I've tried fixing this problem on my own, but to no avail.
I already completed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions.
I first noticed something wrong when my computer blue screened.
No symptoms before that.
Also worth noting, this thing doesn't like Techspot.
I was unable to post a thread (this thread) on my own computer (It would say that the page couldn't be loaded).
And it then blue screened after repeated attempts at posting.
I'm posting this now on my dad's computer.
Just got this problem yesterday, so it's pretty fresh in my system.
A big thank you to those who take my request into consideration, and the help that later comes with it.
mbam-log-2010-10-17 (12-20-53).txt
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4861
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/17/2010 12:20:53 PM
mbam-log-2010-10-17 (12-20-53).txt
Scan type: Quick scan
Objects scanned: 150838
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS.txt
DDS (Ver_10-10-10.03) - NTFSx86
Run by ENDZYM3 at 12:41:49.05 on Sun 10/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1935 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ENDZYM3\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\endzym3\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LxrAutorun] c:\users\endzym3\appdata\local\lexar media\LxrAutorun.exe
mRun: [WireLessMouse] c:\program files\mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [exe.exe] c:\windows\temp\exe.exe
StartupFolder: c:\users\endzym3\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\endzym3\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-17 165584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-17 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-17 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-9-14 63448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-28 16472]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]
=============== Created Last 30 ================
2010-10-17 15:11:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10:41 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 14:34:31 -------- d-----w- c:\users\endzym3\appdata\roaming\Malwarebytes
2010-10-17 14:34:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 14:34:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34:06 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-17 02:52:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27:52 -------- d-----w- c:\progra~2\Update
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Wyyr
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Acgi
2010-10-16 23:57:26 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2fac1885-57a4-463c-9e81-13086c8182c4}\mpengine.dll
2010-10-16 23:22:40 187 ----a-w- c:\users\endzym3\appdata\roaming\7775.bat
2010-10-16 23:22:39 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Zoni
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Ymfel
2010-10-16 06:06:09 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05:33 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2010-10-16 06:05:05 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2010-10-14 05:21:29 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38:23 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38:23 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38:23 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38:19 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38:19 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-14 02:38:19 109840 ----a-w- c:\program files\windows media player\mplayer2.exe
2010-10-14 02:37:40 -------- d-----w- C:\TELL ME MORE NV
2010-10-13 23:37:00 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 23:36:58 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14:17 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13:41 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13:27 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12:12 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:12:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11:26 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11:18 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11:18 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10:49 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10:07 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 04:12:16 -------- d-----w- c:\windows\system32\appmgmt
2010-10-12 02:36:04 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:32:12 -------- d-----w- c:\progra~2\Rosetta Stone
2010-10-02 21:04:46 -------- d-----w- c:\progra~2\2DBoy
2010-10-02 19:32:56 -------- dc-h--w- c:\progra~2\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32:43 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29:11 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 23:18:35 -------- d-----w- c:\users\endzym3\.dvdcss
2010-09-26 23:14:20 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12:43 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11:17 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-09-26 23:07:38 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-09-26 23:07:08 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-09-26 23:03:53 -------- d-----w- c:\users\endzym3\appdata\local\Microsoft Games
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-10-02 20:02:34 20521984 ----a-w- c:\windows\system32\imageres.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 15:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 15:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 15:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 15:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 15:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 15:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 15:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 14:55:50 37518 ----a-w- c:\windows\system32\Repository.reg
============= FINISH: 12:42:40.33 ===============
I already completed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions.
I first noticed something wrong when my computer blue screened.
No symptoms before that.
Also worth noting, this thing doesn't like Techspot.
I was unable to post a thread (this thread) on my own computer (It would say that the page couldn't be loaded).
And it then blue screened after repeated attempts at posting.
I'm posting this now on my dad's computer.
Just got this problem yesterday, so it's pretty fresh in my system.
A big thank you to those who take my request into consideration, and the help that later comes with it.
mbam-log-2010-10-17 (12-20-53).txt
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4861
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
10/17/2010 12:20:53 PM
mbam-log-2010-10-17 (12-20-53).txt
Scan type: Quick scan
Objects scanned: 150838
Time elapsed: 8 minute(s), 3 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS.txt
DDS (Ver_10-10-10.03) - NTFSx86
Run by ENDZYM3 at 12:41:49.05 on Sun 10/17/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1935 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ENDZYM3\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\users\endzym3\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [LxrAutorun] c:\users\endzym3\appdata\local\lexar media\LxrAutorun.exe
mRun: [WireLessMouse] c:\program files\mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
dRun: [exe.exe] c:\windows\temp\exe.exe
StartupFolder: c:\users\endzym3\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\endzym3\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-17 165584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-17 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-17 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-9-14 63448]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-28 16472]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]
=============== Created Last 30 ================
2010-10-17 15:11:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-10-17 15:10:41 38848 ----a-w- c:\windows\avastSS.scr
2010-10-17 14:34:31 -------- d-----w- c:\users\endzym3\appdata\roaming\Malwarebytes
2010-10-17 14:34:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 14:34:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 14:34:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
2010-10-17 14:34:06 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-17 02:52:19 -------- d-----w- c:\windows\system32\MpEngineStore
2010-10-17 02:27:52 -------- d-----w- c:\progra~2\Update
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Wyyr
2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Acgi
2010-10-16 23:57:26 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2fac1885-57a4-463c-9e81-13086c8182c4}\mpengine.dll
2010-10-16 23:22:40 187 ----a-w- c:\users\endzym3\appdata\roaming\7775.bat
2010-10-16 23:22:39 70144 ----a-w- c:\windows\system32\wdmaudr.dll
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Zoni
2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Ymfel
2010-10-16 06:06:09 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
2010-10-16 06:05:33 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2010-10-16 06:05:05 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2010-10-14 05:21:29 -------- d-----w- c:\program files\Winamp Detect
2010-10-14 02:38:23 38160 ----a-w- c:\windows\system32\LMRTREND.dll
2010-10-14 02:38:23 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
2010-10-14 02:38:23 155408 ----a-w- c:\windows\system32\LMRT.dll
2010-10-14 02:38:19 63488 ----a-w- c:\windows\system32\unam4ie.exe
2010-10-14 02:38:19 217984 ----a-w- c:\windows\system32\strmdll.dll
2010-10-14 02:38:19 109840 ----a-w- c:\program files\windows media player\mplayer2.exe
2010-10-14 02:37:40 -------- d-----w- C:\TELL ME MORE NV
2010-10-13 23:37:00 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-13 23:36:58 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 23:14:17 109056 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 23:13:41 224256 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 23:13:27 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-13 23:13:10 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-13 23:13:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-13 23:12:12 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-13 23:12:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 23:11:26 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 23:11:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 23:11:18 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 23:11:18 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 23:11:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 23:10:49 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-13 23:10:07 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2010-10-12 04:12:16 -------- d-----w- c:\windows\system32\appmgmt
2010-10-12 02:36:04 -------- d-----w- c:\program files\Rosetta Stone
2010-10-08 22:23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-07 18:32:12 -------- d-----w- c:\progra~2\Rosetta Stone
2010-10-02 21:04:46 -------- d-----w- c:\progra~2\2DBoy
2010-10-02 19:32:56 -------- dc-h--w- c:\progra~2\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-10-02 19:32:43 -------- d-----w- c:\program files\Stardock
2010-09-29 10:00:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-09-29 07:30:33 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 07:29:11 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-09-26 23:18:35 -------- d-----w- c:\users\endzym3\.dvdcss
2010-09-26 23:14:20 -------- d-----w- c:\program files\PS3 Media Server
2010-09-26 23:12:43 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2010-09-26 23:11:17 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
2010-09-26 23:07:38 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
2010-09-26 23:07:08 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-09-26 23:03:53 -------- d-----w- c:\users\endzym3\appdata\local\Microsoft Games
2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
==================== Find3M ====================
2010-10-02 20:02:34 20521984 ----a-w- c:\windows\system32\imageres.dll
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-27 15:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-07-27 15:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
2010-07-27 15:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
2010-07-27 15:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
2010-07-27 15:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-27 15:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-27 15:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-27 14:55:50 37518 ----a-w- c:\windows\system32\Repository.reg
============= FINISH: 12:42:40.33 ===============