Computer's been running slow with a few pop-ups and can't update to
newer versions either AVG or Comodo. In an attempt to update comodo it
deleted the old version and wouldn't give me the newer one. I've also
tried and failed to update other programs like adobe and java but they
won't update either.Posting here at safer seems to be disabled also, I
can read but have to mail logs to myself and post from a remote
location.
Spybot picked up win32.agent.ieu and I've read the manual removal
instructions but I'm really not confident enough to try the removal
myself, I also think it's been downloading more malware as
malwarebytes has been picking up and removing multiple threats.
Many Thanks in advance.
HJT Log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:06:47 AM, on 7/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Canucklehead\Local Settings\Application
Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
F:\fishsim\fishsim2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL
= http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride =
plimus.com,www.plimus.com,regnow.com,www.regnow.com,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program
Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -
C:\Program Files\Microsoft\Search Enhancement Pack\Search
Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -
C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -
{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program
Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper -
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl -
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar -
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows
Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy Photo Print -
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson
Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System
Mechanic Professional 6\delay.exe
O4 - HKLM\..\Run: [EEventManager]
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Canucklehead\Local Settings\Application
Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}
- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows
Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}
- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}
- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}
- C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.summitdirect.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
- http://update.microsoft.com/windowsu...?1162196894187
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
http://www.facebook.com/controls/contactx.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://208.29.86.7/activex/AxisCamControl.cab
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) -
http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program
Files\Citrix\GoToAssist Express Customer\136\g2ax_winlogon.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) -
Unknown owner - C:\Program Files\COMODO\COMODO Internet
Security\cmdagent.exe (file missing)
O23 - Service: GoToAssist Express Customer - Citrix Online, a division
of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist Express
Customer\136\g2ax_service.exe
O23 - Service: Google Update Service (gupdate1c98c18bb6bdaa2)
(gupdate1c98c18bb6bdaa2) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate1ca58cb355289cc)
(gupdate1ca58cb355289cc) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdate1cb0d5bf19c53a4)
(gupdate1cb0d5bf19c53a4) - Google Inc. - C:\Program
Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program
Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun
Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental)
(rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 8061 bytes
Sincerest apologies for not following the most recent protocols, I've been here before and just didn't think to check for any changes in initial posts. Also apologize for the bump, it's not intended for attention but only to correct the error. Again, my thanks.
DDS posted, dds attach, attached.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Canucklehead at 15:16:37.15 on Thu 07/29/2010
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.472
[GMT -4:00]
AV: Bitdefender Antivirus *On-access scanning enabled* (Outdated)
{6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
{17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Canucklehead\Local Settings\Application
Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Documents and Settings\Canucklehead\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Program Files\2dSoft\FS2Explorer\FS2Explorer.exe
F:\fishsim\fishsim2.exe
C:\Documents and Settings\Canucklehead\Local Settings\Application
Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Canucklehead\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride =
plimus.com,www.plimus.com,regnow.com,www.regnow.com,
uInternet Settings,ProxyServer = socks=
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -
c:\program files\common
files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} -
c:\program files\avg\avg8\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} -
c:\program files\microsoft\search enhancement pack\search
helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper:
{9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common
files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} -
c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper:
{dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program
files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper:
{e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows
live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class:
{e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program
files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} -
c:\program files\windows live\toolbar\wltcore.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} -
c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Google Update] "c:\documents and settings\canucklehead\local
settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [ioloDelayModule] c:\program files\iolo\system mechanic
professional 6\delay.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program
files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows
live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} -
c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
{53707962-6F74-2D53-2644-206D7942484F} -
c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -
hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31564D57-0000-0010-8000-00AA00389B71} -
hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162196894187
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} -
hxxp://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -
hxxp://208.29.86.7/activex/AxisCamControl.cab
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} -
hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist Express Customer - c:\program
files\citrix\gotoassist express customer\136\g2ax_winlogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver
x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-18 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver
x86;c:\windows\system32\drivers\avgmfx86.sys [2009-3-18 27784]
R1 AvgTdiX;AVG Free8 Network
Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe
[2009-8-28 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe
[2009-8-28 297752]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-13 54752]
S1 cmdGuard;COMODO Internet Security Sandbox
Driver;c:\windows\system32\drivers\cmdguard.sys -->
c:\windows\system32\drivers\cmdguard.sys [?]
S1 cmdHlp;COMODO Internet Security Helper
Driver;c:\windows\system32\drivers\cmdhlp.sys -->
c:\windows\system32\drivers\cmdhlp.sys [?]
S2 cmdAgent;COMODO Internet Security Helper Service;"c:\program
files\comodo\comodo internet security\cmdagent.exe" --> c:\program
files\comodo\comodo internet security\cmdagent.exe [?]
S2 gupdate1c98c18bb6bdaa2;Google Update Service
(gupdate1c98c18bb6bdaa2);c:\program
files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 gupdate1ca58cb355289cc;Google Update Service
(gupdate1ca58cb355289cc);c:\program
files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S2 gupdate1cb0d5bf19c53a4;Google Update Service
(gupdate1cb0d5bf19c53a4);c:\program
files\google\update\GoogleUpdate.exe [2009-2-11 133104]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows
live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program
files\citrix\gotoassist express customer\136\g2ax_service.exe
[2009-1-9 46392]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-3 14424]
S3 PentaxUsb;PENTAX Optio E10 on
USB;c:\windows\system32\drivers\CoachUsb.sys [2007-5-2 50976]
S3 PentaxVc;PENTAX Optio E10 Video
Capture;c:\windows\system32\drivers\CoachVc.sys [2007-5-2 44256]
============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2010-07-28 19:42:01 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-28 19:41:09 2458 ----a-w- c:\windows\lsrslt.ini
2010-07-28 19:26:35 120 ----a-w- c:\windows\Wyayehamirol.dat
2010-07-28 19:26:35 0 ----a-w- c:\windows\Ryilesagubin.bin
2010-07-28 19:25:42 150 -c--a-w- C:\zrpt.xml
2010-07-28 19:23:54 0 dc----w- c:\docume~1\canuck~1\applic~1\48DA3BDEC53196BC68F63B76E7CBCE5D
2010-07-03 13:03:32 0 dc----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-07-03 13:03:29 0 d-----w- c:\program files\PCPitstop
2010-07-02 14:07:05 0 dc----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
2010-07-02 14:02:02 0 dc----w- C:\videooutput
2010-07-02 14:01:44 0 d-----w- c:\windows\Applian Director
2010-07-02 14:01:09 0 d-----w- c:\program files\Vuze_Remote
2010-06-29 20:49:47 197232 -c--a-w- C:\BdUninstallTool2010.06.29-04.49.47.reg
==================== Find3M ====================
2010-07-29 18:50:36 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-09 11:07:24 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-17 21:54:42 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-06-17 21:54:39 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-30 09:47:20 341504 ----a-w- c:\windows\system32\yowindow.scr
2009-12-10 16:46:49 195 ----a-w- c:\program files\dvdrip.ini
2009-12-10 16:44:40 305139 ----a-w- c:\program files\DVD Rip 0.2.exe
2009-05-11 16:00:48 4941312 ----a-w- c:\program files\AdbeRdrUpd711_all_incr.msp
2009-05-11 15:43:34 21878064 ----a-w- c:\program files\QuickTimeInstaller.exe
2009-05-11 15:42:46 476696 ----a-w- c:\program files\RealPlayer11GOLD.exe
2009-05-11 15:41:59 13686112 ----a-w- c:\program files\winzip112.exe
2009-05-11 15:40:57 1878888 ----a-w- c:\program files\install_flash_player.exe
2006-10-04 16:23:45 1446442 -c--a-w- c:\program files\moviecodec.zip
2006-09-13 07:54:39 713503 ----a-w- c:\program files\xnews.zip
2005-07-14 19:31:20 27648 -csha-w- c:\windows\system32\AVSredirect.dll
2005-06-26 22:32:28 616448 -csha-r- c:\windows\system32\cygwin1.dll
2005-06-22 05:37:42 45568 -csha-r- c:\windows\system32\cygz.dll
2009-05-17 18:53:20 32768 -csha-w- c:\windows\system32\config\systemprofile\local
settings\history\history.ie5\mshist012009051720090518\index.dat
============= FINISH: 15:18:04.12 ===============