Logfile of random's system information tool 1.05 (written by random/random)
Run by Kelly at 2009-01-27 16:02:07
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 168 GB (73%) free of 229 GB
Total RAM: 1015 MB (18% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:02:21 PM, on 1/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
c:\program files\permissionresearch\prmrsr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kelly\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Kelly.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... earch.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://gvtc.angellearning.comO15 - Trusted Zone:
http://friendsblessings.b1.jcink.comO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) -
http://3dlifeplayer.dl.3dvia.com/player ... taller.exeO17 - HKLM\System\CCS\Services\Tcpip\..\{5699845C-2941-4113-895E-3091E3CA6C2E}: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PermissionResearch - TMRG, Inc. - C:\Program Files\PermissionResearch\prservice.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9851 bytes
======Scheduled tasks folder======
C:\Windows\tasks\HPCeeScheduleForKelly.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-06-10 54672]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"HostManager"=C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe [2006-09-25 50736]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-04-01 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-04-01 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-04-01 133656]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-10 289064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-10 136600]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-10-09 44168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-03 1783136]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-09-20 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-05-27 4269296]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-03-25 204800]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c3c231c6-9ad4-11dc-bacf-806e6f6e6963}]
shell\AutoRun\command - E:\Setup.exe -auto
======File associations======
.js - edit -
.js - open -
.txt - open -
======List of files/folders created in the last 2 months======
2009-01-27 16:02:07 ----D---- C:\rsit
2009-01-26 06:32:28 ----D---- C:\ProgramData\Avg8
2009-01-22 13:42:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-01-19 12:12:20 ----D---- C:\Program Files\PermissionResearch
2009-01-03 16:52:19 ----D---- C:\Program Files\Avira
2009-01-01 03:00:52 ----A---- C:\Windows\system32\mshtml.dll
2008-12-29 17:37:47 ----D---- C:\Program Files\Gogii Games
2008-12-29 16:52:23 ----D---- C:\ProgramData\Trymedia
2008-12-29 16:47:36 ----D---- C:\Program Files\Baby Luv
2008-12-29 16:16:43 ----D---- C:\Program Files\iWin.com
2008-12-29 16:15:19 ----D---- C:\ProgramData\iWin Games
2008-12-16 10:22:56 ----D---- C:\j2sdk1.4.0
2008-12-12 03:03:40 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 13:41:15 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 13:41:09 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 13:41:08 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 13:41:02 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 13:40:53 ----A---- C:\Windows\explorer.exe
2008-12-11 13:40:48 ----A---- C:\Windows\system32\urlmon.dll
2008-12-11 13:40:47 ----A---- C:\Windows\system32\ieframe.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\wininet.dll
2008-12-11 13:40:46 ----A---- C:\Windows\system32\mstime.dll
2008-12-11 13:40:45 ----A---- C:\Windows\system32\iertutil.dll
2008-12-11 13:40:44 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-11 13:40:36 ----A---- C:\Windows\system32\mf.dll
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 13:40:35 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 13:40:34 ----A---- C:\Windows\system32\logagent.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\javaws.exe
2008-12-10 04:45:31 ----A---- C:\Windows\system32\deploytk.dll
2008-12-10 04:45:30 ----A---- C:\Windows\system32\javaw.exe
2008-12-10 04:45:30 ----A---- C:\Windows\system32\java.exe
2008-12-04 19:31:35 ----D---- C:\Users\Kelly\AppData\Roaming\SaveThePuppy
2008-12-03 20:55:02 ----AD---- C:\ProgramData\TEMP
======List of files/folders modified in the last 2 months======
2009-01-27 16:02:19 ----D---- C:\Windows\Prefetch
2009-01-27 16:02:10 ----D---- C:\Windows\temp
2009-01-27 15:43:17 ----D---- C:\Windows\SMINST
2009-01-27 15:00:11 ----SHD---- C:\System Volume Information
2009-01-27 14:21:47 ----D---- C:\Windows
2009-01-27 14:10:54 ----RSD---- C:\Windows\Fonts
2009-01-26 10:49:16 ----D---- C:\Windows\inf
2009-01-26 06:34:29 ----D---- C:\Windows\System32
2009-01-26 06:32:28 ----HD---- C:\ProgramData
2009-01-26 06:32:27 ----RD---- C:\Program Files
2009-01-26 06:32:17 ----SD---- C:\Users\Kelly\AppData\Roaming\Microsoft
2009-01-26 06:32:17 ----D---- C:\Windows\system32\drivers
2009-01-24 15:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-22 14:28:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-22 13:42:45 ----SHD---- C:\Windows\Installer
2009-01-21 05:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-16 02:28:00 ----D---- C:\Windows\system32\catroot2
2009-01-15 10:47:10 ----D---- C:\Windows\Debug
2009-01-15 04:58:23 ----D---- C:\Windows\winsxs
2009-01-15 04:52:51 ----D---- C:\Windows\system32\catroot
2009-01-15 04:52:47 ----D---- C:\Program Files\Windows Mail
2009-01-09 20:35:28 ----A---- C:\Windows\system32\mrt.exe
2009-01-05 09:30:20 ----D---- C:\Windows\Tasks
2009-01-05 09:20:24 ----D---- C:\Windows\system32\Tasks
2009-01-03 16:52:19 ----D---- C:\ProgramData\Avira
2009-01-02 14:24:57 ----D---- C:\Program Files\Mozilla Firefox
2009-01-02 11:17:01 ----D---- C:\Program Files\CCleaner
2008-12-31 19:57:48 ----D---- C:\Windows\system32\wbem
2008-12-31 19:57:48 ----D---- C:\Windows\system32\Msdtc
2008-12-31 19:57:03 ----D---- C:\Windows\system32\config
2008-12-31 19:56:41 ----D---- C:\Windows\system32\spool
2008-12-31 19:56:41 ----D---- C:\Program Files\Windows Defender
2008-12-31 19:56:37 ----D---- C:\ProgramData\HP Product Assistant
2008-12-31 19:56:37 ----D---- C:\ProgramData\FLEXnet
2008-12-31 19:56:37 ----D---- C:\Program Files\Norton PC Checkup
2008-12-31 19:56:31 ----D---- C:\Windows\registration
2008-12-28 18:24:46 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 19:44:09 ----A---- C:\Windows\system32\DEBUG_LOG.txt
2008-12-16 10:22:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-16 10:13:28 ----D---- C:\Program Files\Java
2008-12-12 03:35:27 ----D---- C:\Windows\rescache
2008-12-12 03:16:37 ----D---- C:\Windows\AppPatch
2008-12-12 03:16:36 ----D---- C:\Windows\system32\en-US
2008-12-12 03:10:11 ----D---- C:\ProgramData\Microsoft Help
2008-12-11 16:23:43 ----D---- C:\Program Files\Yahoo!
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-20 52032]
R3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
R3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-08-03 91648]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 2307072]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-23 611664]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-09-25 79136]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 PermissionResearch;PermissionResearch; C:\Program Files\PermissionResearch\prservice.exe [2008-10-28 45056]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-10 532264]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-13 654848]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe []
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2009-01-27 16:02:29
======Uninstall list======
-->"C:\Program Files\HP Games\3D Ultra Minigolf Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\7 Wonders of the Ancient World\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Fish Tycoon\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest Solitaire\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Otto's Magic Blocks\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\Shooting Stars Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - Chapter 2 - The Lost Children\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\719d6f144d0c086a0dfa7ff76bb9ac1\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Painter X-->C:\Program Files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A} C:\Users\Kelly\AppData\Local\Temp\PainterX.log
Corel Painter X-->MsiExec.exe /I{05D60953-9012-44DF-A1A6-9DD97AD6580A}
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CyberLink DVD Suite Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" -uninstall
Hardware Diagnostic Tools-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AFAD41A9-9687-48A3-848F-693C11451433}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Total Care Advisor-->MsiExec.exe /X{e96b3d28-47d6-43cc-98fd-7069eeab6b11}
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
ImageConverter Plus 7.1-->"C:\Program Files\ImageConverter Plus\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{EF6C4600-306D-4F6A-A119-C2A877D25B4A}
Java 2 Runtime Environment, SE v1.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4588301-0A06-11D6-A761-00B0D079AF64}\Setup.exe"
Java 2 SDK, SE v1.4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4588303-0A06-11D6-A761-00B0D079AF64}\Setup.exe" Anytext
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" -uninstall
LightScribe System Software 1.10.16.1-->MsiExec.exe /X{E6CFBFB5-9232-410C-B353-AF6E614B2681}
LightScribe Template Labeler-->MsiExec.exe /X{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 6.1-->C:\Program Files\InstallShield Installation Information\{E8C2622C-9FF1-4F60-8008-A0208154F9F3}\muveesetup.exe -removeonly -runfromtemp
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton PC Checkup-->C:\Program Files\Norton PC Checkup\uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PermissionResearch-->c:\program files\permissionresearch\prmrsr.exe -bootremove -uninst:PermissionResearch
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
=====HijackThis Backups=====
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
======Hosts File======
127.0.0.1
www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
www.008k.com127.0.0.1 008k.com
127.0.0.1
www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
www.032439.com127.0.0.1 032439.com
======Security center information======
AS: Windows Defender (disabled)
System event log
Computer Name: Kelly-PC
Event Code: 18
Message: TIMEOUT<prmrsr.exe> C:\...hotoshop.CS3\setup.exe
Record Number: 80163
Source Name: avgntflt
Time Written: 20090127205049.007965-000
Event Type: Warning
User:
Computer Name: Kelly-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the running state.
Record Number: 80164
Source Name: Service Control Manager
Time Written: 20090127205617.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 80165
Source Name: Service Control Manager
Time Written: 20090127205627.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Record Number: 80166
Source Name: Service Control Manager
Time Written: 20090127210019.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 7036
Message: The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Record Number: 80167
Source Name: Service Control Manager
Time Written: 20090127210046.000000-000
Event Type: Information
User:
Application event log
Computer Name: Kelly-PC
Event Code: 4101
Message: Windows license validated.
Record Number: 16115
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090127204312.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 6000
Message: The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.
Record Number: 16116
Source Name: Microsoft-Windows-Winlogon
Time Written: 20090127204312.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 1
Message: Certificate Services Client has been started successfully.
Record Number: 16117
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090127204411.818965-000
Event Type: Information
User: Kelly-PC\Kelly
Computer Name: Kelly-PC
Event Code: 0
Message:
Record Number: 16118
Source Name: iPod Service
Time Written: 20090127204424.000000-000
Event Type: Information
User:
Computer Name: Kelly-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 16119
Source Name: LightScribeService
Time Written: 20090127210227.000000-000
Event Type: Information
User:
Security event log
Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31725
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210219.913965-000
Event Type: Audit Failure
User:
Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31726
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210219.962965-000
Event Type: Audit Failure
User:
Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31727
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.003965-000
Event Type: Audit Failure
User:
Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31728
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.042965-000
Event Type: Audit Failure
User:
Computer Name: Kelly-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 31729
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090127210220.079965-000
Event Type: Audit Failure
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OnlineServices"=Online Services
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\hp\bin\Python;C:\Program Files\ImageConverter Plus;C:\Program Files\QuickTime\QTSystem;.;c:\j2sdk1.4.0\bin;.;
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PCBRAND"=Presario
"PLATFORM"=HPD
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0d
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
-----------------EOF-----------------
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-27 16:30:31
Windows 6.0.6001 Service Pack 1
---- System - GMER 1.0.14 ----
SSDT A49862B4 ZwCreateThread
SSDT A49862A0 ZwOpenProcess
SSDT A49862A5 ZwOpenThread
SSDT A49862AF ZwTerminateProcess
SSDT A49862AA ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.14 ----
.text ntkrnlpa.exe!KeSetTimerEx + 454 81CD6A18 4 Bytes [ B4, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 624 81CD6BE8 4 Bytes [ A0, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 640 81CD6C04 4 Bytes [ A5, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81CD6E18 4 Bytes [ AF, 62, 98, A4 ]
.text ntkrnlpa.exe!KeSetTimerEx + 8B4 81CD6E78 4 Bytes [ AA, 62, 98, A4 ]
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 027330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 02731B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!recv 7635343A 5 Bytes JMP 02732C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!connect 763540D9 5 Bytes JMP 02731670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSASend 76354496 5 Bytes JMP 027327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!send 7635659B 5 Bytes JMP 02732210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 02732F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 02733550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 027319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!EncryptMessage 75E74BE6 3 Bytes JMP 02730060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!EncryptMessage + 4 75E74BEA 1 Byte [ 8C ]
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!DecryptMessage 75E74CB3 3 Bytes JMP 02731F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] Secur32.dll!DecryptMessage + 4 75E74CB7 1 Byte [ 8C ]
.text C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 027332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[484] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[992] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1532] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\hp\support\hpsysdrv.exe[2276] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01E330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01E31B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!recv 7635343A 5 Bytes JMP 01E32C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!connect 763540D9 5 Bytes JMP 01E31670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01E327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!send 7635659B 5 Bytes JMP 01E32210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01E32F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01E33550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01E319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01E30060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01E31F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2596] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01E332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Sidebar\sidebar.exe[2604] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] kernel32.dll!SetUnhandledExceptionFilter 77296E2D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2636] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[2704] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2968] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01FA30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01FA1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!recv 7635343A 5 Bytes JMP 01FA2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!connect 763540D9 5 Bytes JMP 01FA1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01FA27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!send 7635659B 5 Bytes JMP 01FA2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01FA2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01FA3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01FA19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01FA0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01FA1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3156] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01FA32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\ehome\ehtray.exe[3200] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] KERNEL32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe[3312] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 005A30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 005A1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!recv 7635343A 5 Bytes JMP 005A2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!connect 763540D9 5 Bytes JMP 005A1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSASend 76354496 5 Bytes JMP 005A27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!send 7635659B 5 Bytes JMP 005A2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 005A2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 005A3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 005A19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 005A0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 005A1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\hkcmd.exe[3352] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 005A32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3600] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 042630B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 04260060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 04261F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 04261B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!recv 7635343A 5 Bytes JMP 04262C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!connect 763540D9 5 Bytes JMP 04261670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSASend 76354496 5 Bytes JMP 042627D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!send 7635659B 5 Bytes JMP 04262210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 04262F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 04263550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 042619E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\Explorer.EXE[3648] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 042632A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Users\Kelly\Desktop\gmer.exe[3712] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 01B930B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 01B91B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!recv 7635343A 5 Bytes JMP 01B92C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!connect 763540D9 5 Bytes JMP 01B91670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSASend 76354496 5 Bytes JMP 01B927D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!send 7635659B 5 Bytes JMP 01B92210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 01B92F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 01B93550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 01B919E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 01B90060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 01B91F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\System32\igfxpers.exe[3824] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 01B932A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 00DE30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 00DE1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!recv 7635343A 5 Bytes JMP 00DE2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!connect 763540D9 5 Bytes JMP 00DE1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSASend 76354496 5 Bytes JMP 00DE27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!send 7635659B 5 Bytes JMP 00DE2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 00DE2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 00DE3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 00DE19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 00DE0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 00DE1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\Dwm.exe[3860] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 00DE32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\RtHDVCpl.exe[3924] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 02AA30B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 02AA0060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 02AA1F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 02AA1B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!recv 7635343A 5 Bytes JMP 02AA2C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!connect 763540D9 5 Bytes JMP 02AA1670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSASend 76354496 5 Bytes JMP 02AA27D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!send 7635659B 5 Bytes JMP 02AA2210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 02AA2F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 02AA3550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 02AA19E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Windows\system32\taskeng.exe[4084] WININET.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 02AA32A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!ReadFile 772B03F8 7 Bytes JMP 10026010 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!GetQueuedCompletionStatus 772B5211 5 Bytes JMP 100330B0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!WriteFile 772BC906 7 Bytes JMP 10026060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CloseHandle 772BCC05 5 Bytes JMP 10025FF0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CreateFileW 772BCC4E 5 Bytes JMP 10025F60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] kernel32.dll!CreateFileA 772BCF71 5 Bytes JMP 10025F00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!closesocket 7635330C 5 Bytes JMP 10031B60 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!recv 7635343A 5 Bytes JMP 10032C00 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!connect 763540D9 5 Bytes JMP 10031670 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSASend 76354496 5 Bytes JMP 100327D0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!send 7635659B 5 Bytes JMP 10032210 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSAGetOverlappedResult 76358143 5 Bytes JMP 10032F20 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSARecv 76358400 5 Bytes JMP 10033550 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] WS2_32.dll!WSAConnect 7635D7B0 5 Bytes JMP 100319E0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] Secur32.dll!EncryptMessage 75E74BE6 5 Bytes JMP 10030060 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] Secur32.dll!DecryptMessage 75E74CB3 5 Bytes JMP 10031F50 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4348] wininet.dll!UnlockUrlCacheEntryFile 763F509F 5 Bytes JMP 100332A0 c:\program files\permissionresearch\prls.dll (PermissionResearch/TMRG, Inc.)
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9A27] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1201650634\ee\aolsoftware.exe[456] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9979] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [610E8960] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [610E9B95] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [610E9B07] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [610E89AA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [610E8922] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [610E88E4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [610E89B0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [610E8960] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [610E8FD9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [610E89E8] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [610E9AC7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3320] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [610E93C2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74977BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749B98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7497D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7496F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74977599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7496E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749AB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7497D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7497012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74970095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749671F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [749FD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749975E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7496DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7496668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [749666BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3648] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74971E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 -
http://www.gmer.netAutostart scan 2009-01-27 16:32:23
Windows 6.0.6001 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AntiVirScheduler@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
LightScribeService@ = "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
PermissionResearch@ = C:\Program Files\PermissionResearch\prservice.exe /service /*file not found*/
ProtexisLicensing@ = C:\Windows\system32\PSIService.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpsysdrvc:\hp\support\hpsysdrv.exe = c:\hp\support\hpsysdrv.exe
@OsdMaestro"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" = "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@SunJavaUpdateReg"C:\Windows\system32\jureg.exe" = "C:\Windows\system32\jureg.exe"
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@HostManagerC:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe = C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@avgnt"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
RunOnce@Launcher = %WINDIR%\SMINST\launcher.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@HPAdvisorC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/ = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@LightScribe Control PanelC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/ = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/(null) =
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/(null) =
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/(null) =
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
PicaView@ =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{053F9267-DC04-4294-A72C-58F732D338C0}C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll = C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Start
Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Snapfish Media Detector.lnk = Snapfish Media Detector.lnk
---- EOF - GMER 1.0.14 ----
GMER 1.0.14.14536 -
http://www.gmer.netAutostart scan 2009-01-27 16:32:23
Windows 6.0.6001 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\Windows\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName = igfxdev.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aawservice@ = "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
AntiVirScheduler@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
AntiVirService@ = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
HP Health Check Service@ = "c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe"
LightScribeService@ = "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
PermissionResearch@ = C:\Program Files\PermissionResearch\prservice.exe /service /*file not found*/
ProtexisLicensing@ = C:\Windows\system32\PSIService.exe
slsvc@ = %SystemRoot%\system32\SLsvc.exe
WSearch@ = %systemroot%\system32\SearchIndexer.exe /Embedding
XAudioService@ = %SystemRoot%\system32\DRIVERS\xaudio.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@hpsysdrvc:\hp\support\hpsysdrv.exe = c:\hp\support\hpsysdrv.exe
@OsdMaestro"C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" = "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
@RtHDVCplRtHDVCpl.exe = RtHDVCpl.exe
@SunJavaUpdateReg"C:\Windows\system32\jureg.exe" = "C:\Windows\system32\jureg.exe"
@HP Software UpdateC:\Program Files\HP\HP Software Update\HPWuSchd2.exe = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
@HostManagerC:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe = C:\Program Files\Common Files\AOL\1201650634\ee\AOLSoftware.exe
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@IgfxTrayC:\Windows\system32\igfxtray.exe = C:\Windows\system32\igfxtray.exe
@HotKeysCmdsC:\Windows\system32\hkcmd.exe = C:\Windows\system32\hkcmd.exe
@PersistenceC:\Windows\system32\igfxpers.exe = C:\Windows\system32\igfxpers.exe
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@AppleSyncNotifierC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"
@avgnt"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
RunOnce@Launcher = %WINDIR%\SMINST\launcher.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SidebarC:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/ = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun /*file not found*/
@HPAdvisorC:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/ = C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun /*file not found*/
@MsnMsgr"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background = "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
@ehTray.exeC:\Windows\ehome\ehTray.exe = C:\Windows\ehome\ehTray.exe
@LightScribe Control PanelC:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/ = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden /*file not found*/
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} /*Computers and Devices*/%systemroot%\system32\NetworkExplorer.dll = %systemroot%\system32\NetworkExplorer.dll
@{4A1E5ACD-A108-4100-9E26-D2FAFA1BA486} /*IGD Property Sheet Handler*/%SystemRoot%\System32\icsigd.dll = %SystemRoot%\System32\icsigd.dll
@{92dbad9f-5025-49b0-9078-2d78f935e341} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{b9815375-5d7f-4ce2-9245-c9d4da436930} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{f8b8412b-dea3-4130-b36c-5e8be73106ac} /*Microsoft Windows Mail Html Preview Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{5FA29220-36A1-40f9-89C6-F4B384B7642E} /*Shell Message Handler*/%SystemRoot%\system32\inetcomm.dll = %SystemRoot%\system32\inetcomm.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\Windows\system32\ieframe.dll = C:\Windows\system32\ieframe.dll
@{00020d75-0000-0000-c000-000000000046} /*lnkfile*/(null) =
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\shwebsvc.dll = %SystemRoot%\System32\shwebsvc.dll
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\colorui.dll = %SystemRoot%\System32\colorui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\colorui.dll = %SystemRoot%\system32\colorui.dll
@{b2c761c6-29bc-4f19-9251-e6195265baf1} /*Color Control Panel Applet*/(null) =
@{74246bfc-4c96-11d0-abef-0020af6b0b7a} /*Device Manager*/%SystemRoot%\System32\devmgr.dll = %SystemRoot%\System32\devmgr.dll
@{7A979262-40CE-46ff-AEEE-7884AC3B6136} /*Add New Hardware*/(null) =
@{3e7efb4c-faf1-453d-89eb-56026875ef90} /*Get Programs Online*/(null) =
@{1b24a030-9b20-49bc-97ac-1be4426f9e59} /*ActiveDirectory Folder*/(null) =
@{34449847-FD14-4fc8-A75A-7432F5181EFB} /*ActiveDirectory Folder*/(null) =
@{C8494E42-ACDD-4739-B0FB-217361E4894F} /*Sam Account Folder*/(null) =
@{E29F9716-5C08-4FCD-955A-119FDB5A522D} /*Sam Account Folder*/(null) =
@{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0} /*Control Panel command object for Start menu*/(null) =
@{E44E5D18-0652-4508-A4E2-8A090067BCB0} /*Default Programs command object for Start menu*/(null) =
@{6dfd7c5c-2451-11d3-a299-00c04f8ef6af} /*Folder Options*/(null) =
@{97e467b4-98c6-4f19-9588-161b7773d6f6} /*Office Document Property Handler*/%SystemRoot%\system32\propsys.dll = %SystemRoot%\system32\propsys.dll
@{2C2577C2-63A7-40e3-9B7F-586602617ECB} /*Explorer Query Band*/(null) =
@{DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} /*File Open Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{C0B4E2F3-BA21-4773-8DBA-335EC946EB8B} /*File Save Dialog*/%SystemRoot%\System32\comdlg32.dll = %SystemRoot%\System32\comdlg32.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\Windows\system32\dfshim.dll = C:\Windows\system32\dfshim.dll
@{92337A8C-E11D-11D0-BE48-00C04FC30DF6} /*OlePrn.PrinterURL*/%SystemRoot%\system32\oleprn.dll = %SystemRoot%\system32\oleprn.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft XPS Properties*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft XPS Thumbnail*/%SystemRoot%\system32\XPSSHHDR.DLL = %SystemRoot%\system32\XPSSHHDR.DLL
@{38a98528-6cbf-4ca9-8dc0-b1e1d10f7b1b} /*View Available Networks*/(null) =
@{13D3C4B8-B179-4ebb-BF62-F704173E7448} /*Windows Contact Preview Handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} /*Contacts folder*/(null) =
@{4F58F63F-244B-4c07-B29F-210BE59BE9B4} /*.group shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{8082C5E6-4C27-48ec-A809-B8E1122E8F97} /*.contact shell extension handler*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{16C2C29D-0E5F-45f3-A445-03E03F587B7D} /*group_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{CF67796C-F57F-45F8-92FB-AD698826C602} /*contact_wab_auto_file*/%CommonProgramFiles%\System\wab32.dll = %CommonProgramFiles%\System\wab32.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Property Page*/%windir%\system32\acppage.dll = %windir%\system32\acppage.dll
@{4026492f-2f69-46b8-b9bf-5654fc07e423} /*Windows Firewall*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\Windows\system32\extmgr.dll = C:\Windows\system32\extmgr.dll
@{fcfeecae-ee1b-4849-ae50-685dcf7717ec} /*Problem Reports and Solutions*/(null) =
@{a304259d-52b8-4526-8b1a-a1d6cecc8243} /*iSCSI Initiator*/(null) =
@{11dbb47c-a525-400b-9e80-a54615a090c0} /*Execute Folder*/ExplorerFrame.dll = ExplorerFrame.dll
@{90b9bce2-b6db-4fd3-8451-35917ea1081b} /*Search Execute Command*/ExplorerFrame.dll = ExplorerFrame.dll
@{911051fa-c21c-4246-b470-070cd8df6dc4} /*.cab or .zip files*/(null) =
@{da67b8ad-e81b-4c70-9b91b417b5e33527} /*Windows Search Shell Service*/(null) =
@{a38b883c-1682-497e-97b0-0a3a9e801682} /*IPropertyStore Handler for Images*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{C7657C4A-9F68-40fa-A4DF-96BC08EB3551} /*Photo Thumbnail Provider*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*Photo Thumbnail Extractor*/C:\Windows\system32\PhotoMetadataHandler.dll = C:\Windows\system32\PhotoMetadataHandler.dll
@{BC65FB43-1958-4349-971A-210290480130} /*Network Explorer Property Sheet Handler*/%SystemRoot%\System32\NcdProp.dll = %SystemRoot%\System32\NcdProp.dll
@{d3e34b21-9d75-101a-8c3d-00aa001a1652} /*Bitmap Image*/(null) =
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{E598560B-28D5-46aa-A14A-8A3BEA34B576} /*Windows Photo Gallery Viewer Video Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{00f2886f-cd64-4fc9-8ec5-30ef6cdbe8c3} /*Microsoft.ScannersAndCameras*/(null) =
@{0a4286ea-e355-44fb-8086-af3df7645bd9} /*Windows Media Player*/C:\PROGRA~1\WI4EB4~1\wmpband.dll = C:\PROGRA~1\WI4EB4~1\wmpband.dll
@{BB6B2374-3D79-41DB-87F4-896C91846510} /*EMDFileProperties*/emdmgmt.dll = emdmgmt.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{89D83576-6BD1-4c86-9454-BEB04E94C819} /*MAPI Search Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{7A0F6AB7-ED84-46B6-B47E-02AA159A152B} /*Sync Center Simple Conflict Presenter*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9D687A4C-1404-41ef-A089-883B6FBECDE6} /*Windows Photo Gallery Viewer Autoplay Handler*/(null) =
@{37efd44d-ef8d-41b1-940d-96973a50e9e0} /*Windows Sidebar Properties*/(null) =
@{00f20eb5-8fd6-4d9d-b75e-36801766c8f1} /*PhotoAcqDropTarget*/%ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoAcq.dll /*file not found*/
@{BC48B32F-5910-47F5-8570-5074A8A5636A} /*Sync Results Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{ED228FDF-9EA8-4870-83B1-96B02CFE0D52} /*Games Folder*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{E413D040-6788-4C22-957E-175D1C513A34} /*Sync Center Conflict Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{67718415-c450-4f3c-bf8a-b487642dc39b} /*Windows Features*/(null) =
@{91ADC906-6722-4B05-A12B-471ADDCCE132} /*Touch Band*/%SystemRoot%\System32\TouchX.dll = %SystemRoot%\System32\TouchX.dll
@{2781761E-28E0-4109-99FE-B9D127C57AFE} /*Windows Defender IOfficeAntiVirus implementation*/%ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/ = %ProgramFiles%\Windows Defender\MpOav.dll /*file not found*/
@{FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} /*Windows Photo Gallery Viewer Image Verbs*/%ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/ = %ProgramFiles%\Windows Photo Gallery\PhotoViewer.dll /*file not found*/
@{4B534112-3AF6-4697-A77C-D62CE9B9E7CF} /*Sync Center Event Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{F1390A9A-A3F4-4E5D-9C5F-98F3BD8D935C} /*Sync Setup Delegate Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{4E5BFBF8-F59A-4e87-9805-1F9B42CC254A} /*GameUX.RichGameMediaThumbnail*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{d8559eb9-20c0-410e-beda-7ed416aecc2a} /*Windows Defender*/(null) =
@{576C9E85-1300-4EF5-BF6B-D00509F4EDCD} /*Sync Center Handler Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{5ea4f148-308c-46d7-98a9-49041b1dd468} /*Mobility Center Control Panel*/(null) =
@{289978AC-A101-4341-A817-21EBA7FD046D} /*Sync Center Conflict Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{877ca5ac-cb41-4842-9c69-9136e42d47e2} /*File Backup Index*/%systemroot%\system32\sdshext.dll = %systemroot%\system32\sdshext.dll
@{71D99464-3B6B-475C-B241-E15883207529} /*Sync Results Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{B32D3949-ED98-4DBB-B347-17A144969BBA} /*Sync Center Item Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{2E9E59C0-B437-4981-A647-9C34B9B90891} /*Sync Setup Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{9C73F5E5-7AE7-4E32-A8E8-8D23B85255BF} /*Sync Center Folder*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{CB1B7F8C-C50A-4176-B604-9E24DEE8D4D1} /*Welcome Center*/oobefldr.dll = oobefldr.dll
@{15D633E2-AD00-465b-9EC7-F56B7CDF8E27} /*Tablet PC Input Panel*/%CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/ = %CommonProgramFiles%\microsoft shared\ink\TipBand.dll /*file not found*/
@{F04CC277-03A2-4277-96A9-77967471BDFF} /*Sync Center Conflict Properties Extension*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{53BEDF0B-4E5B-4183-8DC9-B844344FA104} /*Microsoft Windows MAPI Preview Handler*/%SystemRoot%\system32\mssvp.dll = %SystemRoot%\system32\mssvp.dll
@{6b9228da-9c15-419e-856c-19e768a13bdc} /*Windows gadget DropTarget*/%ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/ = %ProgramFiles%\Windows Sidebar\sbdrop.dll /*file not found*/
@{8E25992B-373E-486E-80E5-BD23AE417E66} /*Sync Center Device Notification Sink*/%SystemRoot%\System32\SyncCenter.dll = %SystemRoot%\System32\SyncCenter.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{031EE060-67BC-460d-8847-E4A7C5E45A27} /*Windows Media Player Rich Preview Handler*/(null) =
@{1FA9085F-25A2-489B-85D4-86326EEDCD87} /*Manage Wireless Networks*/%SystemRoot%\system32\wlanpref.dll = %SystemRoot%\system32\wlanpref.dll
@{7dda204b-2097-47c9-8323-c40bb840ae44} /*XPS document*/(null) =
@{ECDD6472-2B9B-4b4b-AE36-F316DF3C8D60} /*RichGameMediaPropertyStore Class*/C:\Windows\System32\gameux.dll = C:\Windows\System32\gameux.dll
@{BD7A2E7B-21CB-41b2-A086-B309680C6B7E} /*Client Side Cache Namespace Extension*/%systemroot%\system32\mssvp.dll = %systemroot%\system32\mssvp.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\mediametadatahandler.dll = %SystemRoot%\System32\mediametadatahandler.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*ShellViewRTF*/C:\Windows\System32\ShellvRTF.dll = C:\Windows\System32\ShellvRTF.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{06A2568A-CED6-4187-BB20-400B8C02BE5A} /**/(null) =
@{00F33137-EE26-412F-8D71-F84E4C2C6625} /**/(null) =
@{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} /*Windows Live Photo Gallery Autoplay Drop Target*/(null) =
@{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} /*Windows Live Photo Gallery Viewer Drop Target*/(null) =
@{00F374B7-B390-4884-B372-2FC349F2172B} /*Windows Live Photo Gallery Editor Drop Target*/(null) =
@{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} /*Windows Live Photo Gallery Viewer Drop Target Shim*/(null) =
@{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} /*Windows Live Photo Gallery Editor Drop Target Shim*/(null) =
@{00F30F90-3E96-453B-AFCD-D71989ECC2C7} /*Windows Live Photo Gallery Autoplay Drop Target Shim*/(null) =
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
PicaView@ =
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CnvShell@{A118FEA0-1D1B-4165-BC37-88F95B250E7A} = C:\Windows\system32\cnvshell.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{053F9267-DC04-4294-A72C-58F732D338C0}C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll = C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 =
http://go.microsoft.com/fwlink/?LinkId=69157@Start
Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start
Pagehttp://ie.redirect.hp.com/svs/rdr?T ... pf=desktop =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop@Local PageC:\Windows\system32\blank.htm = C:\Windows\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\Windows\System32\msvidctl.dll
its@CLSID = %SystemRoot%\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = %SystemRoot%\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
tv@CLSID = C:\Windows\System32\msvidctl.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\system32\NLAapi.dll
000000000002@LibraryPath = %SystemRoot%\system32\napinsp.dll
000000000003@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
000000000004@LibraryPath = %SystemRoot%\system32\pnrpnsp.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll
C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup = OneNote 2007 Screen Clipper and Launcher.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup >>>
HP Digital Imaging Monitor.lnk = HP Digital Imaging Monitor.lnk
Snapfish Media Detector.lnk = Snapfish Media Detector.lnk
---- EOF - GMER 1.0.14 ----