ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/19 11:03
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0x9F6EC000 Size: 749568 File Visible: No
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA35ED000 Size: 45056 File Visible: No
Status: -
Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!
Path: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
Status: Visible to the Windows API, but not on disk.
Path: C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Ian B. Jones\Data\D0000000.FCS
Status: Allocation size mismatch (API: 512, Raw: 0)
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a611e40
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8961f258
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x88172cc0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x881721c0
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x88172480
#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x88173b20
#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x88173240
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x88173500
#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x88173cc0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x88172740
#: 180 Function Name: NtQueueApcThread
Status: Hooked by "<unknown>" at address 0x8a611eb8
#: 186 Function Name: NtReadVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a611d50
#: 192 Function Name: NtRenameKey
Status: Hooked by "<unknown>" at address 0x8a5dc1a0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a611fa8
#: 226 Function Name: NtSetInformationKey
Status: Hooked by "<unknown>" at address 0x8a614238
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a6212c8
#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a583170
#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x88172f80
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a619630
#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a611f30
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x88172a00
#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a5831e8
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x88173980
Stealth Objects
-------------------
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE]
Process: System Address: 0x899f3360 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x899f32e8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLOSE]
Process: System Address: 0x899f3270 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_READ]
Process: System Address: 0x899f31f8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_WRITE]
Process: System Address: 0x899f3180 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x899f3108 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x899f8520 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_EA]
Process: System Address: 0x899f84a8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_EA]
Process: System Address: 0x899f8430 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x899f83b8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x899f8340 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x899f82c8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x899f8250 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x899f7020 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x899f7360 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x899f72e8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SHUTDOWN]
Process: System Address: 0x899f7270 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x899f71f8 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CLEANUP]
Process: System Address: 0x899f7180 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x899f7108 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x896be020 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_SECURITY]
Process: System Address: 0x896be368 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_POWER]
Process: System Address: 0x896be2f0 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x896be278 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x896be200 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x896be188 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_SET_QUOTA]
Process: System Address: 0x896be110 Size: -
Object: Hidden Code [Driver: Tcpip, IRP_MJ_PNP]
Process: System Address: 0x89bc0020 Size: -
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/23/2006 4:10:11 PM
System Uptime: 5/17/2009 3:19:02 PM (44 hours ago)
Motherboard: Dell Inc. | | 0WG860
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz | Microprocessor | 2394/1066mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 146 GiB total, 118.411 GiB free.
D: is CDROM ()
Y: is NetworkDisk (NTFS) - 37 GiB total, 2.798 GiB free.
Z: is NetworkDisk (NTFS) - 37 GiB total, 2.798 GiB free.
==== Disabled Device Manager Items =============
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe PageMaker 6.5
Adobe PageMaker 7.0
Adobe Photoshop 6.0
Adobe Reader 7.1.0
Adobe SVG Viewer
Adobe Type Manager 4.1
Alohabob PC Relocator Ultra Control
Andrea VoiceCenter
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
ATI Display Driver
Bentley MicroStation (V 08.05.02.55) - 1
Compatibility Pack for the 2007 Office system
Conexant HDA D110 MDC V.92 Modem
Creative Audio Pack
Creative MediaSource 5
Critical Update for Windows Media Player 11 (KB959772)
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.2
Dell System Restore
Digital Canal Steel Design Series
Digital Content Portal
Digital Line Detect
eFax Messenger 4.2
getPlus(R) for Adobe
GhostFill 4
Google Earth
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections
iTunes
J2SE Runtime Environment 5.0 Update 6
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Resource Center
MCU
Media Library Management Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Helper
Move Networks Media Player for Internet Explorer
Movie Maker Background Music Files
Movie Maker Sound Effects
Movie Maker Title Images
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Netflix Movie Viewer
NetWaiting
PaperMaster Pro 7.0
PCFriendly
Pdf995
Personal License Update Wizard for Windows Media Player
Plus! MP3 Audio Converter LE
ProjectDox Components
Qualxserve Service Agreement
QuickTime
RedistSysFiles
Registry Mechanic 6.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SearchAssist
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
ShareIns
Sonic Activation Module
Sonic Advanced Decoder
Sonic Update Manager
Sound Blaster ADVANCED MB Drivers
Sound Blaster Audigy ADVANCED MB
Sound Blaster Audigy ADVANCED MB Product Registration
Spy Sweeper
Spy Sweeper Core
Symantec Network Drivers Update
Trend Micro AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
URL Assistant
VBA (2627.01)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Bonus Pack for Windows XP
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Playlist Import to Excel Wizard
Windows Media Player Skin Importer
Windows Media Player Tray Control
Windows XP Service Pack 3
WinZip
Zinio Reader
==== End Of File ===========================
DDS (Ver_09-05-14.01) - NTFSx86
Run by Ian B. Jones at 11:34:27.78 on Tue 05/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1378 [GMT -4:00]
AV: *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zinio\ZinioReader.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\PaperMaster Pro 7.0\J2GTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Ian B. Jones\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Page =
hxxp://www.google.comuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page =
hxxp://www.sparkpeople.com/websearch/uDefault_Page_URL =
hxxp://www.yahoo.com/?fr=fp-yie8uSearch Bar =
hxxp://www.google.com/iemSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchAssistant =
hxxp://www.google.com/ieBHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [LDM] "c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe"
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [Zinio DLM] "c:\program files\zinio\ZinioReader.exe" /autostart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [eFax 4.2] "c:\program files\efax messenger 4.2\J2GDllCmd.exe" /R
mRun: [Logitech Utility] "c:\windows\LOGI_MWX.EXE"
mRun: [Share-to-Web Namespace Daemon] "c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~1.lnk - c:\program files\papermaster pro 7.0\J2GDllCmd.exe
StartupFolder: c:\docume~1\ianb~1.jon\startm~1\programs\startup\paperm~2.lnk - c:\program files\papermaster pro 7.0\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax42~1.lnk - c:\program files\efax messenger 4.2\J2GTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -
hxxp://support.dell.com/systemprofiler/SysPro.CABDPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://www.apple.com/qtactivex/qtplugin.cabDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} -
hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
hxxp://office.microsoft.com/officeupdat ... /opuc3.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} -
hxxp://cdn.scan.onecare.live.com/resour ... se5483.cabDPF: {87C434E6-67DF-4D2C-9136-49E98C15FCD7} -
hxxps://eplans.atlantaga.gov/ProjectDox ... lientX.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
hxxps://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocxDPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} -
hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cabDPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
hxxp://wwwimages.adobe.com/www.adobe.co ... nos/gp.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... wflash.cabDPF: {D821DC4A-0814-435E-9820-661C543A4679} -
hxxp://drmlicense.one.microsoft.com/crl ... crlocx.ocxDPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} -
hxxps://eplans.atlantaga.gov/ProjectDox ... atZip2.cabDPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} -
hxxp://h30155.www3.hp.com/ediags/hpfix/ ... gh.cab?326Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ianb~1.jon\applic~1\mozilla\firefox\profiles\2j9b9s2u.default\
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2008-8-9 29808]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-3-30 50192]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-3-30 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2009-3-30 677128]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2008-8-9 3585384]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-9-19 33752]
=============== Created Last 30 ================
2009-05-06 18:26 <DIR> --d----- c:\windows\system32\KB905474
2009-05-04 09:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-04 09:54 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-05-04 09:54 <DIR> --d----- c:\docume~1\ianb~1.jon\applic~1\SUPERAntiSpyware.com
2009-04-27 19:17 <DIR> --d-h--- c:\windows\msdownld.tmp
==================== Find3M ====================
2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmactmon.sys
2009-04-02 19:08 50,192 a----r-- c:\windows\system32\drivers\tmevtmgr.sys
2009-04-02 19:08 153,104 a----r-- c:\windows\system32\drivers\tmcomm.sys
2009-03-30 16:32 1,195,512 a----r-- c:\windows\system32\drivers\vsapint.sys
2009-03-30 16:32 205,328 a----r-- c:\windows\system32\drivers\tmxpflt.sys
2009-03-30 16:32 80,400 a----r-- c:\windows\system32\drivers\tmtdi.sys
2009-03-30 16:32 36,368 a----r-- c:\windows\system32\drivers\tmpreflt.sys
2009-03-21 10:06 989,696 -----r-- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 10:22 284,160 a----r-- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -----r-- c:\windows\system32\dllcache\pdh.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\wininet.dll
2009-03-02 20:18 826,368 a----r-- c:\windows\system32\dllcache\wininet.dll
2009-02-28 00:54 636,072 -----r-- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 06:20 70,656 -----r-- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:20 13,824 -----r-- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 01:14 161,792 -----r-- c:\windows\system32\dllcache\ieakui.dll
2006-10-31 18:45 88 -c-shr-- c:\windows\system32\138EC67ADF.sys
2006-10-31 18:45 3,350 ac-shr-- c:\windows\system32\KGyGaAvL.sys
2008-09-12 11:39 32,768 a--shr-- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat
============= FINISH: 11:37:37.01 ===============