Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91803 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Gmail Password being stolen possible keylogger


  • This topic is locked This topic is locked
2 replies to this topic

#1 sdawg11

sdawg11

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 13 October 2009 - 06:45 PM

once a week my gmail is hacked and my password is stolen. I then have to change my password after every time my gmail is hacked. I finally got sick of this and reformatted and started over clean. This was 2 weeks ago... then today my gmail was hacked again and my password was stolen/changed. I am so frustrated because I thought I was in the clear after I started fresh. I have run spybot s&d, adaware, and AVGfree and all were clean. Any help would be appreciated to find what I think is a key logger on my computer. EDIT: to clear up any questions about the laptop, it is my personal one that is always in my possession. No one else has access to it. ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/10/13 17:24 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA7B4A000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xBA660000 Size: 8192 File Visible: No Signed: - Status: - Name: PCI_PNP7756 Image Path: \Driver\PCI_PNP7756 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA7515000 Size: 49152 File Visible: No Signed: - Status: - Name: spjp.sys Image Path: spjp.sys Address: 0xB9EA6000 Size: 1052672 File Visible: No Signed: - Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - SSDT ------------------- #: 041 Function Name: NtCreateKey Status: Hooked by "Lbd.sys" at address 0xba0f887e #: 071 Function Name: NtEnumerateKey Status: Hooked by "spjp.sys" at address 0xb9ec5ca4 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spjp.sys" at address 0xb9ec6032 #: 119 Function Name: NtOpenKey Status: Hooked by "spjp.sys" at address 0xb9ea70c0 #: 160 Function Name: NtQueryKey Status: Hooked by "spjp.sys" at address 0xb9ec610a #: 177 Function Name: NtQueryValueKey Status: Hooked by "spjp.sys" at address 0xb9ec5f8a #: 247 Function Name: NtSetValueKey Status: Hooked by "Lbd.sys" at address 0xba0f8bfe ==EOF== DDS (Ver_09-06-26.01) - NTFSx86 Run by Shadi Nayyer at 17:17:14.84 on Tue 10/13/2009 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1526.504 [GMT -7:00] AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\WiFi\bin\S24EvMon.exe svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Intel\WiFi\bin\WLKeeper.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe c:\program files\logitech\quickcam\lu\lulnchr.exe c:\program files\logitech\quickcam\lu\LogitechUpdate.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe C:\Documents and Settings\Shadi Nayyer\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [Google Update] "c:\documents and settings\shadi nayyer\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe" mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe StartupFolder: c:\docume~1\shadin~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\quickcam\eReg.exe IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\shadin~1\applic~1\mozilla\firefox\profiles\8duh2993.default\ FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\documents and settings\shadi nayyer\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\shadi nayyer\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\shadi nayyer\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-12 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-7 335240] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-7 27784] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-7 108552] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-10-7 297752] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1169232] S2 gupdate1ca465c587b860a;Google Update Service (gupdate1ca465c587b860a);c:\program files\google\update\GoogleUpdate.exe [2009-10-6 133104] =============== Created Last 30 ================ 2009-10-13 16:20 <DIR> --d----- c:\program files\Trend Micro 2009-10-13 16:10 190 a---h--- C:\aaw7boot.cmd 2009-10-13 16:06 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-13 16:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2009-10-13 10:18 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 2009-10-13 01:44 272,128 -c------ c:\windows\system32\dllcache\bthport.sys 2009-10-13 01:44 272,128 -------- c:\windows\system32\drivers\bthport.sys 2009-10-13 01:35 2,180,480 -c------ c:\windows\system32\dllcache\ntoskrnl.exe 2009-10-13 01:35 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe 2009-10-13 01:35 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe 2009-10-13 01:35 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe 2009-10-13 01:09 268,648 a------- c:\windows\system32\mucltui.dll 2009-10-13 01:09 208,744 a------- c:\windows\system32\muweb.dll 2009-10-13 01:09 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-10-12 22:48 15,688 a------- c:\windows\system32\lsdelete.exe 2009-10-12 22:40 <DIR> --d----- c:\program files\Rosetta Stone 2009-10-12 22:11 172,032 a------- c:\windows\system32\igfxres.dll 2009-10-12 22:02 64,288 a------- c:\windows\system32\drivers\Lbd.sys 2009-10-12 22:00 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-10-12 21:59 <DIR> --d----- c:\program files\Lavasoft 2009-10-08 12:05 <DIR> --d-h--- C:\$AVG8.VAULT$ 2009-10-07 23:16 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-07 23:16 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-07 23:16 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-07 23:15 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-07 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar 2009-10-07 23:15 <DIR> --d----- c:\program files\AVG 2009-10-07 23:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8 2009-10-07 21:35 <DIR> --d----- c:\docume~1\shadin~1\applic~1\AVG8 2009-10-06 21:49 56,136 a---h--- c:\windows\system32\mlfcache.dat 2009-10-06 01:09 <DIR> --d----- c:\program files\common files\DivX Shared 2009-10-06 01:09 <DIR> --d----- c:\program files\DivX 2009-10-05 12:53 <DIR> --d----- c:\program files\iPod 2009-10-05 12:53 <DIR> --d----- c:\program files\iTunes 2009-10-05 12:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2009-10-05 12:38 53,248 a------- c:\windows\system32\CSVer.dll 2009-10-05 11:49 411,368 a------- c:\windows\system32\deploytk.dll 2009-10-05 11:49 73,728 a------- c:\windows\system32\javacpl.cpl 2009-10-01 22:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\McAfee Security Scan 2009-09-30 21:54 1,324 a------- c:\windows\system32\d3d9caps.dat 2009-09-30 10:58 <DIR> --d----- c:\program files\Bonjour 2009-09-30 10:56 2,065,696 a------- c:\windows\system32\usbaaplrc.dll 2009-09-30 10:56 40,448 a------- c:\windows\system32\drivers\usbaapl.sys 2009-09-30 00:10 17,024 ac------ c:\windows\system32\dllcache\ccdecode.sys 2009-09-30 00:09 490,008 a------- c:\windows\system32\LVUI2.dll 2009-09-30 00:09 195,096 a------- c:\windows\system32\lvci11801048.dll 2009-09-30 00:09 66,482 a------- c:\windows\system32\lvcoinst.ini 2009-09-30 00:09 4,658,584 a------- c:\windows\system32\drivers\lvuvc.sys 2009-09-30 00:09 465,432 a------- c:\windows\system32\LVUI2RC.dll 2009-09-30 00:09 416,280 a------- c:\windows\system32\lvcodec2.dll 2009-09-30 00:09 41,752 a------- c:\windows\system32\drivers\LVUSBSta.sys 2009-09-30 00:09 627,864 a------- c:\windows\system32\drivers\lvrs.sys 2009-09-30 00:09 25,974 a------- c:\windows\system32\Repository.reg 2009-09-30 00:09 23,832 a------- c:\windows\system32\drivers\lvuvcflt.sys 2009-09-29 23:54 <DIR> --d----- c:\program files\common files\Macrovision Shared 2009-09-29 23:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Rosetta Stone 2009-09-29 23:45 3,245 a------- c:\windows\system32\wbem\Outlook_01ca4199910cb9d4.mof 2009-09-29 23:11 107,368 a------- c:\windows\system32\GEARAspi.dll 2009-09-29 23:11 26,600 a------- c:\windows\system32\drivers\GEARAspiWDM.sys 2009-09-29 23:06 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2009-09-29 22:50 <DIR> --d----- c:\windows\SHELLNEW 2009-09-29 22:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2009-09-29 22:41 <DIR> --d----- c:\program files\DAEMON Tools Toolbar 2009-09-29 22:41 <DIR> --d----- c:\program files\DAEMON Tools Lite 2009-09-29 22:39 <DIR> --d----- c:\windows\ServicePackFiles 2009-09-29 22:31 <DIR> --d----- c:\docume~1\shadin~1\applic~1\Dell 2009-09-29 22:31 307,200 a------- c:\windows\system32\BMAPI.dll 2009-09-29 22:31 233,472 a------- c:\windows\system32\NicConfigSvc.cpl 2009-09-29 22:31 61,440 a------- c:\windows\system32\KPower.dll 2009-09-29 22:31 <DIR> --d----- c:\program files\Dell 2009-09-29 22:31 16,128 a------- c:\windows\system32\drivers\APPDRV.SYS 2009-09-29 22:31 <DIR> --d----- c:\windows\system32\ReinstallBackups 2009-09-29 22:30 68,696 a------- c:\windows\system32\drivers\oz776.sys 2009-09-29 22:30 <DIR> --d----- c:\program files\O2Micro OZ776 SCR Driver 2009-09-29 22:27 721,904 a------- c:\windows\system32\drivers\sptd.sys 2009-09-29 22:27 <DIR> --d----- c:\docume~1\shadin~1\applic~1\DAEMON Tools Lite 2009-09-29 22:26 6,400 ac------ c:\windows\system32\dllcache\splitter.sys 2009-09-29 22:26 6,400 a------- c:\windows\system32\drivers\splitter.sys 2009-09-29 22:25 <DIR> --d----- c:\program files\SigmaTel 2009-09-29 22:12 <DIR> --d----- c:\windows\system32\PreInstall 2009-09-29 22:12 26,488 a------- c:\windows\system32\spupdsvc.exe 2009-09-29 22:12 <DIR> --d-h--- c:\windows\$hf_mig$ 2009-09-29 19:21 <DIR> --ds---- c:\documents and settings\shadi nayyer\UserData 2009-09-29 19:08 <DIR> --d----- c:\windows\system32\SoftwareDistribution 2009-09-29 19:08 <DIR> --d----- c:\program files\Broadcom 2009-09-29 19:06 <DIR> --d----- c:\docume~1\shadin~1\applic~1\Intel 2009-09-29 19:06 3,632,384 a------- c:\windows\system32\drivers\NETw5x32.sys 2009-09-29 19:06 2,756,608 a------- c:\windows\system32\NETw5r32.dll 2009-09-29 19:06 663,552 a------- c:\windows\system32\NETw5c32.dll 2009-09-29 19:05 <DIR> --d----- c:\program files\common files\Intel 2009-09-29 18:45 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys 2009-09-29 18:25 <DIR> --d----- c:\windows\system32\URTTemp 2009-09-29 18:18 <DIR> --d----- c:\documents and settings\Shadi Nayyer 2009-09-29 18:16 <DIR> --ds---- c:\windows\system32\Microsoft 2009-09-29 18:15 8,192 a------- c:\windows\REGLOCS.OLD 2009-09-29 18:13 79,872 ac------ c:\windows\system32\dllcache\rwia330.dll 2009-09-29 18:12 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll 2009-09-29 18:11 184,435 ac------ c:\windows\system32\dllcache\fp4amsft.dll 2009-09-29 18:10 <DIR> --dsh--- c:\documents and settings\all users\DRM 2009-09-29 18:10 <DIR> --ds---- c:\windows\Downloaded Program Files 2009-09-29 18:10 <DIR> --d--r-- c:\windows\Offline Web Pages 2009-09-29 18:10 488 a---hr-- c:\windows\system32\WindowsLogon.manifest 2009-09-29 18:10 488 a---hr-- c:\windows\system32\logonui.exe.manifest 2009-09-29 18:10 749 a---hr-- c:\windows\WindowsShell.Manifest 2009-09-29 18:10 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest 2009-09-29 18:10 749 a---hr-- c:\windows\system32\sapi.cpl.manifest 2009-09-29 18:10 749 a---hr-- c:\windows\system32\nwc.cpl.manifest 2009-09-29 18:10 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest 2009-09-29 18:10 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest 2009-09-29 18:10 <DIR> --d-h--- c:\program files\WindowsUpdate 2009-09-29 18:10 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex 2009-09-29 18:09 <DIR> --d----- c:\program files\common files\MSSoap 2009-09-29 18:07 <DIR> --d----- c:\program files\Online Services 2009-09-29 18:07 <DIR> --d----- c:\program files\Messenger 2009-09-29 18:07 <DIR> --d----- c:\program files\MSN Gaming Zone 2009-09-29 18:06 <DIR> --d----- c:\program files\Windows NT 2009-09-29 10:58 <DIR> --d----- c:\program files\common files\ODBC 2009-09-29 10:58 <DIR> --d----- c:\program files\common files\SpeechEngines 2009-09-29 10:58 <DIR> --d--r-- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2009-09-30 18:44 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2009-09-30 00:10 0 a------- c:\windows\system32\drivers\lvuvc.hs 2009-09-30 00:10 0 a------- c:\windows\system32\drivers\logiflt.iad 2009-09-29 18:08 21,640 a------- c:\windows\system32\emptyregdb.dat 2009-09-29 11:19 2,146,304 a------- c:\windows\system32\GPhotos.scr 2009-08-23 14:00 62,592 a------- c:\windows\system32\drivers\cdrom.sys 2009-08-23 14:00 922,112 -------- c:\windows\system32\imapi2fs.dll 2009-08-23 14:00 426,496 -------- c:\windows\system32\imapi2.dll 2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll 2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll 2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll ============= FINISH: 17:17:56.50 ===============

Attached Files


Edited by sdawg11, 13 October 2009 - 06:47 PM.

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 17 October 2009 - 08:15 AM

Hi,

There aren't any obvious signs of malware on your system. The problem maybe with Gmail, I would report it with them and make sure they look into it,

but lets run a couple of scans just to be certain

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply


In your next reply please include
  • MBAM Log
  • Kaspersky report

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 21 October 2009 - 05:27 AM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users