Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Applications crashing, system running bad

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Applications crashing, system running bad

Unread postby GirlinWayside » January 26th, 2009, 10:19 am

My computer has been doing some quirky things and has been getting worse and worse as the days tick by. Pages take forever to load sometimes and now my applications are crashing. They are not crashing all at once, just here and there. I can come in, turn the monitor on, and there will be a message that something has stopped working or is not responding. I downloaded a game for my 5 year old a month ago and thats about the time all this mess started. I run Malwarebytes and it removed a DNSchanger trojan but Im still having problems.

Here is my HTLog

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:37:12 AM, on 1/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\permissionresearch\prmrsr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://gvtc.angellearning.com
O15 - Trusted Zone: http://friendsblessings.b1.jcink.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla..._installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PermissionResearch - TMRG, Inc. - C:\Program Files\PermissionResearch\prservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9741 bytes
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am
Advertisement
Register to Remove

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 26th, 2009, 2:24 pm

Hello GirlinWayside, welcome to MWR
Please take note of the following before we begin the cleaning process:
  • The whole process will usually take at least a week complete, sometimes several weeks depending on the severity of the infection and how promptly you and me are able to reply, so please stay patient
  • Hang in there until I give you the 'All clean'. If you leave prematurely because your computer seems to be back to its old self, the risk of re-infection will be very high
  • Perform all actions in the order given
  • The instructions I give expect that you're using an account with administrator privileges and that the language of your operating system is English.
  • Dont be afraid to ask questions if something is unclear or you run into issues during cleaning steps
  • I recommend you read through each set of instructions before you actually perform them

1) Create an uninstall list
  • Launch Hijackthis
  • Click the Open the Misc Tools section button
  • Click the Open Uninstall Manager button.
  • Click the Save list button.
  • Include this log in your next reply

2) Get MBAM log
    If you ran Malwarebytes' Anti-Malware before, you should have one or more logs from those scans located here:
    C:\Users\<your username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
    (You'll have to enable the viewing of hidden folders to see the "AppData" folder)
    Post that log as well
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » January 26th, 2009, 3:08 pm

Thanks so much for getting to my post so soon! I have been pleading for help across the net for almost a week!!

I am not sure how to enable the viewing of hidden folders - can you tell me how please...

Here is the uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3DVIA player 4.1
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Corel Painter X
Corel Painter X
Coupon Printer for Windows
CyberLink DVD Suite Deluxe
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPSSupply
ImageConverter Plus 7.1
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.0
Java 2 SDK, SE v1.4.0
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
Malwarebytes' Anti-Malware
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
Norton PC Checkup
PDF Settings
PermissionResearch
Power2Go
PowerDirector
Python 2.5
QuickTime
Realtek High Definition Audio Driver
RTC Client API v1.2
Safari
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
WeatherBug Gadget
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 26th, 2009, 3:27 pm

Thanks so much for getting to my post so soon! I have been pleading for help across the net for almost a week!!

You're welcome!
If you have started threads at other forums, please notify them that you are being helped elsewhere, so that they may focus their time on the others that are waiting.

I am not sure how to enable the viewing of hidden folders - can you tell me how please...

  • Press the windows key and the R key at the same time to open the Run dialog box
  • Type control folders and press enter
  • A control panel should now open.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Press OK to apply the settings
    (You can reverse this process after you've collected the logs)
  • You should now be able to access this folder:
    C:\Users\<your username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs
  • Post the log(s) you find there

Download and run DDS by sUBs
  • Download DDS from one of the links below and save it to your desktop
    Link1 | Link2 | Link3
  • Right-click on the file and chose Run as administrator to run the tool
  • A black window will stay open while the tool runs
  • Wait for the scan to finish (this will only take a couple of minutes), and two logs to open in separate notepad documents
  • Include both these logs in your next reply

Logs I need:
MBAM log(s)
Both DDS logs
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » January 26th, 2009, 4:22 pm

Sharagoz wrote:If you have started threads at other forums, please notify them that you are being helped elsewhere, so that they may focus their time on the others that are waiting.



Thanks, this has been done. :)




Sharagoz wrote:
Logs I need:
MBAM log(s)
Both DDS logs


I have several MBAM logs that I have run since the 21st. Should I zip them together and attach as one file? Also, it may be tomorrow before I have time to run the other.

Thanks again for all your help..:)
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 26th, 2009, 4:27 pm

I dont know how many MBAM logs you have, but posting 5 shouldnt be a problem.
If there are more than 5, zip them and attach.

Running DDS only takes a couple of minutes, so if you have time to post them at the same time it will speed up the cleaning process.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » January 26th, 2009, 5:36 pm

DDS logs:


DDS (Ver_09-01-07.01) - NTFSx86
Run by Kelly at 16:29:22.64 on Mon 01/26/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1015.245 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\PermissionResearch\prservice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\program files\permissionresearch\prmrsr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Kelly\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/def ... earch.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateReg] "c:\windows\system32\jureg.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1201650634\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\kelly\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: angellearning.com\gvtc
Trusted Zone: jcink.com\friendsblessings.b1
TCP: {5699845C-2941-4113-895E-3091E3CA6C2E} = 208.67.220.220,208.67.222.222
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\8vppbo17.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q=
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?pr=auto&src_ ... n=1.2.4&q=
FF - component: c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\8vppbo17.default\extensions\{cbf312cd-6c68-477b-9460-463834c520bc}\components\FFAlert.dll
FF - component: c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\8vppbo17.default\extensions\kodak-companion@mozilla.com\platform\winnt\components\fotofox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: c:\users\kelly\appdata\roaming\mozilla\firefox\profiles\8vppbo17.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R4 PermissionResearch;PermissionResearch;c:\program files\permissionresearch\prservice.exe [2008-10-28 45056]

=============== Created Last 30 ================

2009-01-26 06:32 <DIR> --d----- c:\programdata\Avg8
2009-01-26 06:32 <DIR> --d----- c:\progra~2\Avg8
2009-01-19 12:12 <DIR> --d----- c:\program files\PermissionResearch
2009-01-14 06:26 288,768 a------- c:\windows\system32\drivers\srv.sys
2009-01-03 16:52 <DIR> --d----- c:\program files\Avira
2008-12-29 17:37 <DIR> --d----- c:\program files\Gogii Games
2008-12-29 16:52 <DIR> --d----- c:\programdata\Trymedia
2008-12-29 16:52 <DIR> --d----- c:\progra~2\Trymedia
2008-12-29 16:47 <DIR> --d----- c:\program files\Baby Luv
2008-12-29 16:16 <DIR> --d----- c:\program files\iWin.com
2008-12-29 16:15 <DIR> --d----- c:\programdata\iWin Games
2008-12-29 16:15 <DIR> --d----- c:\progra~2\iWin Games

==================== Find3M ====================

2009-01-26 10:49 51,200 a------- c:\windows\inf\infpub.dat
2009-01-26 10:49 143,360 a------- c:\windows\inf\infstrng.dat
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-10 04:44 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-31 22:44 52,736 a------- c:\windows\apppatch\iebrshim.dll
2008-10-31 22:44 2,154,496 a------- c:\windows\apppatch\AcGenral.dll
2008-10-31 22:44 541,696 a------- c:\windows\apppatch\AcLayers.dll
2008-10-31 22:44 460,288 a------- c:\windows\apppatch\AcSpecfc.dll
2008-10-31 22:44 173,056 a------- c:\windows\apppatch\AcXtrnal.dll
2008-10-31 22:44 28,672 a------- c:\windows\system32\Apphlpdm.dll
2008-10-31 20:21 4,240,384 a------- c:\windows\system32\GameUXLegacyGDFs.dll
2008-10-29 01:29 2,927,104 a------- c:\windows\explorer.exe
2008-10-16 12:40 86,016 a------- c:\windows\inf\infstor.dat
2008-10-13 05:25 174 a--sh--- c:\program files\desktop.ini
2008-10-13 05:09 665,600 a------- c:\windows\inf\drvindex.dat
2008-02-07 06:37 0 a------- c:\users\kelly\appdata\roaming\wklnhst.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-09-29 06:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-29 06:21 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-29 06:21 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-23 17:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-09-23 17:10 32,768 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-09-23 17:10 16,384 a--sh--- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2008-09-21 16:23 88 ---shr-- c:\windows\system32\BFDD4157B2.sys
2008-09-21 16:24 848 a--sh--- c:\windows\system32\KGyGaAvL.sys
2002-11-08 04:36 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:30:43.73 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/24/2007 04:36:38 PM
System Uptime: 1/26/2009 10:31:50 AM (6 hours ago)

Motherboard: ASUSTeK Computer INC. | | Lancaster8
Processor: Intel(R) Pentium(R) Dual CPU E2140 @ 1.60GHz | CPU 1 | 1600/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 224 GiB total, 163.786 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.264 GiB free.
E: is CDROM ()
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP544: 1/12/2009 12:00:13 AM - Scheduled Checkpoint
RP545: 1/12/2009 02:08:00 PM - Windows Update
RP546: 1/13/2009 05:49:58 AM - Scheduled Checkpoint
RP547: 1/14/2009 12:00:12 AM - Scheduled Checkpoint
RP548: 1/15/2009 04:47:44 AM - Windows Update
RP549: 1/16/2009 12:00:06 AM - Scheduled Checkpoint
RP550: 1/16/2009 02:27:15 AM - Windows Update
RP551: 1/17/2009 05:46:46 AM - Scheduled Checkpoint
RP552: 1/18/2009 10:21:40 AM - Scheduled Checkpoint
RP553: 1/19/2009 12:00:10 AM - Scheduled Checkpoint
RP554: 1/19/2009 12:11:25 PM - Installed PermissionResearch
RP555: 1/19/2009 11:53:40 PM - Windows Update
RP556: 1/21/2009 12:00:12 AM - Scheduled Checkpoint
RP557: 1/22/2009 07:45:53 AM - Scheduled Checkpoint
RP558: 1/22/2009 11:25:01 AM - Windows Update
RP559: 1/23/2009 12:00:13 AM - Scheduled Checkpoint
RP560: 1/23/2009 07:51:38 PM - Scheduled Checkpoint
RP561: 1/25/2009 12:00:13 AM - Scheduled Checkpoint
RP562: 1/25/2009 08:29:55 PM - Scheduled Checkpoint
RP563: 1/26/2009 06:23:02 AM - Removed AVG Free 8.0
RP564: 1/26/2009 06:32:18 AM - Installed AVG Free 8.0

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
32 Bit HP CIO Components Installer
3DVIA player 4.1
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Copy
Corel Painter X
Coupon Printer for Windows
CustomerResearchQFolder
CyberLink DVD Suite Deluxe
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Google Talk (remove only)
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
HPProductAssistant
HPSSupply
ImageConverter Plus 7.1
Intel(R) Graphics Media Accelerator Driver
iTunes
Java 2 Runtime Environment, SE v1.4.0
Java 2 SDK, SE v1.4.0
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LabelPrint
LightScribe System Software 1.10.16.1
LightScribe Template Labeler
Malwarebytes' Anti-Malware
MarketResearch
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 60 day trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
Norton PC Checkup
PDF Settings
PermissionResearch
Power2Go
PowerDirector
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
RTC Client API v1.2
Safari
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Visio 2007 (KB947590)
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Office 2007 (KB946691)
VideoToolkit01
WeatherBug Gadget
WebReg
Windows Live installer
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
WinRAR archiver
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/19/2009 08:18:06 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.254.1 for the Network Card with network address 001E8C3FD57B has been denied by the DHCP server 192.168.254.254 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


MBAM logs

Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 6.0.6001 Service Pack 1

1/21/2009 05:23:43 AM
mbam-log-2009-01-21 (05-23-43).txt

Scan type: Quick Scan
Objects scanned: 51526
Time elapsed: 5 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Pornovid (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 6.0.6001 Service Pack 1

1/23/2009 05:01:57 AM
mbam-log-2009-01-23 (05-01-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196439
Time elapsed: 1 hour(s), 51 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Kelly\AppData\Local\Temp\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.


Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 6.0.6001 Service Pack 1

1/24/2009 04:04:24 PM
mbam-log-2009-01-24 (16-04-24).txt

Scan type: Quick Scan
Objects scanned: 51251
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Malwarebytes' Anti-Malware 1.33
Database version: 1673
Windows 6.0.6001 Service Pack 1

1/25/2009 08:27:49 AM
mbam-log-2009-01-25 (08-27-49).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 196693
Time elapsed: 1 hour(s), 51 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 27th, 2009, 2:44 pm

Hi
I need a couple of more logs here and then I'll create a fix for you

1) Download and run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop
  • Double click on RSIT.exe to run RSIT
  • Select 2 months and then click Continue at the disclaimer screen to start the scanner
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Post the contents of both log.txt and info.txt in your next reply

2) Download and run GMER
  • Download gmer.zip by GMER from here and extract it to a folder on your desktop
  • Double click on gmer.exe to launch the program
  • If asked, allow the gmer.sys driver to load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning, click the Rootkit/Malware tab and then Scan
  • Once the scan has finished, click copy
  • Create a new notepad document on your desktop, name it "gmerrk.txt", open it, insert the GMER log by right-clicking in the document and chosing Paste, and then save the document
  • This log must be included in your next reply
  • Back in GMER, click on the >>> tab to bring up additional tabs
  • Click on the Autostart tab and then click Scan
  • Once the scan has finished, click copy, start a new reply here, right click and select "paste" to copy the log.
  • Also remember to copy the content of "gmerrk.txt" into the reply

Logs I need:
Both RIST logs
Both GMER logs

Are you receiving any unnormal popups when surfing the net?
Are you experiencing any redirects when you click links or do google searches?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » January 27th, 2009, 5:35 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by Kelly at 2009-01-27 16:02:07
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 168 GB (73%) free of 229 GB
Total RAM: 1015 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:21 PM, on 1/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\permissionresearch\prmrsr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://gvtc.angellearning.com
O15 - Trusted Zone: http://friendsblessings.b1.jcink.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PermissionResearch - TMRG, Inc. - C:\Program Files\PermissionResearch\prservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9851 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKelly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-06-10 54672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe [2006-09-25 50736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-03 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-20 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-05-27 4269296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c231c6-9ad4-11dc-bacf-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe -auto


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 2 months======

2009-01-27 16:02:07 ----D---- C:\rsit
2009-01-26 06:32:28 ----D---- C:\ProgramData\Avg8
2009-01-22 13:42:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-19 12:12:20 ----D---- C:\Program Files\PermissionResearch
2009-01-03 16:52:19 ----D---- C:\Program Files\Avira
2009-01-01 03:00:52 ----A---- C:\Windows\system32\mshtml.dll
2008-12-29 17:37:47 ----D---- C:\Program Files\Gogii Games
2008-12-29 16:52:23 ----D---- C:\ProgramData\Trymedia
2008-12-29 16:47:36 ----D---- C:\Program Files\Baby Luv
2008-12-29 16:16:43 ----D---- C:\Program Files\iWin.com
2008-12-29 16:15:19 ----D---- C:\ProgramData\iWin Games
2008-12-16 10:22:56 ----D---- C:\j2sdk1.4.0
2008-12-12 03:03:40 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 13:41:15 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 13:41:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 13:41:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 13:41:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 13:40:53 ----A---- C:\Windows\explorer.exe
2008-12-11 13:40:48 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 13:40:47 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 13:40:45 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 13:40:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 13:40:36 ----A---- C:\Windows\system32\mf.dll
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 13:40:34 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\javaws.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\deploytk.dll
2008-12-10 04:45:30 ----A---- C:\Windows\system32\javaw.exe
2008-12-10 04:45:30 ----A---- C:\Windows\system32\java.exe
2008-12-04 19:31:35 ----D---- C:\Users\Kelly\AppData\Roaming\SaveThePuppy
2008-12-03 20:55:02 ----AD---- C:\ProgramData\TEMP

======List of files/folders modified in the last 2 months======

2009-01-27 16:02:19 ----D---- C:\Windows\Prefetch
2009-01-27 16:02:10 ----D---- C:\Windows\temp
2009-01-27 15:43:17 ----D---- C:\Windows\SMINST
2009-01-27 15:00:11 ----SHD---- C:\System Volume Information
2009-01-27 14:21:47 ----D---- C:\Windows
2009-01-27 14:10:54 ----RSD---- C:\Windows\Fonts
2009-01-26 10:49:16 ----D---- C:\Windows\inf
2009-01-26 06:34:29 ----D---- C:\Windows\System32
2009-01-26 06:32:28 ----HD---- C:\ProgramData
2009-01-26 06:32:27 ----RD---- C:\Program Files
2009-01-26 06:32:17 ----SD---- C:\Users\Kelly\AppData\Roaming\Microsoft
2009-01-26 06:32:17 ----D---- C:\Windows\system32\drivers
2009-01-24 15:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-22 14:28:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-22 13:42:45 ----SHD---- C:\Windows\Installer
2009-01-21 05:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-16 02:28:00 ----D---- C:\Windows\system32\catroot2
2009-01-15 10:47:10 ----D---- C:\Windows\Debug
2009-01-15 04:58:23 ----D---- C:\Windows\winsxs
2009-01-15 04:52:51 ----D---- C:\Windows\system32\catroot
2009-01-15 04:52:47 ----D---- C:\Program Files\Windows Mail
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-05 09:30:20 ----D---- C:\Windows\Tasks
2009-01-05 09:20:24 ----D---- C:\Windows\system32\Tasks
2009-01-03 16:52:19 ----D---- C:\ProgramData\Avira
2009-01-02 14:24:57 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 11:17:01 ----D---- C:\Program Files\CCleaner
2008-12-31 19:57:48 ----D---- C:\Windows\system32\wbem
2008-12-31 19:57:48 ----D---- C:\Windows\system32\Msdtc
2008-12-31 19:57:03 ----D---- C:\Windows\system32\config
2008-12-31 19:56:41 ----D---- C:\Windows\system32\spool
2008-12-31 19:56:41 ----D---- C:\Program Files\Windows Defender
2008-12-31 19:56:37 ----D---- C:\ProgramData\HP Product Assistant
2008-12-31 19:56:37 ----D---- C:\ProgramData\FLEXnet
2008-12-31 19:56:37 ----D---- C:\Program Files\Norton PC Checkup
2008-12-31 19:56:31 ----D---- C:\Windows\registration
2008-12-28 18:24:46 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 19:44:09 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-12-16 10:22:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-16 10:13:28 ----D---- C:\Program Files\Java
2008-12-12 03:35:27 ----D---- C:\Windows\rescache
2008-12-12 03:16:37 ----D---- C:\Windows\AppPatch
2008-12-12 03:16:36 ----D---- C:\Windows\system32\en-US
2008-12-12 03:10:11 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 16:23:43 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-23 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PermissionResearch;PermissionResearch; C:\Program Files\PermissionResearch\prservice.exe [2008-10-28 45056]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-13 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-27 16:02:29

======Uninstall list======

-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\Users\Kelly\AppData\Local\Temp\PainterX.log
Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFAD41A9-9687-48A3-848F-693C11451433}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor-->MsiExec.exe /X{e96b3d28-47d6-43cc-98fd-7069eeab6b11}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ImageConverter Plus 7.1-->"C:\Program Files\ImageConverter Plus\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java 2 Runtime Environment, SE v1.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4588301-0A06-11D6-A761-00B0D079AF64}\Setup.exe"
Java 2 SDK, SE v1.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4588303-0A06-11D6-A761-00B0D079AF64}\Setup.exe" Anytext
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LightScribe Template Labeler-->MsiExec.exe /X{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PermissionResearch-->c:\program files\permissionresearch\prmrsr.exe -bootremove -uninst:PermissionResearch
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender (disabled)

System event log

Computer Name: Kelly-PC
Event Code: 18
Message: TIMEOUT<prmrsr.exe> C:\...hotoshop.CS3\setup.exe
Record Number: 80163
Source Name: avgntflt
Time Written: 20090127205049.007965-000
Event Type: Warning
User:

Computer Name: Kelly-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the running state.
Record Number: 80164
Source Name: Service Control Manager
Time Written: 20090127205617.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 80165
Source Name: Service Control Manager
Time Written: 20090127205627.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 80166
Source Name: Service Control Manager
Time Written: 20090127210019.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 80167
Source Name: Service Control Manager
Time Written: 20090127210046.000000-000
Event Type: Information
User:

Application event log

Computer Name: Kelly-PC
Event Code: 4101
Message: Windows license validated.
Record Number: 16115
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090127204312.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 6000
Message: The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Record Number: 16116
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090127204312.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 16117
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090127204411.818965-000
Event Type: Information
User: Kelly-PC\Kelly

Computer Name: Kelly-PC
Event Code: 0
Message:
Record Number: 16118
Source Name: iPod Service
Time Written: 20090127204424.000000-000
Event Type: Information
User:

Computer Name: Kelly-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 16119
Source Name: LightScribeService
Time Written: 20090127210227.000000-000
Event Type: Information
User:

Security event log

Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31725
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210219.913965-000
Event Type: Audit Failure
User:

Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31726
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210219.962965-000
Event Type: Audit Failure
User:

Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31727
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.003965-000
Event Type: Audit Failure
User:

Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31728
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.042965-000
Event Type: Audit Failure
User:

Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31729
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.079965-000
Event Type: Audit Failure
User:

======Environment variables======

"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;C:\Program Files\ImageConverter Plus;C:\Program Files\QuickTime\QTSystem;.;c:\j2sdk1.4.0\bin;.;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Presario
"PLATFORM"=HPD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%

-----------------EOF-----------------
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-27 16:30:31
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.14 ----

SSDT A49862B4 ZwCreateThread
SSDT A49862A0 ZwOpenProcess
SSDT A49862A5 ZwOpenThread
SSDT A49862AF ZwTerminateProcess
SSDT A49862AA ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!KeSetTimerEx + 454 81CD6A18 4 Bytes [ B4, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CD6BE8 4 Bytes [ A0, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CD6C04 4 Bytes [ A5, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CD6E18 4 Bytes [ AF, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CD6E78 4 Bytes [ AA, 62, 98, A4 ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 027330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 02731B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!recv 7635343A 5 Bytes JMP 02732C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!connect 763540D9 5 Bytes JMP 02731670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSASend 76354496 5 Bytes JMP 027327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!send 7635659B 5 Bytes JMP 02732210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 02732F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 02733550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 027319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!EncryptMessage 75E74BE6 3 Bytes JMP 02730060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!EncryptMessage + 4 75E74BEA 1 Byte [ 8C ]
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!DecryptMessage 75E74CB3 3 Bytes JMP 02731F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!DecryptMessage + 4 75E74CB7 1 Byte [ 8C ]
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 027332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01E330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01E31B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!recv 7635343A 5 Bytes JMP 01E32C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!connect 763540D9 5 Bytes JMP 01E31670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01E327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!send 7635659B 5 Bytes JMP 01E32210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01E32F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01E33550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01E319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01E30060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01E31F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01E332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] kernel32.dll!SetUnhandledExceptionFilter 77296E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01FA30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01FA1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!recv 7635343A 5 Bytes JMP 01FA2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!connect 763540D9 5 Bytes JMP 01FA1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01FA27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!send 7635659B 5 Bytes JMP 01FA2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01FA2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01FA3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01FA19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01FA0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01FA1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01FA32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] KERNEL32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 005A30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 005A1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!recv 7635343A 5 Bytes JMP 005A2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!connect 763540D9 5 Bytes JMP 005A1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSASend 76354496 5 Bytes JMP 005A27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!send 7635659B 5 Bytes JMP 005A2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 005A2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 005A3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 005A19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 005A0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 005A1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 005A32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 042630B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 04260060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 04261F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 04261B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!recv 7635343A 5 Bytes JMP 04262C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!connect 763540D9 5 Bytes JMP 04261670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSASend 76354496 5 Bytes JMP 042627D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!send 7635659B 5 Bytes JMP 04262210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 04262F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 04263550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 042619E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 042632A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01B930B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01B91B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!recv 7635343A 5 Bytes JMP 01B92C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!connect 763540D9 5 Bytes JMP 01B91670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01B927D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!send 7635659B 5 Bytes JMP 01B92210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01B92F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01B93550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01B919E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01B90060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01B91F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01B932A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 00DE30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 00DE1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!recv 7635343A 5 Bytes JMP 00DE2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!connect 763540D9 5 Bytes JMP 00DE1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSASend 76354496 5 Bytes JMP 00DE27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!send 7635659B 5 Bytes JMP 00DE2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 00DE2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 00DE3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 00DE19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 00DE0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 00DE1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 00DE32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 02AA30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 02AA0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 02AA1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 02AA1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!recv 7635343A 5 Bytes JMP 02AA2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!connect 763540D9 5 Bytes JMP 02AA1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSASend 76354496 5 Bytes JMP 02AA27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!send 7635659B 5 Bytes JMP 02AA2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 02AA2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 02AA3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 02AA19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 02AA32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!ReadFile 772B03F8 7 Bytes JMP 10026010 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!WriteFile 772BC906 7 Bytes JMP 10026060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CloseHandle 772BCC05 5 Bytes JMP 10025FF0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CreateFileW 772BCC4E 5 Bytes JMP 10025F60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CreateFileA 772BCF71 5 Bytes JMP 10025F00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [610E8960] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [610E8922] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [610E88E4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [610E89B0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [610E8960] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [610E89E8] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74977BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749B98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7497D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7496F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74977599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7496E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749AB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7497D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7497012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74970095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749671F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749FD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749975E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7496DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7496668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749666BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74971E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-27 16:32:23
Windows 6.0.6001 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AntiVirScheduler@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
LightScribeService@ = "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
PermissionResearch@ = C:\Program Files\PermissionResearch\prservice.exe /service /*file not found*/
ProtexisLicensing@ = C:\Windows\system32\PSIService.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpsysdrvc:\hp\support\hpsysdrv.exe = c:\hp\support\hpsysdrv.exe
@OsdMaestro"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" = "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@SunJavaUpdateReg"C:\Windows\system32\jureg.exe" = "C:\Windows\system32\jureg.exe"
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@HostManagerC:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe = C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@avgnt"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
RunOnce@Launcher = %WINDIR%\SMINST\launcher.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@HPAdvisorC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/ = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@LightScribe Control PanelC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/ = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/(null) =
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/(null) =
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/(null) =
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
PicaView@ =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{053F9267-DC04-4294-A72C-58F732D338C0}C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll = C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Snapfish Media Detector.lnk = Snapfish Media Detector.lnk

---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-27 16:32:23
Windows 6.0.6001 Service Pack 1


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AntiVirScheduler@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
LightScribeService@ = "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
PermissionResearch@ = C:\Program Files\PermissionResearch\prservice.exe /service /*file not found*/
ProtexisLicensing@ = C:\Windows\system32\PSIService.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpsysdrvc:\hp\support\hpsysdrv.exe = c:\hp\support\hpsysdrv.exe
@OsdMaestro"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" = "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@SunJavaUpdateReg"C:\Windows\system32\jureg.exe" = "C:\Windows\system32\jureg.exe"
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@HostManagerC:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe = C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@avgnt"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
RunOnce@Launcher = %WINDIR%\SMINST\launcher.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@HPAdvisorC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/ = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@LightScribe Control PanelC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/ = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/(null) =
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/(null) =
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/(null) =
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
PicaView@ =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{053F9267-DC04-4294-A72C-58F732D338C0}C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll = C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Snapfish Media Detector.lnk = Snapfish Media Detector.lnk

---- EOF - GMER 1.0.14 ----
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 27th, 2009, 6:35 pm

I have prepared a fix for you and posted it for approval.
As I am only an undergrad at this uni I need to have all my fixes approved by a teacher before they can be posted.
The downside with this is that things take a little more time. The upside is that you'll have two set of eyes checking your logs, so you can be sure nothing will be missed, and the teachers here are among the best malware removers you'll find anywhere, online or not, so you can feel confident you are in the right hands.
The initial waiting time can take up to 48hrs, depending on how busy the teachers are, so please stay patient.
Once a teacher finds a free slot we'll be on our way to a clean computer, and the subsequent replies will usually be faster.
In the top left corner of your opening post there is a link called Subscribe topic. If you click it you will be subscribed to this thread and will receive instant email notification of new replies. For most people this works better than periodically checking back here to see if there's any new posts.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » January 27th, 2009, 7:49 pm

Definately not a problem here. :flower: I appreciate all your time and effort
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » January 31st, 2009, 10:29 am

You need to temporarily disable your security software so that they dont interfere with the tools we use.

Temporarily disable Ad-Aware Ad-Watch
    Right click on the Ad-Watch icon in the system tray
    At the bottom of the screen, uncheck both Active... and Automatic...

Temporarily disable Avira Antivir
    Right-click on the AntiVir icon in the system tray (white umbrella on red background next to the clock).
    Remove the checkmark next to AntiVir Guard Enable
    You will see the icon change to a closed umbrella if you did this correctly

1) Uninstall through Add/Remove Programs
  • Press the windows key and the R key at the same time to open the Run dialog box
    (The windows key is usually located to the left of the space bar and is labled with a windows logo)
  • A dialog box will Open. Type appwiz.cpl and press enter
  • This will take you to Add/Remove Programs
    (Optionally you can locate Add/Remove Programs through the control panel)
  • Locate and uninstall the below program
    PermissionResearch
  • While you are there you can also uninstall these old versions of Java
    Java 2 Runtime Environment, SE v1.4.0
    Java 2 SDK, SE v1.4.0
    Java(TM) 6 Update 7
  • Another thing you can uninstall is this: (see the quote below for details)
    Weatherbug Gadget
Note:
You uninstall by selecting the program and then clicking the button named Remove or Uninstall

WeatherBug Gadget
WeatherBug is a system tray icon that offers weather information and includes built-in ads.
It is considered foistware as most people who have it installed, got it installed because it was bundled to other software without their knowledge.
The standalone installation of WeatherBug has also been known to come bundled with unwanted software.
I recommend you uninstall it, and if you want to keep a weather service application running on your computer, look into finding an alternative with a much better reputation, like one of these:
Weather Pulse
Weather Watcher


2) Delete folders
Delete the folders below
    C:\Program Files\Gogii Games
    C:\ProgramData\Trymedia
    C:\Program Files\Baby Luv
    C:\Program Files\iWin.com
    C:\ProgramData\iWin Games
(If you have trouble finding any of them, try to enable the viewing of hidden folders, like you did when you posted the MBAM logs)

3) Fix bad entries using HiJackThis
  • Launch HiJackThis
  • Click the Do a system scan only button
  • Put a checkmark next to the below lines if they are listed

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

    Having a site in your trusted zone means that this site has full access to your computer when you are on that site. This isnt recommended unless you trust the site and its absolutely necessary to make the site work.
    I recommend you put a checkmark next to the below as well, but this is up to you. If something you use on those sites stop working for you, you might have to re-add them to your trusted zone later.

    O15 - Trusted Zone: http://gvtc.angellearning.com
    O15 - Trusted Zone: http://friendsblessings.b1.jcink.com

  • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
  • Click the Fix checked button and close HiJackThis

Enable Ad-Aware again and then restart your computer after this step

4) Get new RSIT log
  • Right-click on RSIT.exe (on your desktop) and chose Run as administrator to run RSIT
  • Select 2 months and then click Continue at the disclaimer screen to start the scanner
  • When the scan finishes a log will open. Include this log in your next reply

Any change in your computers behaviour after these steps?
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 1st, 2009, 12:16 pm

awesome - thanks alot. It will probably be later this afternoon before I can do this (have to wait for my little one to nap)

Ill get the required logs posted later this afternoon. :cheers:
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby GirlinWayside » February 2nd, 2009, 10:45 am

Ok, I am not able to uninstall the Java stuff at this time - I am using that for my programming class. I was unable to locate the Weatherbug Gadget - it is not listed in the Remove Programs List.. :?:

Everything else you suggested has been completed. I can't really tell yet if the changes have made a difference. I will surf a bit and let you know. Below is the log you requested.





Logfile of random's system information tool 1.05 (written by random/random)
Run by Kelly at 2009-02-02 09:39:30
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 168 GB (73%) free of 229 GB
Total RAM: 1015 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:39:56 AM, on 2/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\system32\schtasks.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freegasmoneyonline.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9306 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForKelly.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-06-10 54672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe [2006-09-25 50736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-03 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-20 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-05-27 4269296]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe

C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c231c6-9ad4-11dc-bacf-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe -auto


======File associations======

.js - edit -
.js - open -
.txt - open -

======List of files/folders created in the last 2 months======

2009-01-27 16:12:58 ----A---- C:\Windows\gmer.ini
2009-01-27 16:12:56 ----A---- C:\Windows\gmer_uninstall.cmd
2009-01-27 16:12:55 ----A---- C:\Windows\gmer.exe
2009-01-27 16:12:55 ----A---- C:\Windows\gmer.dll
2009-01-27 16:02:07 ----D---- C:\rsit
2009-01-26 06:32:28 ----D---- C:\ProgramData\Avg8
2009-01-22 13:42:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-03 16:52:19 ----D---- C:\Program Files\Avira
2009-01-01 03:00:52 ----A---- C:\Windows\system32\mshtml.dll
2008-12-16 10:22:56 ----D---- C:\j2sdk1.4.0
2008-12-12 03:03:40 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 13:41:15 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 13:41:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 13:41:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 13:41:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 13:40:53 ----A---- C:\Windows\explorer.exe
2008-12-11 13:40:48 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 13:40:47 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 13:40:45 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 13:40:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 13:40:36 ----A---- C:\Windows\system32\mf.dll
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 13:40:34 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\javaws.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\deploytk.dll
2008-12-10 04:45:30 ----A---- C:\Windows\system32\javaw.exe
2008-12-10 04:45:30 ----A---- C:\Windows\system32\java.exe
2008-12-04 19:31:35 ----D---- C:\Users\Kelly\AppData\Roaming\SaveThePuppy
2008-12-03 20:55:02 ----AD---- C:\ProgramData\TEMP

======List of files/folders modified in the last 2 months======

2009-02-02 09:39:41 ----D---- C:\Windows\Prefetch
2009-02-02 09:39:22 ----D---- C:\Windows\temp
2009-02-02 09:37:22 ----D---- C:\Windows\SMINST
2009-02-02 09:36:51 ----RD---- C:\Program Files
2009-02-02 09:36:51 ----D---- C:\Windows
2009-02-02 09:27:55 ----HD---- C:\ProgramData
2009-02-02 00:08:38 ----SHD---- C:\System Volume Information
2009-01-27 16:12:56 ----D---- C:\Windows\system32\drivers
2009-01-27 14:10:54 ----RSD---- C:\Windows\Fonts
2009-01-26 10:49:16 ----D---- C:\Windows\inf
2009-01-26 06:34:29 ----D---- C:\Windows\System32
2009-01-26 06:32:17 ----SD---- C:\Users\Kelly\AppData\Roaming\Microsoft
2009-01-24 15:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-22 14:28:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-22 13:42:45 ----SHD---- C:\Windows\Installer
2009-01-21 05:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-16 02:28:00 ----D---- C:\Windows\system32\catroot2
2009-01-15 10:47:10 ----D---- C:\Windows\Debug
2009-01-15 04:58:23 ----D---- C:\Windows\winsxs
2009-01-15 04:52:51 ----D---- C:\Windows\system32\catroot
2009-01-15 04:52:47 ----D---- C:\Program Files\Windows Mail
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-05 09:30:20 ----D---- C:\Windows\Tasks
2009-01-05 09:20:24 ----D---- C:\Windows\system32\Tasks
2009-01-03 16:52:19 ----D---- C:\ProgramData\Avira
2009-01-02 14:24:57 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 11:17:01 ----D---- C:\Program Files\CCleaner
2008-12-31 19:57:48 ----D---- C:\Windows\system32\wbem
2008-12-31 19:57:48 ----D---- C:\Windows\system32\Msdtc
2008-12-31 19:57:03 ----D---- C:\Windows\system32\config
2008-12-31 19:56:41 ----D---- C:\Windows\system32\spool
2008-12-31 19:56:41 ----D---- C:\Program Files\Windows Defender
2008-12-31 19:56:37 ----D---- C:\ProgramData\HP Product Assistant
2008-12-31 19:56:37 ----D---- C:\ProgramData\FLEXnet
2008-12-31 19:56:37 ----D---- C:\Program Files\Norton PC Checkup
2008-12-31 19:56:31 ----D---- C:\Windows\registration
2008-12-28 18:24:46 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 19:44:09 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-12-16 10:22:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-16 10:13:28 ----D---- C:\Program Files\Java
2008-12-12 03:35:27 ----D---- C:\Windows\rescache
2008-12-12 03:16:37 ----D---- C:\Windows\AppPatch
2008-12-12 03:16:36 ----D---- C:\Windows\system32\en-US
2008-12-12 03:10:11 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 16:23:43 ----D---- C:\Program Files\Yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2009-01-27 85969]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-23 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-13 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------
GirlinWayside
Regular Member
 
Posts: 34
Joined: January 26th, 2009, 10:13 am

Re: Applications crashing, system running bad

Unread postby Sharagoz » February 2nd, 2009, 3:40 pm

I will surf a bit and let you know. Below is the log you requested.

OK, post back when you've used the computer a bit, and then I'll have a look at the latest log.
User avatar
Sharagoz
Retired Graduate
 
Posts: 985
Joined: February 22nd, 2008, 4:31 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware