PDA

View Full Version : Possible Keylogger



dsmanny
2010-07-29, 13:04
Hello,
I had my World of Warcraft Game Account compromised the other day. I used my antivirus program,SpyBot and MBAM and now I am posting the logs in order to see if there is something suspicious that went undetected. Thank you for your help!

DDS (Ver_10-03-17.01) - NTFSx86
Run by marian at 12:54:30,31 on 29.07.2010 Ј.
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1251.359.1033.18.2047.1231 [GMT 3:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}

============== Running Processes ===============

E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\Program Files\Tall Emu\Online Armor\OAcat.exe
E:\Program Files\Tall Emu\Online Armor\oasrv.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
E:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\winsys2.exe
E:\Program Files\Google\Gmail Notifier\gnotify.exe
E:\WINDOWS\VMSnap3.EXE
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Tall Emu\Online Armor\oaui.exe
E:\Program Files\Tall Emu\Online Armor\OAhlp.exe
E:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
E:\Program Files\DAEMON Tools\daemon.exe
E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WordWeb\wweb32.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
E:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
E:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
E:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
E:\Documents and Settings\marian\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IeCatch5 Class: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - e:\progra~1\flashget\jccatch.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - e:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FlashGet Bar: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - e:\progra~1\flashget\fgiebar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
uRun: [DAEMON Tools] "e:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "e:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Pro Agent] "e:\program files\daemon tools pro\DTProAgent.exe"
uRun: [EA Core] "e:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [WordWeb] "e:\program files\wordweb\wweb32.exe" -startup
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [SW20] e:\windows\system32\sw20.exe
mRun: [SW24] e:\windows\system32\sw24.exe
mRun: [WinSys2] e:\windows\system32\winsys2.exe
mRun: [MSI Live] e:\program files\msi\msi live\SetWallpaper.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] e:\program files\google\gmail notifier\gnotify.exe
mRun: [GrooveMonitor] "e:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NeroFilterCheck] e:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [VMSnap3] e:\windows\VMSnap3.EXE
mRun: [BigDog303] e:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [HP Software Update] e:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Computer Alarm Clock]
mRun: [@OnlineArmor GUI] "e:\program files\tall emu\online armor\oaui.exe"
mRun: [nwiz] e:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BtTray] "e:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "e:\malwarebytesportable\app\malwarebytes\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] e:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil9d.exe
StartupFolder: e:\docume~1\marian\startm~1\programs\startup\pictur~1.lnk - e:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\dualco~1.lnk - e:\program files\msi\dualcorecenter\StartUpDualCoreCenter.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - e:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Download All by FlashGet - e:\program files\flashget\jc_all.htm
IE: Download using FlashGet - e:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - e:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send by Bluetooth - e:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - e:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\progra~1\flashget\flashget.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.readyforcrysis.com/sysreqlab2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: {FFFD0423-0507-4EDE-B46A-780DC528500E} = 87.121.75.226 87.121.75.232
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - e:\progra~1\tallem~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\marian\applic~1\mozilla\firefox\profiles\972m61p1.default\
FF - plugin: e:\documents and settings\marian\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: e:\documents and settings\marian\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: e:\documents and settings\marian\application

data\mozilla\firefox\profiles\972m61p1.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
e:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
e:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;e:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20744]
R0 Lbd;Lbd;e:\windows\system32\drivers\Lbd.sys [2010-7-28 64288]
R1 aswSP;aswSP;e:\windows\system32\drivers\aswSP.sys [2010-7-28 165456]
R1 OADevice;OADriver;e:\windows\system32\drivers\OADriver.sys [2009-6-21 198224]
R1 OAmon;OAmon;e:\windows\system32\drivers\OAmon.sys [2009-6-21 31824]
R1 OAnet;OAnet;e:\windows\system32\drivers\OAnet.sys [2009-6-21 29776]
R1 VRVD302;VRVD302;e:\windows\system32\drivers\VRVD302.sys [2008-1-6 11296]
R2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2010-7-28 17744]
R2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
R2 BsMobileCS;BsMobileCS;e:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;e:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
R2 OAcat;Online Armor Helper Service;e:\program files\tall emu\online armor\oacat.exe [2009-6-21 361672]
R2 SvcOnlineArmor;Online Armor;e:\program files\tall emu\online armor\oasrv.exe [2009-6-21 3052744]
R3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
R3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast5\AvastSvc.exe [2010-7-28 40384]
R3 btnetBUs;Bluetooth PAN Bus Service;e:\windows\system32\drivers\btnetBus.sys [2009-6-17 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;e:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 vmfilter303;vmfilter303;e:\windows\system32\drivers\vmfilter303.sys [2008-1-6 428160]
S2 gupdate1c9b6af10d27ab2;Google Update Service (gupdate1c9b6af10d27ab2);e:\program files\google\update\GoogleUpdate.exe [2009-4-6 133104]
S2 ioloFileInfoList;iolo FileInfoList Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-2 615344]
S2 ioloSystemService;iolo System Service;e:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-2 615344]
S3 AEXPAM;Philips SmartManage Service;e:\windows\system32\drivers\aexpamdrv.sys --> e:\windows\system32\drivers\aexpamdrv.sys [?]
S3 GarenaPEngine;GarenaPEngine;\??\e:\docume~1\marian\locals~1\temp\szy1ae.tmp --> e:\docume~1\marian\locals~1\temp\SZY1AE.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;e:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;e:\windows\system32\drivers\PPJoyBus.sys [2004-1-23 13952]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2010-07-28 22:48:23 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-07-28 22:48:21 20952 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-07-28 22:48:21 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-07-28 22:03:12 15880 ----a-w- e:\windows\system32\lsdelete.exe
2010-07-28 18:46:13 38848 ----a-w- e:\windows\avastSS.scr
2010-07-28 18:46:06 0 d-----w- e:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-28 16:48:23 64288 ----a-w- e:\windows\system32\drivers\Lbd.sys
2010-07-28 16:48:19 95024 ----a-w- e:\windows\system32\drivers\SBREDrv.sys
2010-07-28 16:21:09 0 dc-h--w- e:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-28 16:20:46 0 d-----w- e:\program files\Lavasoft
2010-07-28 16:08:08 0 d-----w- e:\program files\CCleaner
2010-07-21 21:03:38 0 d-----w- e:\program files\Prince of Persia The Forgotten Sands
2010-07-15 16:54:30 0 d-----w- e:\program files\Black Mirror 2
2010-07-14 18:23:09 744448 -c----w- e:\windows\system32\dllcache\helpsvc.exe
2010-07-04 14:36:15 0 d-----w- e:\program files\Ventrilo
2010-07-04 14:36:03 262 ----a-w- e:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2010-07-04 14:35:33 0 d-----w- e:\program files\common files\Wise Installation Wizard

==================== Find3M ====================

2010-06-24 11:56:10 461856 ----a-w- e:\windows\War3Unin.dat
2010-05-18 13:35:16 91424 ----a-w- e:\windows\system32\dnssd.dll
2010-05-18 13:35:16 197920 ----a-w- e:\windows\system32\dnssdX.dll
2010-05-18 13:35:16 107808 ----a-w- e:\windows\system32\dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- e:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- e:\windows\system32\win32k.sys
2008-11-10 08:00:23 32768 --sha-w- e:\windows\system32\config\systemprofile\local

settings\history\history.ie5\mshist012008111020081111\index.dat

============= FINISH: 12:56:33,46 ===============

I am attaching the other log.

shelf life
2010-08-04, 01:04
hi dsmanny,

Your log is a few days old. If you still need help simply reply back.