system32\DRIVERS\pacer.sys
0x916AB000 \SystemRoot\system32\DRIVERS\netbios.sys
0x916B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x916CC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x91708000 \SystemRoot\system32\drivers\nsiproxy.sys
0x91712000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x91717000 \SystemRoot\System32\Drivers\dfsc.sys
0x9172E000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x91734000 \SystemRoot\System32\Drivers\avgldx86.sys
0x91768000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B50A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9CE30000 \SystemRoot\System32\win32k.sys
0x91775000 \SystemRoot\System32\drivers\Dxapi.sys
0x9177F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9D050000 \SystemRoot\System32\TSDDD.dll
0x9D070000 \SystemRoot\System32\cdd.dll
0x9178E000 \SystemRoot\system32\drivers\luafv.sys
0x82605000 \SystemRoot\system32\drivers\spsys.sys
0x826B5000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x826C5000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x826EF000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x826F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8270C000 \SystemRoot\system32\drivers\HTTP.sys
0x82779000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x82796000 \SystemRoot\system32\DRIVERS\bowser.sys
0x827AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x827C4000 \SystemRoot\system32\drivers\mrxdav.sys
0x917B1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x84008000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x84041000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x84059000 \SystemRoot\System32\DRIVERS\srv2.sys
0x84080000 \SystemRoot\System32\DRIVERS\srv.sys
0x840E6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x840EA000 \SystemRoot\system32\drivers\peauth.sys
0x841C8000 \SystemRoot\System32\Drivers\fastfat.SYS
0x841F0000 \SystemRoot\System32\Drivers\secdrv.SYS
0x840CE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x827E5000 \??\C:\Windows\system32\drivers\tmcomm.sys
0x840DA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x917D0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x917E6000 \SystemRoot\System32\Drivers\Normandy.SYS
0x77530000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
524 C:\Windows\System32\smss.exe
592 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
656 C:\Program Files\AVG\AVG9\avgchsvx.exe
664 C:\Program Files\AVG\AVG9\avgrsx.exe
696 C:\Program Files\AVG\AVG9\avgcsrvx.exe
720 C:\Windows\System32\services.exe
740 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\winlogon.exe
1160 C:\Windows\System32\svchost.exe
1220 C:\Windows\System32\svchost.exe
1356 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\svchost.exe
1532 C:\Windows\System32\audiodg.exe
1564 C:\Windows\System32\svchost.exe
1584 C:\Windows\System32\SLsvc.exe
1632 C:\Windows\System32\svchost.exe
1960 C:\Windows\System32\WLTRYSVC.EXE
1972 C:\Windows\System32\BCMWLTRY.EXE
2004 C:\Windows\System32\wlanext.exe
420 C:\Windows\System32\spoolsv.exe
536 C:\Windows\System32\svchost.exe
1996 C:\Windows\System32\AEstSrv.exe
1936 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
852 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1928 C:\Program Files\Bonjour\mDNSResponder.exe
2064 C:\Windows\System32\svchost.exe
2088 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2180 C:\Windows\System32\svchost.exe
2232 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2408 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2444 C:\Windows\System32\stacsv.exe
2528 C:\Program Files\AVG\AVG9\avgnsx.exe
2664 C:\Windows\System32\dwm.exe
2712 C:\Windows\explorer.exe
2776 C:\Windows\System32\taskeng.exe
3052 CNAC4RPK.EXE
3184 C:\Windows\System32\svchost.exe
3228 C:\Windows\System32\svchost.exe
3304 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3320 C:\Windows\System32\SearchIndexer.exe
3360 C:\Windows\System32\drivers\XAudio.exe
3376 C:\Program Files\AVG\AVG9\avgemc.exe
3476 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3636 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3736 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
1900 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
4088 C:\Windows\System32\taskeng.exe
2992 C:\Program Files\Internet Explorer\iexplore.exe
3248 C:\Program Files\Internet Explorer\iexplore.exe
4216 C:\Windows\System32\wuauclt.exe
4384 RKUnhookerLE.EXE
5396 C:\Windows\System32\SearchProtocolHost.exe
2732 C:\Program Files\Internet Explorer\iexplore.exe
1708 C:\Windows\System32\notepad.exe
4372 C:\Program Files\AVG\AVG9\avgui.exe
6020 C:\Windows\System32\SearchFilterHost.exe
4800 C:\Users\Sophie\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`85f00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`05f00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD1200BEVS-75UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!



++++++++++++++++++++++++++++++++++++++++++++++++++++++++


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8EE0D000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6606848 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x85448000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x85448000 PnpManager 3903488 bytes
0x85448000 RAW 3903488 bytes
0x85448000 WMIxWDM 3903488 bytes
0x9CE30000 Win32k 2109440 bytes
0x9CE30000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8B60B000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8B279000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FE0C000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x8EC52000 C:\Windows\system32\DRIVERS\bcmwl6.sys 1056768 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x85A95000 PCI_PNP0814 1048576 bytes
0x85A95000 C:\Windows\System32\Drivers\spdu.sys 1048576 bytes
0x85A95000 sptd 1048576 bytes
0x8B405000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0x840EA000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8B50A000 C:\Windows\System32\Drivers\dump_iaStor.sys 815104 bytes
0x8B11F000 C:\Windows\system32\drivers\iastor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8FF0F000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x82605000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8F45A000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8F55F000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x85A0C000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8B208000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80613000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8270C000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90059000 C:\Windows\system32\drivers\stwrt.sys 348160 bytes (IDT, Inc., NDHF)
0x8EDAF000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0x84080000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8EC06000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x8B0A9000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x9164D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8B009000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8069C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8FC61000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F512000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8FDC3000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x916CC000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8B3AF000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x901B7000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0x900E7000 C:\Windows\system32\DRIVERS\OEM02Dev.sys 237568 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x84008000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B71B000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8FD7D000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x91734000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x85415000 ACPI_HAL 208896 bytes
0x85415000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x807BD000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x91607000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8FC32000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90007000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8B5D1000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8B384000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8FD3C000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x826C5000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x841C8000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8B76B000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x8B057000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x84059000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x85B9E000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x90034000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8FCCF000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8B7A3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8FFD0000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel(R) Corporation, Intel(R) High Definition Audio HDMI)
0x827C4000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x9014E000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x917B1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x85BC4000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x82779000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x8B4EF000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x9178E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8ED72000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x82796000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x85BE2000 C:\Windows\System32\Drivers\AnyDVD.sys 98304 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0x8FC07000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x84041000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x827E5000 C:\Windows\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0x91717000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8FCAD000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x900AE000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x917D0000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x91695000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x901A1000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x827AF000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8FD15000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8FD01000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8ED9B000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x91639000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F5EC000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x826F9000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x916B9000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8B792000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8FDB2000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80683000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8B1EE000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x900D0000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x826B5000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8B10F000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8ED54000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8FD2A000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8B7EE000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x9177F000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B75C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8B07E000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8FCF2000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8ED8C000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8F550000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8B09A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8ED64000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9D070000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x916AB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x9018A000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8B0FA000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x91768000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FFC3000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8FD70000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x85A88000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x840CE000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90142000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F4FB000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8B600000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8EE00000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x9017F000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8FCC4000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8FCA2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8B7DA000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F507000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8B090000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x91775000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8FD66000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x826EF000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x91708000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x841F0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B7C4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x9012B000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x900C7000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x917E6000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x8B000000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x90198000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9D050000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8B7E5000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FC29000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x85B95000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8B1E6000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80694000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x90123000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8B04F000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9016F000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90177000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B754000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x840DA000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x9013B000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8B3EA000 C:\Windows\System32\Drivers\ElbyCDFL.sys 28672 bytes (SlySoft, Inc., ElbyCDIO Filter Driver)
0x900E0000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x8B0F3000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8060C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90134000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8B108000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x9172E000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8FC1F000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x91712000 C:\Windows\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0x8FC25000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x840E6000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8B08D000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x90121000 C:\Windows\system32\DRIVERS\OEM02Vfx.sys 8192 bytes (EyePower Games Pte. Ltd., Advanced Video FX Filter
Driver (Win2K based))
0x8FD3A000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x900C5000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x8820C1F8 unknown_irp_handler 3592 bytes
0x848E11F8 unknown_irp_handler 3592 bytes
0x89C061F8 unknown_irp_handler 3592 bytes
0x8820B1F8 unknown_irp_handler 3592 bytes
0x89A241F8 unknown_irp_handler 3592 bytes
0x8A1ED1F8 unknown_irp_handler 3592 bytes
0x8A2021F8 unknown_irp_handler 3592 bytes
0x89B781F8 unknown_irp_handler 3592 bytes
0x882081F8 unknown_irp_handler 3592 bytes
0x89B9A1F8 unknown_irp_handler 3592 bytes
0x89B211F8 unknown_irp_handler 3592 bytes
0x8AEE51F8 unknown_irp_handler 3592 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]
0x01F60000 Hidden Image-->msvcm80.dll [ EPROCESS 0x8117A3E8 ] PID: 1972, 507904 bytes
0x01B80000 Hidden Image-->bcmwlrmt.dll [ EPROCESS 0x8117A3E8 ] PID: 1972, 77824 bytes

Hi,

Lets do this, you can do these in safemode or normal windows if you can.


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean






Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Hi,
Did both scans, here is the result, apparently nothing has been found.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4994

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

30/10/2010 00:14:59
mbam-log-2010-10-30 (00-14-59).txt

Scan type: Quick scan
Objects scanned: 138378
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thats good, logs are looking ok so far. What I would do is run this free online virus scanner and if it comes up clean I can link you to a good windows forum that can run you through some tests to check the health of your hard drive.

Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic





Then run this program and post one last log, this scan wont take long

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it (http://www.geekstogo.com/forum/files/download/395-otl-custom-scan-file-scantxt/). You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click OK to load a custom scan from a file or Cancel to cancel"
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Hi Ken,
Thanks for prompt reply and apologies for sluggish reply on my side but I was hoping the ESET scan wuld finish in Normal Mode whilst being away, only to discover the screen with the msg “Windows recovered from an unexpected shutdown...” or similar. Screen was frozen then and I repeated the scan in Safe Mode. Incidentally when going through the stages for preparing for the scan “... the option Scan unwanted applications is checked”. This was not present.

Please see the results.
The other scan will follow later.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fc9497db412edc4a9ce39cd18b29dbf1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 02:40:15
# local_time=2010-10-30 03:40:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 56944101 56944101 0 0
# compatibility_mode=1024 16777215 100 0 4137409 4137409 0 0
# compatibility_mode=5892 16776574 100 100 5197850 125977905 0 0
# compatibility_mode=8192 67108863 100 0 22736 22736 0 0
# scanned=168493
# found=0
# cleaned=0
# scan_time=4437ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=fc9497db412edc4a9ce39cd18b29dbf1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-30 02:40:15
# local_time=2010-10-30 03:40:15 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 56944101 56944101 0 0
# compatibility_mode=1024 16777215 100 0 4137409 4137409 0 0
# compatibility_mode=5892 16776574 100 100 5197850 125977905 0 0
# compatibility_mode=8192 67108863 100 0 22736 22736 0 0
# scanned=168493
# found=0
# cleaned=0
# scan_time=4437

Hi Ken,

Please see the OTL Extra scan.
When trying to copy the OTL txt contents into this post the Safer Networking Site hung, even over night it did not recover. Other functions were still OK-ish. I ran the scans again but PASTING did not improve. I transferred it via USB stick to my Desktop which runs in Normal Mode but the same happened when pasting. I assume it's correct that this file is around 12 mb whereas the Extras file is very small.

I'll wait another hour or so for my Desktop to recover or past the log. Alternatively, would you be able to suggest something else to show the results, or would you be able to analyse the results of the previous ESET scan as well as this Extras file for now?

OTL Extras logfile created on: 31/10/2010 00:25:54 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Sophie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.20 Gb Total Space | 20.10 Gb Free Space | 20.26% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.28 Gb Free Space | 52.80% Space Free | Partition Type: NTFS

Computer Name: SOPHIE-PC | User Name: Sophie | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4E4FE755-46EB-46EE-86D0-9D97CFABE5E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E629B5F1-4AE1-472D-BD73-8686ECBEFE42}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{083A6EB4-597B-4A9D-9F34-97F56FBCE858}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{09BF5377-0650-455A-9BAD-C1A0CE4E9FFE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1413E226-86DE-4D10-916C-DB3093C1B05F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20994925-FD78-4DAB-9B38-462BC239B8A7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25A8E98E-254B-4DE3-ADFE-F0DB155BC503}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D5EE26C-65A1-466F-B2BD-8F56E21532AA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2EFFA4FA-9A70-4B8D-BB0D-47B37D30F45E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2FF8060E-9C79-495A-B6E2-9E1540566017}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{318B89A0-6B49-456B-AEAE-D48DF84FD1FF}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{31B7F8D2-C41A-461E-9023-73420B960E3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33615331-F840-402F-9832-A1B30E70432D}" = protocol=17 | dir=in | app=c:\windows\system32\cnac4rpk.exe |
"{44784EFD-1BA9-44D4-951C-8EAF3FA7F766}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{45CD9B7B-8E18-403B-B684-94F087333349}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46A33320-98B0-4B72-98AB-296B0A5CEE9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46DF77EA-B360-4A54-AECC-479750D72C9F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5A4862E6-5636-46EC-9A88-563F27974C5E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5CE74B4D-9358-4FBD-A6A7-97CA69E58C67}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5EB9FF89-3BEF-4E67-92C7-D5A6C1EDBE4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6022F495-C463-4349-A78D-2C0437EC4A41}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{63F5FFC0-FCFB-4D99-BBDC-0378AA37482B}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{66C009FF-61F2-4A54-8113-092E126DAE15}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68675CF2-52B1-4762-A0BA-9EF515D53D6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{754BB0B0-2205-43C4-9EE5-F817F260C52E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{76423661-31DF-48F2-AD91-A095AC552F76}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{776EAFEB-CA8B-4FE7-8A61-BBF0A9DC6175}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{78DB208A-232E-446D-9C9C-5A943C5CBDF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BEAC48E-C688-49BE-BBC6-1BFA1B88A905}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{7CA7DAEB-2CC6-48B3-9CAC-A621374F382B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D1866E3-AFA5-4647-86E4-DE58C2AFB825}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E84AFB3-4EAE-428D-8E59-70A047544B6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{7F34FD98-A738-44FE-8164-F36FF07B30A1}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{80ECC4D8-135C-42A4-A7B0-09CBB633ADCB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83FA548A-ED07-436A-BCBE-5FD674612481}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8731F0CD-9FC3-4E5C-8302-3089256CCB1F}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8B359B82-A954-4416-8BCF-4531D94E24AF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9A848C53-F46D-4DA4-B0B8-269BF3C583D7}" = protocol=6 | dir=in | app=c:\windows\system32\cnac4rpk.exe |
"{9B423E6D-3604-4D0F-B0A3-BE93A1EE0A0F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9CFD91B5-B2FC-4679-93D0-333544CA8E32}" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"{9FEF0D6B-F2CE-44D7-AB9D-5C8BF2AC2A0B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ABCC89FC-983C-4F60-B627-EA8BF37AB5F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AC2746FE-DF37-49C3-AD66-7A08E05D6226}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{ACF09853-2B76-4C82-B2E8-322AD4E7FC64}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B04349A6-EA5A-4AF3-A47D-CE815AC314F9}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{B7E68987-73FF-4A2D-95DB-A2CC7B129831}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BCFE7678-58EB-4C79-81A7-EDE2A861ECF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEEA7F3D-A78E-4181-91D8-910FDB72E519}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C270E247-6E71-4DF8-8FAE-8099F7A4F7D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C347D694-6234-400D-9E15-D07F468AFF8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C8FE6DAA-AC33-4048-BCB0-0292CCC285B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D00AC682-927A-4308-9A4C-F08378521448}" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"{D12AF589-88C0-4357-BA5A-B1DCACD7AC84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3075C91-8638-4A90-A54F-55D86E89922A}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{D5991C31-6DE2-471C-A4BD-C5C6EE42786F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7301BFA-B0FD-4FFB-98B1-AD6A4EF8F0AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9E1C9ED-75B2-4CA6-8E8F-2E832645CFF9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DEDD1A75-D30D-4A15-808E-A0413402B1CE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E373EDE8-71ED-4BAE-AC14-02F93DE49DB4}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{E92B70B9-C223-4E21-BF34-AD8CF92F48AD}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{E9D20000-705E-49C1-82C8-0A996BD3EDC7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED2818B0-918A-41EE-842F-A36D32A15B59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EF5DB753-A3FF-464E-8535-5725E429771C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F686D53D-0558-4CFD-8982-90CCA6E2057B}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{F8021F1E-7B83-4FEB-A487-9D73FCC289A1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F8E7398B-12C2-45FE-A316-D4D2AD68D70C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC92ECFA-C71A-43BA-B7C7-3702E0C55CBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FECE7763-9D18-4CA0-B3A0-0EDC5F32B121}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{5F7666E7-5AAF-49F8-B7FC-1C1D750F33A6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BDA70279-A009-472A-AB0F-71BC44ADC814}D:\program files\black n white\runblack.exe" = protocol=6 | dir=in | app=d:\program files\black n white\runblack.exe |
"UDP Query User{2DD67D90-8A96-4BF7-B9E9-E3910D51E7EF}D:\program files\black n white\runblack.exe" = protocol=17 | dir=in | app=d:\program files\black n white\runblack.exe |
"UDP Query User{E779D9D6-7B0B-4744-B93B-7B484A836E47}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper" = #1 DVD Ripper 8.1.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0cc3c39b-51fc-4488-8834-fef4b6f8824b}" = DTS Plug-in
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = The Sims Deluxe Edition
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 21
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{f2f173d5-d0e1-4f0e-8ece-518fbf75ee3b}" = Blu-ray Disc Authoring Plug-in
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AnyDVD" = AnyDVD
"Ask Toolbar_is1" = Ask Toolbar
"AVG9Uninstall" = AVG Free 9.0
"Babylon" = Babylon
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Canon LBP5000" = Canon LBP5000
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC" = FLAC Installer 1.1.2a (remove only)
"Fünf Freunde auf Schatzsuche" = Fünf Freunde auf Schatzsuche
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"MetaProducts StartUp Organizer" = MetaProducts StartUp Organizer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MoffCalc2_is1" = Moffsoft Calculator 2
"Registry Clean Expert_is1" = Registry Clean Expert
"RollerCoaster Tycoon Setup" = Roll
"SolSuite Graphics Pack Volume 1_is1" = SolSuite Graphics Pack Volume 1 - v1.21
"SolSuite Graphics Pack Volume 2_is1" = SolSuite Graphics Pack Volume 2 - v2.13
"SolSuite_is1" = SolSuite 2008 v8.6
"Spotify" = Spotify
"SquareOff" = SquareOff 1.9
"Tag&Rename_is1" = Tag&Rename 3.3.5
"TreeSize Free_is1" = TreeSize Free V2.2.1
"Trojan Remover_is1" = Trojan Remover 6.7.5
"Video Converter_is1" = #1 Video Converter 5.3.1
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinRescue Vista_is1" = WinRescue Vista
"ZoomPlayer" = Zoom Player (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/08/2010 22:13:18 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 22:13:18 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27006331

Error - 11/08/2010 22:13:18 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27006331

Error - 11/08/2010 22:13:19 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 22:13:19 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27007377

Error - 11/08/2010 22:13:19 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27007377

Error - 11/08/2010 22:13:20 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/08/2010 22:13:20 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 27008983

Error - 11/08/2010 22:13:20 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 27008983

Error - 11/08/2010 22:13:22 | Computer Name = Sophie-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Broadcom Wireless LAN Events ]
Error - 14/01/2010 07:37:32 | Computer Name = Sophie-PC | Source = WLAN-Tray | ID = 0
Description = 11:37:32, Thu, Jan 14, 10 Error - Unable to gain access to user store


[ System Events ]
Error - 30/10/2010 09:15:11 | Computer Name = Sophie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 30/10/2010 09:15:11 | Computer Name = Sophie-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 30/10/2010 19:05:26 | Computer Name = Sophie-PC | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 19:05:32 | Computer Name = Sophie-PC | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 19:05:36 | Computer Name = Sophie-PC | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 19:05:36 | Computer Name = Sophie-PC | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 19:05:39 | Computer Name = Sophie-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 30/10/2010 19:05:52 | Computer Name = Sophie-PC | Source = DCOM | ID = 10005
Description =

Error - 30/10/2010 19:06:33 | Computer Name = Sophie-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 30/10/2010 19:06:33 | Computer Name = Sophie-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

Hi Ken,

Working on my Desktop now I attached the OTL txt file as a zip for review.

I am running the scan again on the affected laptop which might result in a smaller file and if so I might post it later.

This is what I found

C:\Program Files\AskBarDis

* It promotes its toolbars on sites targeted at kids.
* It promotes its toolbars through ads that appear to be part of other companies' sites.
* It promotes its toolbars through other companies' spyware.
* It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
* It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
* It makes confusing changes to user's browsers - increasing Ask's revenues while taking users to pages they didn't intend to visit.


I doubt its in Programs and Features but you can check
There is an uninstall called unis000.exe living in
C:\Program Files\AskBarDis
Fine the exe and run it, this removes the ask toolbar and all components. The service will no longer appear in your services list.



c:\program files\dna\btdna.exe
c:\program files\bittorrent

If your not infected now you will be soon if you keep using file sharing programs and sites like these, your downloading files from an unknown source, malware writers are in tune to this and use programs like this to infect your computer, you need to uninstall them via Programs and Features in the Control Panel.


Why dont you post here , you can link them to this thread if you wish so they can see what we have done and they can help you sort out some programs that may be conflicting and causing problems or check the health of your hard drive. Like Safer its free but you will need to register

http://forums.pcpitstop.com/index.php?/forum/3-user-to-user-help/


Good Luck,

Ken :)

Thank you very much for your help, Ken, I logged my issue with the pitstop forum now.

Good, if they cant find the root of your problem and still think its malware related then post back and let me know and we can dig deeper if we need to

Followed your post over at the Pit and it looks like your hard drive failed which was what I seemed to feel . Hope Dell treated you right and you got it up and running again.

Ken :)

Thank, Ken, for following up. Indeed, Dell replaced the HD and I am now reinstalling.
Regards

:bigthumb:

Thanks for letting me know

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.