Hi Cypher,
Thanks so much for your help.
MGADiag logDiagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-F4GJK-KG77H-B9HD2
Windows Product Key Hash: iJAth4TbScMi8HdcPurlASXdEkw=
Windows Product ID: 89578-OEM-7332157-00204
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6001.2.00010300.1.0.003
ID: {CF1EA079-2FE8-4D32-8DEC-E436FE92E05E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Premium
Architecture: 0x00000000
Build lab: 6001.vistasp1_ldr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{CF1EA079-2FE8-4D32-8DEC-E436FE92E05E}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6001.2.00010300.1.0.003</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-B9HD2</PKey><PID>89578-OEM-7332157-00204</PID><PIDType>2</PIDType><SID>S-1-5-21-1365571228-1884427199-4179648014</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Inspiron 1545 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A07</Version><SMBIOSVersion major="2" minor="4"/><Date>20090513000000.000000+000</Date></BIOS><HWID>6D333507018400F8</HWID><UserLCID>0809</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>DELL </OEMID><OEMTableID>WN09 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>9E536A13CD8E72E</Val><Hash>6yZYJ5igE3gJHGQfAVOJDM5UoLM=</Hash><Pid>81602-919-1583972-68679</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>
Spsys.log Content: 0x80070002
Licensing Data-->
Software licensing service version: 6.0.6001.18000
Name: Windows(TM) Vista, HomePremium edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: bffdc375-bbd5-499d-8ef1-4f37b61c895f
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89578-00146-321-500204-02-2057-6001.0000-2372009
Installation ID: 000252280303880266471764010206799765549472549446434996
Processor Certificate URL:
http://go.microsoft.com/fwlink/?LinkID=43473Machine Certificate URL:
http://go.microsoft.com/fwlink/?LinkID=43474Use License URL:
http://go.microsoft.com/fwlink/?LinkID=43476Product Key Certificate URL:
http://go.microsoft.com/fwlink/?LinkID=43475Partial Product Key: B9HD2
License Status: Licensed
Windows Activation Technologies-->
N/A
HWID Data-->
HWID Hash Current: NgAAAAIAAQABAAIAAQABAAAABAABAAEAeqgatsISzVDaM8Ibdg4oH/L0VG3yAYLKrFa/+EbK
OEM Activation 1.0 Data-->
N/A
OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC DELL WN09
FACP DELL WN09
HPET DELL WN09
MCFG DELL WN09
SLIC DELL WN09
SSDT PmRef CpuPm
OTL.txtOTL logfile created on: 06/06/2011 18:36:55 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.21% Memory free
6.14 Gb Paging File | 4.26 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.60 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\user\Downloads\MGADiag.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband\O2 Broadband.exe ()
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\STService.exe ()
PRC - C:\Program Files\Dell DataSafe Local Backup\SftService.exe (SoftThinks)
PRC - C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe ()
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Garmin\gStart.exe (GARMIN Corp.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
========== Modules (SafeList) ========== MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ========== DRV - (MpKslaf530bf6) -- File not found
DRV - (MpKsl7be496e1) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FD361404-4964-4828-8FDD-A3C2326259D4}\MpKsl7be496e1.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (s1039bus) Sony Ericsson Device 1039 driver (WDM) -- C:\Windows\System32\drivers\s1039bus.sys (MCCI Corporation)
DRV - (s1039mdm) -- C:\Windows\System32\drivers\s1039mdm.sys (MCCI Corporation)
DRV - (s1039mgmt) Sony Ericsson Device 1039 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1039mgmt.sys (MCCI Corporation)
DRV - (s1039obex) -- C:\Windows\System32\drivers\s1039obex.sys (MCCI Corporation)
DRV - (s1039mdfl) -- C:\Windows\System32\drivers\s1039mdfl.sys (MCCI Corporation)
DRV - (s1039unic) Sony Ericsson Device 1039 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1039unic.sys (MCCI Corporation)
DRV - (s1039nd5) Sony Ericsson Device 1039 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1039nd5.sys (MCCI Corporation)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (OA009Vid) -- C:\Windows\System32\drivers\OA009Vid.sys (Creative Technology Ltd.)
DRV - (OA009Ufd) -- C:\Windows\System32\drivers\OA009Ufd.sys (Creative Technology Ltd.)
DRV - (CtClsFlt) -- C:\Windows\System32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.com/USCON/2IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.comIE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.searchqu.com/406IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.google.com/ieIE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.google.com/ieIE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.uk.msn.com/USCON/2IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://g.uk.msn.com/USCON/2IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=406&q="
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 17:05:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/09 17:05:00 | 000,000,000 | ---D | M]
[2011/06/02 21:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2011/06/03 17:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions
[2010/09/16 20:35:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/02 21:37:30 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2009/08/31 13:23:43 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\toudoapk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchplugins\SearchquWebSearch.xml
[2011/06/02 21:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TOUDOAPK.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/09 17:04:55 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/05/09 17:04:57 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2011/05/09 17:04:57 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2011/05/09 17:04:57 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2011/05/09 17:04:57 | 000,001,180 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2011/03/23 13:24:21 | 000,005,529 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2011/05/09 17:04:57 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1000..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKU\S-1-5-21-1365571228-1884427199-4179648014-1001..\Run: [msnmsgr] File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696}
http://www.bebo.com/files/BeboUploader.5.1.4.cab (Bebo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.40.32.33 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) - C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/11/23 00:46:10 | 000,000,045 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2004/04/30 23:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{158872d1-7561-11e0-b442-001e101f8924}\Shell\AutoRun\command - "" = G:\KODAK_Software_Downloader.exe
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{39fb5cfa-d971-11de-89cc-0025644abccb}\Shell\AutoRun\command - "" = G:\Enterprise_Launcher.exe
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{505cbb19-335d-11e0-9327-001e101fe5e1}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell - "" = AutoRun
O33 - MountPoints2\{50cf7aff-569e-11df-97bb-0025644abccb}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{6fb77292-9954-11df-a2dc-001e101fb45e}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell - "" = AutoRun
O33 - MountPoints2\{74ea6593-7f51-11df-bbd1-001e101f8ffe}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2009/08/27 19:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/06/06 18:35:37 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/06 18:33:10 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2011/06/06 18:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2011/06/02 21:39:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Ilivid Player
[2011/06/02 21:38:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2011/06/02 21:37:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/06/02 21:36:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\PackageAware
[2011/05/29 15:53:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\go
[2011/05/29 15:53:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2011/05/28 22:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/05/27 09:00:44 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker updated
[2011/05/26 20:19:17 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\caretaker
[2011/05/26 17:56:09 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Bebo photos downloaded May 2011
[2011/05/15 21:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras
[2011/05/15 21:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/05/15 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/13 10:18:19 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\uae
[2011/05/12 22:00:55 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\c mcn
========== Files - Modified Within 30 Days ========== [2011/06/06 18:39:59 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{096765AE-D322-4B51-BDBE-AD974BA6ABC7}.job
[2011/06/06 18:35:24 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2011/06/06 18:31:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 18:31:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/06 11:55:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/05 09:58:00 | 000,613,890 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/05 09:58:00 | 000,113,174 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/05 09:51:15 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 16:56:08 | 000,034,885 | ---- | M] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/28 22:56:25 | 000,000,925 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:39 | 000,173,298 | ---- | M] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/19 10:57:14 | 000,011,776 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== Files Created - No Company Name ========== [2011/06/01 16:56:07 | 000,034,885 | ---- | C] () -- C:\Users\user\Desktop\This is my family.jpg
[2011/05/29 15:53:26 | 000,001,587 | ---- | C] () -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play games (EasyBits GO).lnk
[2011/05/28 22:56:25 | 000,000,925 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2011/05/28 22:56:25 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/05/21 15:46:38 | 000,173,298 | ---- | C] () -- C:\Users\user\Desktop\barry!.JPG
[2011/05/09 17:05:00 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2010/06/24 06:33:44 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2009/11/11 07:12:03 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STWmiM.dll
[2009/11/11 07:12:03 | 000,103,664 | ---- | C] () -- C:\Windows\System32\STXMLSystem.dll
[2009/11/11 07:12:03 | 000,095,472 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
[2009/11/11 07:12:03 | 000,079,088 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2009/11/11 07:12:03 | 000,071,408 | ---- | C] () -- C:\Windows\System32\STWiz.dll
[2009/11/11 07:12:03 | 000,000,060 | ---- | C] () -- C:\Windows\System32\winpeshl.ini
[2009/11/11 07:12:03 | 000,000,020 | ---- | C] () -- C:\Windows\System32\ST_LOG.INI
[2009/11/11 07:12:02 | 000,390,384 | ---- | C] () -- C:\Windows\System32\STODD.dll
[2009/11/11 07:12:02 | 000,386,288 | ---- | C] () -- C:\Windows\System32\STODDRD.dll
[2009/11/11 07:12:02 | 000,271,600 | ---- | C] () -- C:\Windows\System32\STODDIM.dll
[2009/11/11 07:12:02 | 000,259,312 | ---- | C] () -- C:\Windows\System32\STODDSC.dll
[2009/11/11 07:12:02 | 000,234,736 | ---- | C] () -- C:\Windows\System32\STFiles.dll
[2009/11/11 07:12:02 | 000,132,336 | ---- | C] () -- C:\Windows\System32\STLog.dll
[2009/11/11 07:12:02 | 000,121,584 | ---- | C] () -- C:\Windows\System32\STNLS.dll
[2009/11/11 07:12:02 | 000,115,952 | ---- | C] () -- C:\Windows\System32\STPE.dll
[2009/11/11 07:12:02 | 000,107,760 | ---- | C] () -- C:\Windows\System32\STShellVC6.dll
[2009/11/11 07:12:02 | 000,099,568 | ---- | C] () -- C:\Windows\System32\STMsXml.dll
[2009/11/11 07:12:02 | 000,083,184 | ---- | C] () -- C:\Windows\System32\STProcess.dll
[2009/11/11 07:12:02 | 000,074,992 | ---- | C] () -- C:\Windows\System32\STRegistry.dll
[2009/11/11 07:12:01 | 001,191,936 | ---- | C] () -- C:\Windows\System32\Restore7.exe
[2009/11/11 07:12:01 | 001,123,568 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2009/11/11 07:12:01 | 000,476,400 | ---- | C] () -- C:\Windows\System32\PSTImage.dll
[2009/11/11 07:12:01 | 000,447,728 | ---- | C] () -- C:\Windows\System32\STBackupEngine.dll
[2009/11/11 07:12:01 | 000,242,928 | ---- | C] () -- C:\Windows\System32\RestoreLauncher.exe
[2009/11/11 07:12:01 | 000,124,144 | ---- | C] () -- C:\Windows\System32\STCrypto.dll
[2009/11/11 07:12:01 | 000,115,952 | ---- | C] () -- C:\Windows\System32\PSTVdsDisk.dll
[2009/11/11 07:12:01 | 000,058,608 | ---- | C] () -- C:\Windows\System32\STCoreXml.dll
[2009/11/11 07:12:00 | 000,410,864 | ---- | C] () -- C:\Windows\System32\BackupApi.dll
[2009/11/11 07:12:00 | 000,267,504 | ---- | C] () -- C:\Windows\FixBCD.exe
[2009/11/11 07:12:00 | 000,000,004 | ---- | C] () -- C:\Windows\System32\abort.dat
[2009/09/06 12:52:13 | 000,001,064 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat
[2009/08/26 12:46:26 | 000,011,776 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/25 14:35:51 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/07 06:03:16 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/08/07 06:03:16 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/08/07 06:03:16 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/08/07 06:03:16 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2009/08/07 03:53:22 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2009/08/07 03:29:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/08/07 03:29:22 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2009/08/07 03:29:21 | 000,026,112 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2009/08/07 03:18:32 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/04/11 19:02:01 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/11 19:02:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/04/11 17:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,300,160 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,613,890 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,113,174 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
========== Custom Scans ========== < c:|Fun4IM;true;true;true; /FP > < c:|Bandoo;true;true;true; /FP > < c:|Searchqu;true;true;true; /FP >[2011/06/05 14:21:24 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchquband
[2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar
[2011/06/05 14:21:31 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\LocalLow\searchqutoolbar\coupons
[2011/06/04 00:18:22 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar
[2011/06/03 18:05:49 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\coupons
[2011/06/04 17:34:02 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\toudoapk.default\searchqutoolbar\weather
< c:|iLivid;true;true;true; /FP >[2011/06/02 21:37:41 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
[2011/06/02 21:37:38 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
[2011/06/02 21:37:37 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\ToolBar
[2011/06/02 21:39:51 | 000,000,000 | ---D | M] -- c:\Users\user\AppData\Local\Ilivid Player
< c:|whitesmoke;true;true;true; /FP >< End of report >
Extras.txtOTL Extras logfile created on: 06/06/2011 18:36:55 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.96 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 41.21% Memory free
6.14 Gb Paging File | 4.26 Gb Available in Paging File | 69.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 84.60 Gb Free Space | 62.96% Space Free | Partition Type: NTFS
Drive D: | 15.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 14.65 Gb Total Space | 7.21 Gb Free Space | 49.23% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0438C85C-0AF9-4A0E-A732-785ABBC156F3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2763C7B7-A182-442B-83E6-1EA1EB183F44}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C9C3311-EE82-474A-A990-732A7759A609}" = lport=139 | protocol=6 | dir=in | app=system |
"{3232A886-D2D0-48A0-B2E1-728A2FEBB7D0}" = rport=445 | protocol=6 | dir=out | app=system |
"{37D483BB-6D4B-4B48-97B7-C5D3DDF914B9}" = rport=138 | protocol=17 | dir=out | app=system |
"{67D26AD1-9FFE-4A11-A3D9-7C6F74A35EB3}" = lport=445 | protocol=6 | dir=in | app=system |
"{DD71CBA1-76F9-41D1-89C3-BDF83DF2C25D}" = rport=139 | protocol=6 | dir=out | app=system |
"{EB613493-4FA5-42F1-9076-08F573157CB1}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED1F956B-39EC-4558-AFB9-D319F5B41735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F7D6195B-99E8-4F77-B819-CDC009031A0E}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0448E9AD-8EE6-4B86-84D6-D95A29A9E2F2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1615CFE8-E740-4B82-BDFD-FCACDCAF5C1A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45CCE179-7141-4AAB-8663-0CD093238150}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5E5A4B2F-3D06-4E3E-8D07-D42D4AB0B958}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B58AA0E5-5E9F-4ADB-803A-C5E94D56D38B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B681EE09-B4AF-4E90-8065-771CBF4ABDF9}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{D310577D-8881-4A82-AA68-3B1117B5882F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F9F9FAE2-F022-42B2-B070-1E908EB43F9A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FA57299B-B565-47A0-828A-4F99FED231A2}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OA009" = Integrated Webcam Driver (1.02.01.0320)
"Dell Webcam Central" = Dell Webcam Central
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Internet Scrabble Club_is1" = WordBiz version 1.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox 4.0.1 (x86 en-GB)" = Mozilla Firefox 4.0.1 (x86 en-GB)
"O2 Broadband" = O2 Broadband
"Picasa 3" = Picasa 3
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"TVWiz" = Intel(R) TV Wizard
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1365571228-1884427199-4179648014-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 10/05/2011 04:35:00 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
Error - 10/05/2011 04:36:56 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11/05/2011 04:31:13 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/05/2011 03:47:42 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/05/2011 03:52:16 | Computer Name = user-PC | Source = MsiInstaller | ID = 11704
Description =
Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 13/05/2011 05:19:54 | Computer Name = user-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 15/05/2011 11:26:06 | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application STService.exe, version 1.0.0.64, time stamp 0x4ae02c43,
faulting module STString.dll, version 1.1.0.5, time stamp 0x498c2b9e, exception
code 0xc0000005, fault offset 0x0000ae22, process id 0xccc, application start time
0x01cc1078db0a5b58.
Error - 15/05/2011 12:03:57 | Computer Name = user-PC | Source = EventSystem | ID = 4621
Description =
Error - 15/05/2011 16:12:37 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
[ Broadcom Wireless LAN Events ]
Error - 01/05/2011 16:19:53 | Computer Name = user-PC | Source = WLAN-Tray | ID = 0
Description = 21:19:53, Sun, May 01, 11 Error - Unable to gain access to user store
[ Media Center Events ]
Error - 28/02/2010 16:49:02 | Computer Name = user-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.
[ System Events ]
Error - 03/06/2011 16:20:22 | Computer Name = user-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 95.83.201.122
with the system having network hardware address 02-50-F3-00-00-00. Network operations
on this system may be disrupted as a result.
Error - 04/06/2011 04:36:38 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.201.186 for the Network Card with network
address 001E101FE70E has been denied by the DHCP server 62.40.52.113 (The DHCP
Server sent a DHCPNACK message).
Error - 04/06/2011 13:39:58 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.194.197 for the Network Card with network
address 001E101F24F1 has been denied by the DHCP server 89.204.205.129 (The DHCP
Server sent a DHCPNACK message).
Error - 05/06/2011 04:51:19 | Computer Name = user-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 09:49:34 on 05/06/2011 was unexpected.
Error - 05/06/2011 04:51:26 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =
Error - 05/06/2011 04:51:31 | Computer Name = user-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%861 Real-Time Protection feature has encountered an error and failed.
Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842
Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/06/2011 04:52:27 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 05/06/2011 16:53:35 | Computer Name = user-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 89.204.177.210 for the Network Card with network
address 001E101F82A7 has been denied by the DHCP server 89.204.186.41 (The DHCP
Server sent a DHCPNACK message).
< End of report >