Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

runtime error message C:\Program Files\OLYMPUS\OLYMPUS Maste

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

runtime error message C:\Program Files\OLYMPUS\OLYMPUS Maste

Unread postby falcon10 » September 9th, 2010, 7:53 am

Hi i have this message appear on startup and when i try to open olympus master....C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe.....I have my hijack this scan and uninstall log below...any help would be greatly appreciated

cheers

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:47 PM, on 9/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Users\Public\Downloads\Norton\{NIS_prod_UPG_1.5.30_18.1.0.37}\NISDownloader[1].exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\18.1.0.37\InstStub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [NIS] "C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\18.1.0.37\InstStub.exe" /RELAUNCH /RUNONCE /NOPROMPT /PRODID NIS
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\Windows\system32\cmd.exe" /c "C:\Users\stan\AppData\Local\Temp\isDel.bat"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe /H
O4 - HKCU\..\Run: [Norton Download Manager{NIS_prod_UPG_1.5.30_18.1.0.37}] C:\Users\Public\Downloads\Norton\{NIS_prod_UPG_1.5.30_18.1.0.37}\NISDownloader[1].exe /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsup ... gctlcm.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resourc ... den-au.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13439 bytes




and my uninstall log

Acrobat.com
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Standard
Adobe Creative Suite 4 Design Standard
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Player
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Collage Creator
Atheros Driver Installation Program
Bonjour
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Conexant HD Audio
Connect
DivX Converter
DivX Player
DivX Web Player
DVD Suite
ESU for Microsoft Vista
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.30 E2
HP Update
HP User Guides 0093
HP Wireless Assistant
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 21
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
kuler
LabelPrint
Logitech Audio Echo Cancellation Component
Logitech QuickCam
Logitech Video Enumerator
Logitech® Camera Driver
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MVision
My HP Games
NavDesk 2009
NetWaiting
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
Norton Utilities
OGA Notifier 2.0.0048.0
OLYMPUS Master 2
OpenOffice.org Installer 1.0
PC Connectivity Solution
PDF Settings CS4
Photoshop Camera Raw
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
RealPlayer
Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Skype web features
Skype™ 4.1
Suite Shared Configuration CS4
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Viewpoint Media Player
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am
Advertisement
Register to Remove

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 11th, 2010, 12:05 pm

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. The logs you will be posting can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you follow these instructions, everything should go smoothly.

====================

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Right-click CKScanner.exe and select Run as administrator, then click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

====================

Next,
  1. Please download this tool from Microsoft.
  2. Right-click on MGADiag.exe and select Run as administratorto run it.
  3. Click Continue.
  4. The program will run. It takes a while to finish the diagnosis, please be patient.
  5. Once done, click on Copy.
  6. Open Notepad and paste the contents in. Save this file and post it in your next reply.

====================

Lastly,
Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then right click dds.scr and select "Run as administrator" to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop.

====================

In your next reply, please post:

  1. CKFiles.txt
  2. The MGADiag results
  3. DDS.txt
  4. Attach.txt
  5. A detailed description of the error messages you are seeing
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 13th, 2010, 8:05 pm

Are you still in need of assistance?

If you do not reply within 24 hours of this post, your topic will be closed due to inactivity.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 14th, 2010, 7:04 am

hi carolyn, sorry was away for a couple of days....Have run what you wanted and have attached then to this reply.......The error message is C:\Program Files\Olympus Master2\Olympus Master2\MMonitor.exe.......It also says Microsoft visual C++ Runtime Library



DDS (Ver_10-03-17.01) - NTFSx86
Run by stan at 20:43:32.48 on Tue 14/09/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.61.1033.18.2037.868 [GMT 10:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Norton Utilities 14\RMTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Users\stan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\stan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.1.0.37\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.1.0.37\coIEPlg.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge]
uRun: [NortonUtilities] c:\program files\norton utilities 14\RMTray.exe /H
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/200 ... oader5.cab
DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsup ... gctlcm.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resourc ... den-au.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1201000.025\SymDS.sys [2010-9-12 339504]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1201000.025\SymEFA.sys [2010-9-12 666672]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20100901.003\BHDrvx86.sys [2010-9-1 692272]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20100910.001\IDSvix86.sys [2010-9-14 344112]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1201000.025\Ironx86.sys [2010-9-12 134704]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1201000.025\symtdiv.sys [2010-9-12 331312]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.1.0.37\ccSvcHst.exe [2010-9-12 126904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-12 102448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-9 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-09-14 09:57:51 0 d-----w- C:\MGADiagToolOutput
2010-09-12 02:55:12 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-12 02:55:12 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-12 02:55:12 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 02:55:12 0 d-----w- c:\program files\Symantec
2010-09-12 02:53:59 0 d-----w- c:\windows\system32\drivers\NIS
2010-09-12 02:53:49 0 d-----w- c:\program files\Norton Internet Security
2010-09-09 11:10:15 0 d-----w- c:\programdata\PCSettings
2010-09-09 11:09:45 0 d-----w- c:\program files\NortonInstaller
2010-09-09 11:08:09 0 d-----w- c:\program files\Trend Micro
2010-09-09 10:26:02 0 d-----w- c:\programdata\NortonInstaller
2010-09-09 09:34:46 0 d-----w- c:\programdata\Norton Installer
2010-09-09 09:33:42 0 d---a-w- c:\programdata\TEMP
2010-09-09 09:32:45 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-09-09 09:32:45 506368 ----a-w- c:\windows\system32\msxml.dll
2010-09-09 09:32:45 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-09-09 09:32:45 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-09-09 09:32:42 0 d-----w- c:\program files\Norton Utilities 14
2010-08-17 10:25:50 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-08-17 10:25:48 274944 ----a-w- c:\windows\system32\schannel.dll
2010-08-17 10:25:04 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-08-17 10:24:59 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-17 10:19:03 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-17 10:19:02 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-17 10:18:49 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-17 10:18:49 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-17 10:13:48 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

==================== Find3M ====================

2010-09-09 11:17:19 51200 ----a-w- c:\windows\inf\infpub.dat
2010-09-09 11:17:19 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-09-09 11:17:19 143360 ----a-w- c:\windows\inf\infstor.dat
2010-07-16 19:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-13 04:55:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-28 07:52:56 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-06-16 08:42:24 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-29 17:41:03 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010043020100501\index.dat

============= FINISH: 20:45:02.22 ===============


CK Files

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----


MGADiag.....results



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-GD2PK-BD3R2-44MV3
Windows Product Key Hash: f7FPE6g/CLFmnJ4E6GbEU9Xn1sA=
Windows Product ID: 89572-OEM-7332166-00021
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.0.6002.2.00010300.2.0.002
ID: {AC3F21AD-1B73-4142-BBBD-108B617FC0E6}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows Vista (TM) Home Basic
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.100608-0458
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: 6.0.6002.16398

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: 100
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Small Business 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{AC3F21AD-1B73-4142-BBBD-108B617FC0E6}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010300.2.0.002</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-44MV3</PKey><PID>89572-OEM-7332166-00021</PID><PIDType>2</PIDType><SID>S-1-5-21-3107803068-2574271945-3947071597</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>Compaq Presario C700 Notebook PC</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>F.30</Version><SMBIOSVersion major="2" minor="4"/><Date>20080218000000.000000+000</Date></BIOS><HWID>93303507018400FA</HWID><UserLCID>0C09</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>E. Australia Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-MPC</OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-00CA-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Small Business 2007</Name><Ver>12</Ver><Val>67A16D9DEACDAE</Val><Hash>ceTpQ6Z1dblzfeOtTn9mGiOg0x8=</Hash><Pid>81606-OEM-6472754-32609</Pid><PidType>4</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, HomeBasic edition
Description: Windows Operating System - Vista, OEM_SLP channel
Activation ID: 199086aa-6cb8-4e5b-b698-f2be56f1e8ee
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 89572-00146-321-600021-02-3081-6000.0000-1172008
Installation ID: 010356857453665520048520217015138231475670873384205861
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: 44MV3
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAIAAQABAAAAAwABAAEAJJTaUQp6fLYCckaDtoD8U8JQ8vSwQcT+eOysVrIN

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC HPQOEM SLIC-MPC
FACP HP SPARTAN
HPET HPQOEM SLIC-MPC
BOOT HPQOEM SLIC-MPC
MCFG HPQOEM SLIC-MPC
ASF! HPQOEM SLIC-MPC
SLIC HPQOEM SLIC-MPC
SSDT PmRef Cpu0Cst
SSDT PmRef Cpu0Cst
You do not have the required permissions to view the files attached to this post.
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 14th, 2010, 7:40 am

Hello falcon10,

One of the policies of this forum is to close topics that are inactive for three or more days. Please let me know if you will be unable to reply, even for a couple of days, so that your topic will remain open.

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Go to start > control panel > programs and features.
  2. Right click on:

    µTorrent

  3. Click Uninstall & then follow the prompts to remove it.
  4. Repeat the process for any other P2P programs that may have installed.

-----------------------------------

Disable Windows Defender until the computer is clean

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save
Don't forget to re-enable it, when your computer is clean.

-----------------------------------

Next,
Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Right-click on OTL.exe and select Run as administrator to run it.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please post the following:
  • The OTL.txt logfile
  • The Extras.txt logfile
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 16th, 2010, 5:07 am

Hi have attached the two files as requested.......Hope this helps.....I really appreciate the help.....I will be away untill sunday and wont be able you to check this until sunday night..... hope this is not a hassle

thanks

Edit: While my first set of instructions to you did ask that you attach a file, I actually prefer that you post the contents of your logs as part of your replies - I've removed the attachments and added the logs to this post.


OTL logfile created on: 16/09/2010 6:48:37 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\stan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.91 Gb Total Space | 6.15 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 2.51 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
PRC - [2010/08/23 14:52:26 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/07/23 15:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2010/04/18 20:33:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/14 10:53:32 | 000,279,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\RMTray.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/04 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/04 09:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
MOD - [2010/08/17 13:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2009/07/12 17:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 17:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/23 15:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2010/06/27 17:21:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/05/12 12:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/04 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/06 04:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/12 12:55:12 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100913.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/08 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/08 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100913.048\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/01 08:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/29 13:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/29 12:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/29 12:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/13 11:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/06/27 14:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/27 14:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100910.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/06/13 20:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2009/04/11 14:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/03 18:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/10/11 21:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/30 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/28 11:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/08/20 22:25:56 | 001,790,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/08/20 22:25:56 | 001,790,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/07/11 00:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 21:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 21:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 21:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/19 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/31 09:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/04 04:32:34 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/04 04:27:27 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/04 04:27:15 | 000,014,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 17:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/29 04:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/18 20:34:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/09/12 12:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/09/12 12:53:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlcm.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... den-au.cab (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\stan\Pictures\2004-01 (Jan)\P1014043.JPG
O24 - Desktop BackupWallPaper: C:\Users\stan\Pictures\2004-01 (Jan)\P1014043.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/22 21:19:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/12 01:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{fc380d85-cc38-11de-8978-001eec15150b}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{fc380d85-cc38-11de-8978-001eec15150b}\Shell\Install\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\F\Shell\Install\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/16 18:44:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2010/09/14 19:57:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/09/14 19:55:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\stan\Desktop\MGADiag.exe
[2010/09/12 13:29:10 | 000,000,000 | ---D | C] -- C:\Users\stan\AppData\Local\CrashDumps
[2010/09/12 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Symantec
[2010/09/12 12:55:12 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 12:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/12 12:54:33 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2010/09/12 12:54:33 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2010/09/12 12:54:33 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2010/09/12 12:54:33 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys
[2010/09/12 12:54:33 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2010/09/12 12:54:33 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2010/09/12 12:54:33 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2010/09/12 12:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/09/12 12:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2010/09/12 12:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/09/09 21:37:24 | 000,000,000 | ---D | C] -- C:\Users\stan\Desktop\hijackthis
[2010/09/09 21:11:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/09 21:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/09/09 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/09/09 21:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/09 20:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/09 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\comp
[2010/09/09 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2010/09/09 19:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/09 19:32:45 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/09/09 19:32:45 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/09/09 19:32:45 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/09/09 19:32:45 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/09/09 19:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Utilities 14
[2010/09/09 19:27:09 | 022,743,000 | ---- | C] (Symantec Corporation ) -- C:\Users\stan\Desktop\NU14.5.0.116b.exe
[2010/08/25 20:19:08 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/25 20:19:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/25 20:19:08 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/17 20:27:19 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/17 20:27:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/17 20:27:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/17 20:27:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/17 20:27:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/17 20:27:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/17 20:27:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/17 20:27:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/17 20:27:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/17 20:27:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/17 20:27:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/17 20:27:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/17 20:27:18 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/17 20:27:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/17 20:27:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/17 20:25:50 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/17 20:25:04 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/17 20:24:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/17 20:19:03 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/17 20:19:02 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2010/09/16 18:50:12 | 003,932,160 | -HS- | M] () -- C:\Users\stan\ntuser.dat
[2010/09/16 18:47:08 | 001,980,554 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2010/09/16 18:34:59 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/16 18:32:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 18:32:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/16 18:32:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/16 18:31:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/16 18:31:45 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/14 23:10:05 | 000,524,288 | -HS- | M] () -- C:\Users\stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 23:10:05 | 000,065,536 | -HS- | M] () -- C:\Users\stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/09/14 21:06:13 | 002,481,632 | -H-- | M] () -- C:\Users\stan\AppData\Local\IconCache.db
[2010/09/14 20:02:26 | 000,525,824 | ---- | M] () -- C:\Users\stan\Desktop\dds.scr
[2010/09/14 19:55:34 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\stan\Desktop\MGADiag.exe
[2010/09/14 19:49:33 | 000,443,392 | ---- | M] () -- C:\Users\stan\Desktop\CKScanner.exe
[2010/09/13 19:12:51 | 000,067,584 | ---- | M] () -- C:\Users\stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 12:55:12 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 12:55:12 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 12:55:12 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 12:54:46 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/12 12:53:30 | 000,000,863 | ---- | M] () -- C:\Users\stan\Desktop\Norton Installation Files.lnk
[2010/09/09 20:02:17 | 000,103,688 | ---- | M] () -- C:\Users\stan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/09 20:00:47 | 002,307,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/09 19:33:06 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities.lnk
[2010/09/09 19:32:06 | 022,743,000 | ---- | M] (Symantec Corporation ) -- C:\Users\stan\Desktop\NU14.5.0.116b.exe
[2010/08/24 01:14:09 | 000,109,693 | ---- | M] () -- C:\Users\stan\Documents\PayPal Confirmation.mht
[2010/08/19 23:18:55 | 000,769,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/19 23:18:55 | 000,656,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/19 23:18:55 | 000,126,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/09/14 20:02:15 | 000,525,824 | ---- | C] () -- C:\Users\stan\Desktop\dds.scr
[2010/09/14 19:49:19 | 000,443,392 | ---- | C] () -- C:\Users\stan\Desktop\CKScanner.exe
[2010/09/12 12:55:48 | 001,980,554 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010/09/12 12:55:12 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 12:55:12 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 12:54:46 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/12 12:54:03 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2010/09/12 12:54:03 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2010/09/12 12:54:03 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf
[2010/09/12 12:54:03 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2010/09/12 12:54:03 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2010/09/12 12:54:03 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2010/09/12 12:54:03 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2010/09/12 12:54:00 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat
[2010/09/12 12:53:59 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2010/09/12 12:53:59 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2010/09/12 12:53:59 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2010/09/12 12:53:59 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2010/09/09 20:09:11 | 000,000,863 | ---- | C] () -- C:\Users\stan\Desktop\Norton Installation Files.lnk
[2010/09/09 19:33:06 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities.lnk
[2010/08/24 01:14:06 | 000,109,693 | ---- | C] () -- C:\Users\stan\Documents\PayPal Confirmation.mht
[2010/02/04 15:28:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/12 08:38:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/10/26 17:46:59 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/24 02:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/24 02:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/07 20:52:45 | 000,000,680 | ---- | C] () -- C:\Users\stan\AppData\Local\d3d9caps.dat
[2008/04/28 01:56:43 | 000,067,584 | ---- | C] () -- C:\Users\stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\QSwitch.txt
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\DSwitch.txt
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\AtStart.txt
[2008/03/05 20:44:03 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2007/11/22 22:00:05 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/20 22:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 22:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 22:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D287FACF
< End of report >


OTL Extras logfile created on: 16/09/2010 6:48:37 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\stan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.91 Gb Total Space | 6.15 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 2.51 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B1E0CB8-9EFA-4EA0-AF63-99A50A591003}" = lport=2869 | protocol=6 | dir=in | app=system |
"{382FB7EF-F3DA-4CC0-B44D-49C36A733A4B}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{417F61D2-2D5A-496D-9C71-F7B2B7FDD294}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43512D9E-0C1D-409D-875B-2D9C0758A7E6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6165A0CD-D2C6-49BE-875A-A0350846FCE9}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{76C8ED42-73C5-4DE2-AED3-5E69E553C08E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8F24EAE4-E60F-4F83-BCC5-FA7F729FBC76}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BB8B7799-9773-4DF9-A03C-2493CC53455C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CD4ADF80-312B-4E85-9E30-EB8F11ACED23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDEE60EF-B0C5-4EC6-BD82-A5C5EF70D52F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE8A79-96E3-42C6-A378-B2618307E8E1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{02613E4E-1865-45D0-A7A3-77B98760BA6A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0F40E5FC-279B-49FD-989F-FD8B52775E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18767789-C624-4EBC-BB7D-13FEA9A21B29}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C8BD3D6-06BF-4297-BDC0-F35B3FABAE26}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{28D9BEDB-25BA-4825-A79E-25C48EAFCAFD}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{61624E1E-7C61-4445-A0D0-9C91A1EA42BA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{699BBAB6-F545-414D-BE21-1EC36E99D783}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{72ABB37F-AE87-4263-8FC0-6C44F98667B7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7B477F6C-2B5B-4934-95B1-2F5840ED7F9F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{88EAFACB-3FBA-4013-823F-36107304EAC7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{98B25FE6-A728-4264-B573-EE87DB243E06}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{9AB41276-206D-45D7-852E-082520D912C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2F48AA6-B2B3-4EC9-A337-D73F2D00A9E9}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AACE2403-6EEF-4F22-B537-CEA78E86620C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC9E85C1-6185-442A-99D3-EFB0255D936D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2B94305-A2DD-44C9-B0FA-B5AC33D9638B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D882CC67-1BBA-449D-947F-1D47D541ED30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DFA50BA1-336D-4311-B90C-9472E7F58360}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E89E9579-DE5F-4211-9D0D-9F04C99C928B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC89A619-ADF5-4298-A6E9-D3FD73D34265}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E2
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4532168B-140A-48D1-91F3-4F52EEE3DBA3}" = ArcSoft Collage Creator
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}" = Nokia Software Updater
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5F1B66A-F117-427C-98C7-D4732F49BEBF}" = NavDesk 2009
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"AIM_6" = AIM 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"Norton Utilities_is1" = Norton Utilities
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2009 8:17:02 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 928 Start Time: 01ca1bf3da3af745 Termination Time: 40076

Error - 22/08/2009 6:02:37 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module flvff.dll, version 0.0.0.0, time stamp 0x4775aa4e,
exception code 0xc0000005, fault offset 0x00003bae, process id 0xd3c, application
start time 0x01ca22de6678e7b9.

Error - 25/08/2009 12:25:08 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4c4 Start Time: 01ca2539aaed7bb1 Termination Time: 5387

Error - 14/09/2009 6:10:50 AM | Computer Name = stan-PC | Source = VSS | ID = 8194
Description =

Error - 16/09/2009 7:40:09 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1718 Start Time: 01ca36beb16b1aea Termination Time: 0

Error - 16/09/2009 7:47:04 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c,
exception code 0xc0000005, fault offset 0x00038925, process id 0x1788, application
start time 0x01ca36bf0917bf0a.

Error - 24/09/2009 5:57:25 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x00157a8b, process id 0x1fa4, application
start time 0x01ca3ced13c22dd5.

Error - 2/10/2009 11:35:36 PM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp
0x4717a53b, faulting module RTMPLTFM.dll, version 3.0.5774.0, time stamp 0x4501b83c,
exception code 0xc0000005, fault offset 0x000a58de, process id 0x8d4, application
start time 0x01ca43da73331267.

Error - 10/10/2009 11:35:09 PM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program RealPlay.exe version 11.0.0.446 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1aa0 Start Time: 01ca4a17488ce49e Termination Time: 5569

Error - 10/10/2009 11:35:35 PM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application LuComServer_3_4.EXE, version 3.4.1.238, time
stamp 0x48932a97, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x00043387, process id 0x350,
application start time 0x01ca4a239f76afae.

[ System Events ]
Error - 9/09/2010 6:04:02 AM | Computer Name = stan-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 9/09/2010 9:20:20 AM | Computer Name = stan-PC | Source = DCOM | ID = 10010
Description =

Error - 11/09/2010 10:53:13 PM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 12/09/2010 12:25:37 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 12/09/2010 7:09:06 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 13/09/2010 4:53:47 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 14/09/2010 5:41:36 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 14/09/2010 7:18:10 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 14/09/2010 8:30:21 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 16/09/2010 4:32:19 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =


< End of report >
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 18th, 2010, 6:09 pm

Hello falcon10,

REMOVE PROGRAMS-VISTA
  • Go to start > control panel > programs and features.
  • Right click on each instance of:

    Ad-Aware
    Java(TM) 6 Update 2
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7


  • Click Uninstall & then follow the prompts to remove it.

===================

Upload files for scanning
I'd like you to check a file/some files for malware.
C:\Users\stan\Desktop\NU14.5.0.116b.exe
C:\Windows\System32\CddbCdda.dll
C:\Windows\System32\drivers\blbdrive.sys

  • Copy/Paste the first file on the list into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
  • After a while, a window will open, with details of what the scans found.
  • Save the complete results in a Notepad/Word document on your desktop.
  • Repeat for all files on the list.

===================

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note:to restore your registry, go to the folder and start ERUNT.exe

===================

Run OTL Fix
  • Right-click OTL.exe and select Run as administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    O4 - HKLM..\Run: [] File not found
    @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D287FACF
    
    :Services
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{98B25FE6-A728-4264-B573-EE87DB243E06}" =-
    "{A2F48AA6-B2B3-4EC9-A337-D73F2D00A9E9}" =-
    
    :Files
    C:\Program Files\Trend Micro
    
    :Commands
    [emptytemp]
    [Reboot]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

===================

Please post the following in your next reply:
  • The scan results for the three files I asked you to upload
  • The log from the OTL fix
  • A fresh OTL scan
  • A description of how your computer is behaving. Are you still getting the same error messages?
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 20th, 2010, 5:01 am

Hi.....I have done what was asked except for the scan on file C:\Users\stan\Desktop\NU14.5.0.116b.exe which said it was too big to scan.....This file is Norton Utilities only put on a week ago the problem was happening some months before that....also couldnt find file C:\Windows\System32\drivers\blbdrive.sys....to scan...searched averywhere....did the otl fix ....but the problem still occurs on startup and whenever i try to access the olympus program....The error still is.....program c:\programfiles\olympus\olympusmaster2\MMonitor.exe.....it says its a runtime error......Have attached the otl fix and new scan results

Thanks

OTL fix log below

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
ADS C:\ProgramData\TEMP:D287FACF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{98B25FE6-A728-4264-B573-EE87DB243E06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98B25FE6-A728-4264-B573-EE87DB243E06}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2F48AA6-B2B3-4EC9-A337-D73F2D00A9E9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2F48AA6-B2B3-4EC9-A337-D73F2D00A9E9}\ not found.
========== FILES ==========
C:\Program Files\Trend Micro\HijackThis folder moved successfully.
C:\Program Files\Trend Micro folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: stan
->Temp folder emptied: 109893644 bytes
->Temporary Internet Files folder emptied: 67855959 bytes
->Java cache emptied: 78831548 bytes
->Flash cache emptied: 1582267 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43306158 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 288.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09202010_184020

Files\Folders moved on Reboot...
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VN50KY16\en[1].htm moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKQ666DL\ads[1].htm moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MKQ666DL\ads[2].htm moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXWHTL2E\freeware[1].htm moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CXWHTL2E\viewtopic[1].php moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...
You do not have the required permissions to view the files attached to this post.
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 21st, 2010, 6:45 pm

Hello falcon10,

I don't think that your problem is being caused by malware, your logs look good, but lets run one more scan just to make certain that we haven't overlooked something.

First I need for you to disable Norton Internet Security - it will otherwise interfere with our scan.

Disable Norton Internet Security
  • Log on using the Supervisor account
    1 Start Norton Internet Security.
    2 In the Norton Internet Security window, in the left pane, click User Accounts.
    3 The account that you are logged on as is displayed after "you are logged on as:"
    * If you are logged on as Supervisor, go to "To turn on or turn off Norton Internet Security."
    * If you are not logged on as Supervisor, go to line 4 of this STEP.
    4 Click Log Off.
    5 In the Confirm dialog box, click Yes.
    6 Click Log On.
    7 In the Log on dialog box, in the Account Name list, click Supervisor.
    8 In the Password field, type your password.
    If you have never assigned a password to the Supervisor account, leave this field blank.
    9 Click OK.
    You should see the text "You are logged on as: Supervisor."
  • Turnoff Norton Internet Security
    1 Start Norton Internet Security.
    2 In the left pane, click Status & Settings.
    3 Click Security.
    4 Click Turn on or Turn off.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic. (Please do not attach the file)

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 23rd, 2010, 6:42 pm

here are the results of the last scan

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f6b16f6b7edd2b4b8381c31ded9c096a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-09-23 05:52:32
# local_time=2010-09-24 03:52:32 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 1392792 122782388 0 0
# compatibility_mode=8192 67108863 100 0 478 478 0 0
# scanned=210265
# found=19
# cleaned=0
# scan_time=11135
C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application 00000000000000000000000000000000 I
C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application 00000000000000000000000000000000 I
C:\SwSetup\AOLIMS\setup.exe probably a variant of Win32/Agent.HZHBURL trojan 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\arxiljjt.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\aueeiebq.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\befedccf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\befedccf.ini2 Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\glradenn.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\idynvrvc.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\kabdsekn.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\raxaxyrf.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\sfwrgyej.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\tayaovuo.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\tyjoncpo.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\AppData\Local\Temp\ursbileu.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Users\stan\Desktop\RegistryEasy_Setup003.exe a variant of Win32/Adware.RegistryEasy application 00000000000000000000000000000000 I
C:\Users\stan\Documents\LimeWire\Saved\comedy two guys shoot their cream inside hot girl's tight ass [cumshot].mpg a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Windows\System32\fg69257.dll a variant of Win32/Chepdu.AC trojan 00000000000000000000000000000000 I
${Memory} a variant of Win32/Chepdu.AC trojan 00000000000000000000000000000000 I
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 24th, 2010, 6:30 am

Hello,

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
  1. Make certain that Windows Defender is still disabled
  2. Double click on mbam-setup.exe to install it.
  3. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
      Update Malwarebytes' Anti-Malware
      Launch Malwarebytes' Anti-Malware
  4. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
  5. Select the Scanner tab. Click on Perform full scan, then click on Scan.
  6. Leave the default options as it is and click on Start Scan.
  7. When done, you will be prompted. Click OK, then click on Show Results.
  8. Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
  9. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

Please post the following:
  • The Malwarebytes' log
  • A fresh OTL log
  • A description of any problems you are experiencing aside from the errors related to the Olympus program

Please do not attach any files. Post the contents of your logs in the body of your reply - Thank you!
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 26th, 2010, 7:43 am

Hello falcon10,

Are you still in need of assistance? If you do not reply to this topic by this time tomorrow, it will be closed due to inactivity.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 26th, 2010, 10:55 am

hi....Please find below the malware log and the otl logs.....only other problem is that internet can be slow at times and computer in general


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4698

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

27/09/2010 12:42:50 AM
mbam-log-2010-09-27 (00-42-50).txt

Scan type: Quick scan
Objects scanned: 144406
Time elapsed: 12 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\System32\fg69257.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{0a6e3b42-500d-334f-9135-86bcaac37886} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ea8c7c6d-3aa8-3cad-92fd-43cdb9d3e481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{de812a41-23bf-3982-931b-ea9a59766cad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\{de812a41-23bf-3982-931b-ea9a59766cad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{de812a41-23bf-3982-931b-ea9a59766cad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{de812a41-23bf-3982-931b-ea9a59766cad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{de812a41-23bf-3982-931b-ea9a59766cad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\D.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\fg69257.dll (Trojan.BHO) -> Delete on reboot.
C:\Users\stan\AppData\Local\Temp\media.php (Trojan.FakeAlert) -> Quarantined and deleted successfully.








OTL Extras logfile created on: 27/09/2010 12:46:28 AM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\stan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.91 Gb Total Space | 7.16 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 2.51 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
Drive E: | 239.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 103.76 Gb Free Space | 22.28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B1E0CB8-9EFA-4EA0-AF63-99A50A591003}" = lport=2869 | protocol=6 | dir=in | app=system |
"{382FB7EF-F3DA-4CC0-B44D-49C36A733A4B}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{417F61D2-2D5A-496D-9C71-F7B2B7FDD294}" = lport=2869 | protocol=6 | dir=in | app=system |
"{43512D9E-0C1D-409D-875B-2D9C0758A7E6}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{6165A0CD-D2C6-49BE-875A-A0350846FCE9}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{76C8ED42-73C5-4DE2-AED3-5E69E553C08E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8F24EAE4-E60F-4F83-BCC5-FA7F729FBC76}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{BB8B7799-9773-4DF9-A03C-2493CC53455C}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{CD4ADF80-312B-4E85-9E30-EB8F11ACED23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDEE60EF-B0C5-4EC6-BD82-A5C5EF70D52F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE8A79-96E3-42C6-A378-B2618307E8E1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{02613E4E-1865-45D0-A7A3-77B98760BA6A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0F40E5FC-279B-49FD-989F-FD8B52775E01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18767789-C624-4EBC-BB7D-13FEA9A21B29}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1C8BD3D6-06BF-4297-BDC0-F35B3FABAE26}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{28D9BEDB-25BA-4825-A79E-25C48EAFCAFD}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{61624E1E-7C61-4445-A0D0-9C91A1EA42BA}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{699BBAB6-F545-414D-BE21-1EC36E99D783}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{72ABB37F-AE87-4263-8FC0-6C44F98667B7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{7B477F6C-2B5B-4934-95B1-2F5840ED7F9F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{88EAFACB-3FBA-4013-823F-36107304EAC7}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9AB41276-206D-45D7-852E-082520D912C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5EAC1B6-A448-434C-A2A9-95BAA0E2641A}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AACE2403-6EEF-4F22-B537-CEA78E86620C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AC9E85C1-6185-442A-99D3-EFB0255D936D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B2B94305-A2DD-44C9-B0FA-B5AC33D9638B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{D005DF3B-EDC7-49F8-B72A-BF4331A3ADC7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{D882CC67-1BBA-449D-947F-1D47D541ED30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DFA50BA1-336D-4311-B90C-9472E7F58360}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{E89E9579-DE5F-4211-9D0D-9F04C99C928B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EC89A619-ADF5-4298-A6E9-D3FD73D34265}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0815D55A-5EFF-4E1B-8C04-7035E914D90D}" = OLYMPUS Master 2
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28EDCE9C-3304-4331-8AB3-F3EBE94C35B4}" = HP Help and Support
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{303F7619-4E67-450F-985A-A2DF51B30AC8}" = Adobe Setup
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E2
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4532168B-140A-48D1-91F3-4F52EEE3DBA3}" = ArcSoft Collage Creator
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.6
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5D19E730-D3C6-47F4-AE4B-DCB26EC2D905}" = Nokia Software Updater
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7D2370AC-D8E6-4996-986A-19824F8A167C}" = Logitech QuickCam
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A4E0CA0F-1903-440A-9B98-FEA6CB049999}" = Nokia Flashing Cable Driver
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC7E2C06-D255-4300-AA12-33AB54D009AC}" = Adobe Creative Suite 4 Design Standard
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7358B07-4F10-4014-9869-7999578BE8ED}" = HP User Guides 0093
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5F1B66A-F117-427C-98C7-D4732F49BEBF}" = NavDesk 2009
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_1e3ba55b33b1e8227645fb9c82acca3" = Adobe Creative Suite 4 Design Standard
"AIM_6" = AIM 6
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"Nokia PC Suite" = Nokia PC Suite
"Norton Utilities_is1" = Norton Utilities
"QcDrv" = Logitech® Camera Driver
"RealPlayer 12.0" = RealPlayer
"Registry Easy_is1" = Registry Easy v5.6
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.4
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"TVWiz" = Intel(R) TV Wizard
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/08/2009 8:17:02 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 928 Start Time: 01ca1bf3da3af745 Termination Time: 40076

Error - 22/08/2009 6:02:37 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp
0x4907e242, faulting module flvff.dll, version 0.0.0.0, time stamp 0x4775aa4e,
exception code 0xc0000005, fault offset 0x00003bae, process id 0xd3c, application
start time 0x01ca22de6678e7b9.

Error - 25/08/2009 12:25:08 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 4c4 Start Time: 01ca2539aaed7bb1 Termination Time: 5387

Error - 14/09/2009 6:10:50 AM | Computer Name = stan-PC | Source = VSS | ID = 8194
Description =

Error - 16/09/2009 7:40:09 AM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18813 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1718 Start Time: 01ca36beb16b1aea Termination Time: 0

Error - 16/09/2009 7:47:04 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application DllHost.exe, version 6.0.6000.16386, time stamp
0x4549b14e, faulting module ole32.dll, version 6.0.6001.18000, time stamp 0x4791a74c,
exception code 0xc0000005, fault offset 0x00038925, process id 0x1788, application
start time 0x01ca36bf0917bf0a.

Error - 24/09/2009 5:57:25 AM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18813, time stamp
0x4a6621ae, faulting module Flash10c.ocx, version 10.0.32.18, time stamp 0x4a613d79,
exception code 0xc0000005, fault offset 0x00157a8b, process id 0x1fa4, application
start time 0x01ca3ced13c22dd5.

Error - 2/10/2009 11:35:36 PM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application msnmsgr.exe, version 8.5.1302.1018, time stamp
0x4717a53b, faulting module RTMPLTFM.dll, version 3.0.5774.0, time stamp 0x4501b83c,
exception code 0xc0000005, fault offset 0x000a58de, process id 0x8d4, application
start time 0x01ca43da73331267.

Error - 10/10/2009 11:35:09 PM | Computer Name = stan-PC | Source = Application Hang | ID = 1002
Description = The program RealPlay.exe version 11.0.0.446 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1aa0 Start Time: 01ca4a17488ce49e Termination Time: 5569

Error - 10/10/2009 11:35:35 PM | Computer Name = stan-PC | Source = Application Error | ID = 1000
Description = Faulting application LuComServer_3_4.EXE, version 3.4.1.238, time
stamp 0x48932a97, faulting module ntdll.dll, version 6.0.6001.18000, time stamp
0x4791a7a6, exception code 0xc0000005, fault offset 0x00043387, process id 0x350,
application start time 0x01ca4a239f76afae.

[ System Events ]
Error - 22/09/2010 4:05:05 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 22/09/2010 5:15:12 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 22/09/2010 11:38:08 AM | Computer Name = stan-PC | Source = DCOM | ID = 10010
Description =

Error - 23/09/2010 6:35:44 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 23/09/2010 10:28:51 AM | Computer Name = stan-PC | Source = DCOM | ID = 10010
Description =

Error - 23/09/2010 10:31:24 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 23/09/2010 6:47:19 PM | Computer Name = stan-PC | Source = DCOM | ID = 10010
Description =

Error - 23/09/2010 6:50:27 PM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 26/09/2010 6:14:46 AM | Computer Name = stan-PC | Source = LSM | ID = 1048
Description =

Error - 26/09/2010 9:34:16 AM | Computer Name = stan-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >




OTL logfile created on: 27/09/2010 12:46:28 AM - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\stan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 22.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.91 Gb Total Space | 7.16 Gb Free Space | 11.04% Space Free | Partition Type: NTFS
Drive D: | 9.62 Gb Total Space | 2.51 Gb Free Space | 26.05% Space Free | Partition Type: NTFS
Drive E: | 239.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 103.76 Gb Free Space | 22.28% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STAN-PC
Current User Name: stan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
PRC - [2010/08/23 14:52:26 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/07/23 15:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/18 20:33:01 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/09/14 10:53:32 | 000,279,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Utilities 14\RMTray.exe
PRC - [2009/09/11 00:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/04 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/04 09:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007/03/23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2007/02/08 01:13:48 | 000,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/02/08 01:12:48 | 000,488,984 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 01:12:20 | 000,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/02/06 17:43:26 | 000,252,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe


========== Modules (SafeList) ==========

MOD - [2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
MOD - [2010/08/17 13:39:11 | 000,413,552 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\asOEHook.dll
MOD - [2009/07/12 17:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 17:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\Microsoft.VC90.CRT\msvcp90.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007/02/06 17:45:14 | 000,092,960 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/07/23 15:05:56 | 000,126,904 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.1.0.37\ccSvcHst.exe -- (NIS)
SRV - [2010/06/27 17:21:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/08/15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/04 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/03/26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/06 04:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/06 17:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 17:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/26 20:43:55 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100925.003\navex15.sys -- (NAVEX15)
DRV - [2010/09/26 20:43:55 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100925.003\naveng.sys -- (NAVENG)
DRV - [2010/09/12 12:55:12 | 000,126,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/09/08 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/08 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/09/01 08:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/07/29 13:33:05 | 000,666,672 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMEFA.SYS -- (SymEFA)
DRV - [2010/07/29 12:54:36 | 000,489,008 | R--- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSP.SYS -- (SRTSP)
DRV - [2010/07/29 12:54:36 | 000,050,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/07/13 11:20:20 | 000,331,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/06/27 14:05:55 | 000,134,704 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\Ironx86.SYS -- (SymIRON)
DRV - [2010/06/27 14:05:05 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100924.001\IDSvix86.sys -- (IDSVix86)
DRV - [2010/06/13 20:50:57 | 000,339,504 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1201000.025\SYMDS.SYS -- (SymDS)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2009/04/11 14:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/03 18:18:44 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/22 07:42:58 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/02/27 06:26:04 | 000,201,728 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/08 19:58:46 | 000,165,424 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/11/29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007/11/29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007/11/29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007/11/29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007/10/11 21:17:56 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/09/30 17:03:12 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/09/28 11:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/08/20 22:25:56 | 001,790,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/08/20 22:25:56 | 001,790,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/07/11 00:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 21:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 21:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 21:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/19 11:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/31 09:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/02/06 17:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 17:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 17:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/04 04:32:34 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/02/04 04:27:27 | 000,938,272 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/02/04 04:27:15 | 000,014,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 17:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/29 04:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/18 20:34:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2010/09/12 12:57:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2010/09/12 12:53:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.1.0.37\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\RMTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlcm.cab (Reg Error: Value error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/resourc ... den-au.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\stan\Pictures\2004-01 (Jan)\P1014043.JPG
O24 - Desktop BackupWallPaper: C:\Users\stan\Pictures\2004-01 (Jan)\P1014043.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/22 21:19:47 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/12 01:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2006/12/04 08:47:02 | 000,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/03/27 13:58:40 | 000,000,209 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{d6c4cd1c-13b6-11dd-8e3c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d6c4cd1c-13b6-11dd-8e3c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launcher.exe -- [2008/04/29 09:40:40 | 001,418,544 | R--- | M] (OLYMPUS IMAGING CORP.)
O33 - MountPoints2\{fc380d85-cc38-11de-8978-001eec15150b}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009/01/16 18:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\{fc380d85-cc38-11de-8978-001eec15150b}\Shell\Install\command - "" = F:\Setup.exe -- [2009/01/16 18:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe -- [2009/01/16 18:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O33 - MountPoints2\F\Shell\Install\command - "" = F:\Setup.exe -- [2009/01/16 18:14:08 | 000,156,312 | ---- | M] (Seagate Technology LLC)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/27 00:26:50 | 000,000,000 | ---D | C] -- C:\Users\stan\AppData\Roaming\Malwarebytes
[2010/09/27 00:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/27 00:26:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/27 00:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/27 00:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/26 22:08:58 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\stan\Desktop\mbam-setup-1.46.exe
[2010/09/23 21:50:10 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fg69257.dll
[2010/09/21 14:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/09/21 14:43:25 | 004,967,936 | ---- | C] (CheeseSoft Inc. ) -- C:\Users\stan\Desktop\RegistryEasy_Setup003.exe
[2010/09/20 18:40:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/09/20 18:38:41 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/09/20 18:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 18:33:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\stan\Desktop\erunt-setup.exe
[2010/09/16 18:49:55 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/16 18:44:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2010/09/14 19:57:51 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2010/09/14 19:55:21 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\stan\Desktop\MGADiag.exe
[2010/09/12 13:29:10 | 000,000,000 | ---D | C] -- C:\Users\stan\AppData\Local\CrashDumps
[2010/09/12 13:29:09 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\Symantec
[2010/09/12 12:55:12 | 000,126,512 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 12:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/09/12 12:54:33 | 000,666,672 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.sys
[2010/09/12 12:54:33 | 000,489,008 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.sys
[2010/09/12 12:54:33 | 000,339,504 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.sys
[2010/09/12 12:54:33 | 000,331,312 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symtdiv.sys
[2010/09/12 12:54:33 | 000,294,448 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\symnets.sys
[2010/09/12 12:54:33 | 000,134,704 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\Ironx86.sys
[2010/09/12 12:54:33 | 000,050,096 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.sys
[2010/09/12 12:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2010/09/12 12:53:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1201000.025
[2010/09/12 12:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2010/09/09 21:37:24 | 000,000,000 | ---D | C] -- C:\Users\stan\Desktop\hijackthis
[2010/09/09 21:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
[2010/09/09 21:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/09/09 20:26:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/09 19:42:30 | 000,000,000 | ---D | C] -- C:\Users\stan\Documents\comp
[2010/09/09 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton Installer
[2010/09/09 19:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/09/09 19:32:45 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2010/09/09 19:32:45 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2010/09/09 19:32:45 | 000,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2010/09/09 19:32:45 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2010/09/09 19:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Utilities 14
[2010/09/09 19:27:09 | 022,743,000 | ---- | C] (Symantec Corporation ) -- C:\Users\stan\Desktop\NU14.5.0.116b.exe

========== Files - Modified Within 30 Days ==========

[2010/09/27 00:51:01 | 003,932,160 | -HS- | M] () -- C:\Users\stan\ntuser.dat
[2010/09/27 00:43:53 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ysly.sys
[2010/09/27 00:26:28 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/27 00:14:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/27 00:14:38 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/26 23:54:17 | 000,096,256 | ---- | M] () -- C:\Users\stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/26 23:10:07 | 000,769,264 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/26 23:10:07 | 000,656,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/26 23:10:07 | 000,126,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/26 22:08:58 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\stan\Desktop\mbam-setup-1.46.exe
[2010/09/26 20:19:44 | 000,002,657 | ---- | M] () -- C:\Users\stan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2010/09/26 20:19:08 | 000,000,165 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/26 20:14:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/26 20:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/26 20:14:23 | 2137,022,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/24 09:43:09 | 000,524,288 | -HS- | M] () -- C:\Users\stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/09/24 09:43:09 | 000,065,536 | -HS- | M] () -- C:\Users\stan\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/09/24 09:42:56 | 003,726,684 | -H-- | M] () -- C:\Users\stan\AppData\Local\IconCache.db
[2010/09/23 21:50:10 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fg69257.dll
[2010/09/21 21:01:05 | 000,002,152 | ---- | M] () -- C:\{420E2D3A-CC82-4E1E-A24F-AED0A852B61F}
[2010/09/21 20:47:22 | 000,003,200 | ---- | M] () -- C:\{7CFC5C8C-D129-4D9A-A13C-8BD46DD98260}
[2010/09/21 14:44:02 | 000,000,869 | ---- | M] () -- C:\Users\stan\Desktop\Registry Easy.lnk
[2010/09/21 14:43:36 | 004,967,936 | ---- | M] (CheeseSoft Inc. ) -- C:\Users\stan\Desktop\RegistryEasy_Setup003.exe
[2010/09/20 18:37:29 | 000,000,913 | ---- | M] () -- C:\Users\stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 18:37:17 | 000,000,733 | ---- | M] () -- C:\Users\stan\Desktop\NTREGOPT.lnk
[2010/09/20 18:37:17 | 000,000,714 | ---- | M] () -- C:\Users\stan\Desktop\ERUNT.lnk
[2010/09/20 18:36:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\stan\Desktop\erunt-setup.exe
[2010/09/16 18:47:08 | 001,980,554 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010/09/16 18:45:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\stan\Desktop\OTL.exe
[2010/09/14 20:02:26 | 000,525,824 | ---- | M] () -- C:\Users\stan\Desktop\dds.scr
[2010/09/14 19:55:34 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\stan\Desktop\MGADiag.exe
[2010/09/14 19:49:33 | 000,443,392 | ---- | M] () -- C:\Users\stan\Desktop\CKScanner.exe
[2010/09/12 12:55:12 | 000,126,512 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2010/09/12 12:55:12 | 000,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 12:55:12 | 000,000,805 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 12:54:46 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/12 12:53:30 | 000,000,863 | ---- | M] () -- C:\Users\stan\Desktop\Norton Installation Files.lnk
[2010/09/09 20:02:17 | 000,103,688 | ---- | M] () -- C:\Users\stan\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/09 20:00:47 | 002,307,944 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/09 19:33:06 | 000,000,845 | ---- | M] () -- C:\Users\Public\Desktop\Norton Utilities.lnk
[2010/09/09 19:32:06 | 022,743,000 | ---- | M] (Symantec Corporation ) -- C:\Users\stan\Desktop\NU14.5.0.116b.exe

========== Files Created - No Company Name ==========

[2010/09/27 00:43:53 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ysly.sys
[2010/09/27 00:26:28 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/21 21:01:04 | 000,002,152 | ---- | C] () -- C:\{420E2D3A-CC82-4E1E-A24F-AED0A852B61F}
[2010/09/21 20:47:21 | 000,003,200 | ---- | C] () -- C:\{7CFC5C8C-D129-4D9A-A13C-8BD46DD98260}
[2010/09/21 14:44:02 | 000,000,869 | ---- | C] () -- C:\Users\stan\Desktop\Registry Easy.lnk
[2010/09/20 18:37:29 | 000,000,913 | ---- | C] () -- C:\Users\stan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/20 18:37:17 | 000,000,733 | ---- | C] () -- C:\Users\stan\Desktop\NTREGOPT.lnk
[2010/09/20 18:37:16 | 000,000,714 | ---- | C] () -- C:\Users\stan\Desktop\ERUNT.lnk
[2010/09/14 20:02:15 | 000,525,824 | ---- | C] () -- C:\Users\stan\Desktop\dds.scr
[2010/09/14 19:49:19 | 000,443,392 | ---- | C] () -- C:\Users\stan\Desktop\CKScanner.exe
[2010/09/12 12:55:48 | 001,980,554 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Cat.DB
[2010/09/12 12:55:12 | 000,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2010/09/12 12:55:12 | 000,000,805 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2010/09/12 12:54:46 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2010/09/12 12:54:03 | 000,003,373 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.inf
[2010/09/12 12:54:03 | 000,002,792 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.inf
[2010/09/12 12:54:03 | 000,001,473 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNetV.inf
[2010/09/12 12:54:03 | 000,001,445 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.inf
[2010/09/12 12:54:03 | 000,001,389 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.inf
[2010/09/12 12:54:03 | 000,001,383 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.inf
[2010/09/12 12:54:03 | 000,000,741 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\Iron.inf
[2010/09/12 12:54:00 | 000,007,787 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\symnetv.cat
[2010/09/12 12:53:59 | 000,007,446 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymNet.cat
[2010/09/12 12:53:59 | 000,007,444 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymEFA.cat
[2010/09/12 12:53:59 | 000,007,442 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtspx.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\SymDS.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\srtsp.cat
[2010/09/12 12:53:59 | 000,007,438 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\iron.cat
[2010/09/12 12:53:59 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1201000.025\isolate.ini
[2010/09/09 20:09:11 | 000,000,863 | ---- | C] () -- C:\Users\stan\Desktop\Norton Installation Files.lnk
[2010/09/09 19:33:06 | 000,000,845 | ---- | C] () -- C:\Users\Public\Desktop\Norton Utilities.lnk
[2010/02/04 15:28:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/12 08:38:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/10/26 17:46:59 | 000,050,127 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/07/24 02:50:52 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/24 02:47:34 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/24 02:46:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/05/07 20:52:45 | 000,000,680 | ---- | C] () -- C:\Users\stan\AppData\Local\d3d9caps.dat
[2008/04/28 01:56:43 | 000,096,256 | ---- | C] () -- C:\Users\stan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\QSwitch.txt
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\DSwitch.txt
[2008/04/26 11:34:52 | 000,000,000 | ---- | C] () -- C:\Users\stan\AppData\Local\AtStart.txt
[2008/03/05 20:44:03 | 000,155,648 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2007/11/22 22:00:05 | 000,000,372 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/08/20 22:34:08 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007/08/20 22:25:00 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/20 22:10:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/02/06 17:45:04 | 000,025,632 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007/02/06 17:42:40 | 001,691,808 | ---- | C] () -- C:\Windows\System32\drivers\Lvckap.sys
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/12/07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
< End of report >
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby Carolyn » September 27th, 2010, 7:37 pm

Hello again,

Since you are using Norton Internet Security, I recommend that you not use Windows Defender or Malwarebytes' Anti-malware real-time protection and you definitely should not use both at the same time. Too many security programs will slow your computer down. Also, they can interfere with each other which would diminish their effectiveness.

You can keep both Windows Defender and Malwarebytes' Anti-malware installed on your computer and use either to scan your computer periodically.

===============

Backup your Registry with ERUNT

Please right click the ERUNT icon on your desktop and select Run as administrator to run the program.

Note: If you are unable to run ERUNT for any reason, please do not continue with the rest of these instructions. Stop and post so that I may assist you.

===============

Run OTL Script
  • Right-click OTL.exe and select Run as administrator to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
    O4 - HKLM..\Run: [hpqSRMon] File not found
    O4 - HKU\S-1-5-21-3107803068-2574271945-3947071597-1003..\Run: [AdobeBridge] File not found
    O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    
    :Files
    C:\Windows\System32\fg69257.dll
    C:\Program Files\Registry Easy
    C:\Users\stan\Documents\LimeWire
    C:\Users\stan\Desktop\RegistryEasy_Setup003.exe
    C:\{7CFC5C8C-D129-4D9A-A13C-8BD46DD98260}
    
    :Commands
    [emptytemp]
    [Reboot]
    

  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

==================

Kaspersky Online Scanner.
Vista - W7 users: You will need to to right-click on the IE or FF icons on the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.

Please go to Kaspersky Online Virus Scanner © Kaspersky Lab to perform an online antivirus scan.
  1. Read the "Advantages - Requirements and Limitations" then press... the ACCEPT...button.
    The latest program and definition files will be downloaded. It takes time, please be patient, let it finish.
  2. Once the files have been downloaded, click on the SETTINGS...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the SAVE...button, if you made any changes.
  3. Now under the Scan section on the left:
      Select My Computer
    The program will start scanning your system. This takes a while, be patient... let it run.
    Once the scan is complete it will display if your system has been infected.
  4. Save the scan results as a Text file ... save it to your desktop.
  5. Copy and paste the saved scan results file in your next reply.

==================

Please post the OTL and Kaspersky logs in your next reply. Also let me know if there is any change in how your computer is behaving.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: runtime error message C:\Program Files\OLYMPUS\OLYMPUS M

Unread postby falcon10 » September 29th, 2010, 6:09 pm

Hi please find below the results as asked.....only other behaviour is the computer is blocking some programs on startup

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Health Check Scheduler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3107803068-2574271945-3947071597-1003\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware not found.
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe moved successfully.
========== FILES ==========
File\Folder C:\Windows\System32\fg69257.dll not found.
C:\Program Files\Registry Easy folder moved successfully.
C:\Users\stan\Documents\LimeWire\Store Purchased folder moved successfully.
C:\Users\stan\Documents\LimeWire\Shared folder moved successfully.
C:\Users\stan\Documents\LimeWire\Saved folder moved successfully.
C:\Users\stan\Documents\LimeWire\Incomplete\Z72A7AVEPD5ZTBVFSTSTMWVYL6MV4XAG folder moved successfully.
C:\Users\stan\Documents\LimeWire\Incomplete\EF3USYZLVB3RQFACFUKWETZSNRSOBCEL folder moved successfully.
C:\Users\stan\Documents\LimeWire\Incomplete folder moved successfully.
C:\Users\stan\Documents\LimeWire folder moved successfully.
C:\Users\stan\Desktop\RegistryEasy_Setup003.exe moved successfully.
C:\{7CFC5C8C-D129-4D9A-A13C-8BD46DD98260} moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: stan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 459487405 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 7945 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 438.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09292010_201340

Files\Folders moved on Reboot...
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JV8WAAPK\viewtopic[1].htm moved successfully.
C:\Users\stan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...





Thursday, September 30, 2010
Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 29, 2010 07:40:48
Records in database: 4257158


Scan settings
scan using the following database extended
Scan archives yes
Scan e-mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\

Scan statistics
Objects scanned 242353
Threats found 2
Infected objects found 2
Suspicious objects found 0
Scan duration 08:01:55

File name Threat Threats count
C:\Program Files\AIM6\addressBook.exe Infected: Trojan.Win32.Vilsel.ajgl 1

C:\Users\stan\AppData\Local\Temp\MPSampleSubmit\opcnojyt.dll.xor Infected: Trojan.Win32.Monderb.gen 1

Selected area has been scanned.
falcon10
Active Member
 
Posts: 7
Joined: September 9th, 2010, 7:31 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware