1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Using Three Identities Win 7; one is damaged

Discussion in 'Malware and Virus Removal Archive' started by DeaconBernie, 2011/06/17.

Thread Status:
Not open for further replies.
  1. 2011/06/17
    DeaconBernie

    DeaconBernie Inactive Thread Starter

    Joined:
    2010/12/15
    Messages:
    3
    Likes Received:
    0
    [Inactive] Using Three Identities Win 7; one is damaged

    I use three identities: main is DeaconBernie and other two are Games and mytrainstuff. Games and mytrainstuff work fine; indeed, mytrainstuff is the only way I can reach the internet. In the main identity, I cannot log into either Google or Internet Explorer; nor can I run GoogleChrome.exe. In fact, it even erases any reference to Google in any shape or form. I've run Windows Security and Avast but no malware is found. Short of eliminating the main identity and starting over, are there any other solutions I can try?
    Thanks in advance.

    Doing these tests and trying to post them here properly has convinced me that I do not know as much as I thought I knew.

    Bernie

    Four tests done:

    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-17 15:19:13
    -----------------------------
    15:19:13.396 OS Version: Windows 6.1.7601 Service Pack 1
    15:19:13.396 Number of processors: 2 586 0x6B01
    15:19:13.398 ComputerName: LYNGDAL UserName:
    15:19:15.172 Initialize success
    15:19:33.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    15:19:33.186 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
    15:19:35.203 Disk 0 MBR read successfully
    15:19:35.207 Disk 0 MBR scan
    15:19:35.210 Disk 0 Windows 7 default MBR code
    15:19:37.215 Disk 0 scanning sectors +976771072
    15:19:37.251 Disk 0 scanning C:\Windows\system32\drivers
    15:19:42.294 Service scanning
    15:19:43.444 Disk 0 trace - called modules:
    15:19:43.456
    15:19:43.467 Scan finished successfully
    15:21:31.193 Disk 0 MBR has been saved successfully to "C:\Users\My Train Stuff\Downloads\MBR.dat "
    15:21:31.209 The log file has been saved successfully to "C:\Users\My Train Stuff\Downloads\aswMBR.txt "


    aswMBR version 0.9.6.399 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-17 15:19:13
    -----------------------------
    15:19:13.396 OS Version: Windows 6.1.7601 Service Pack 1
    15:19:13.396 Number of processors: 2 586 0x6B01
    15:19:13.398 ComputerName: LYNGDAL UserName:
    15:19:15.172 Initialize success
    15:19:33.179 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    15:19:33.186 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3
    15:19:35.203 Disk 0 MBR read successfully
    15:19:35.207 Disk 0 MBR scan
    15:19:35.210 Disk 0 Windows 7 default MBR code
    15:19:37.215 Disk 0 scanning sectors +976771072
    15:19:37.251 Disk 0 scanning C:\Windows\system32\drivers
    15:19:42.294 Service scanning
    15:19:43.444 Disk 0 trace - called modules:
    15:19:43.456
    15:19:43.467 Scan finished successfully
    15:21:31.193 Disk 0 MBR has been saved successfully to "C:\Users\My Train Stuff\Downloads\MBR.dat "
    15:21:31.209 The log file has been saved successfully to "C:\Users\My Train Stuff\Downloads\aswMBR.txt "
    19:25:25.732 Disk 0 MBR has been saved successfully to "C:\Users\Deacon\Tests for Windows BBS\MBR.dat "
    19:25:25.746 The log file has been saved successfully to "C:\Users\Deacon\Tests for Windows BBS\aswMBR.txt "


    Reimage Repair
    Revo Uninstaller 1.92
    runtime
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    SlimDrivers
    Software Informer 1.0 BETA
    Soluto
    SUPERAntiSpyware
    Texas Hold'em 3D XP Championship
    WebM Media Foundation Components
    Window Shopper
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinPatrol
    WordPerfect Office X3
    Yahtzee
    Zappit!
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/17/2011 9:59:48 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    6/17/2011 8:58:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
    6/17/2011 12:07:05 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
    6/16/2011 9:31:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1880.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/16/2011 9:31:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1880.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/16/2011 9:31:01 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1880.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/16/2011 1:38:18 PM, Error: Service Control Manager [7023] -
    6/16/2011 1:37:55 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    6/14/2011 3:43:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    6/14/2011 3:33:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    6/14/2011 3:33:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    6/14/2011 3:33:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    6/14/2011 3:33:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    6/14/2011 3:32:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache ImmunetProtectDriver ImmunetSelfProtectDriver mozyFilter MpFilter SASDIFSV SASKUTIL Soluto spldr Wanarpv6
    6/14/2011 3:08:09 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk8\DR8.
    6/14/2011 12:16:28 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    6/14/2011 10:32:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1880.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    6/12/2011 11:16:41 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    6/11/2011 2:37:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.105.1707.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    6/11/2011 2:37:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    6/11/2011 2:36:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    6/11/2011 2:27:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    6/10/2011 12:40:01 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 0.0.0.0;0.0.0.0 Engine version: 0.0.0.0
    .
    ==== End Of File ===========================


    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit scan 2011-06-17 16:55:50
    Windows 6.1.7601 Service Pack 1
    Running: z43800sq.exe; Driver: C:\Users\MYTRAI~1\AppData\Local\Temp\pwldapod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKey + 13C1 83040339 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83079D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B5F3DF8-742E-41BC-A0DF-C4D043ABBED0}\MpKsl9dd29115.sys The system cannot find the file specified. !
    ? C:\Users\MYTRAI~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ? C:\Users\MYTRAI~1\AppData\Local\Temp\pwldapod.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtCreateFile + 6 771155CE 4 Bytes [28, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtCreateFile + B 771155D3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtMapViewOfSection + 6 77115C2E 1 Byte [28]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtMapViewOfSection + 6 77115C2E 4 Bytes [28, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtMapViewOfSection + B 77115C33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenFile + 6 77115CDE 4 Bytes [68, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenFile + B 77115CE3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcess + 6 77115D8E 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcess + B 77115D93 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessToken + 6 77115D9E 4 Bytes CALL 761164A4 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessToken + B 77115DA3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessTokenEx + 6 77115DAE 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenProcessTokenEx + B 77115DB3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThread + 6 77115E0E 4 Bytes [68, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThread + B 77115E13 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadToken + 6 77115E1E 4 Bytes [68, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadToken + B 77115E23 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadTokenEx + 6 77115E2E 4 Bytes CALL 76116535 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtOpenThreadTokenEx + B 77115E33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryAttributesFile + 6 77115F3E 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryAttributesFile + B 77115F43 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryFullAttributesFile + 6 77115FEE 4 Bytes CALL 761166F3 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtQueryFullAttributesFile + B 77115FF3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationFile + 6 7711663E 4 Bytes [28, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationFile + B 77116643 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationThread + 6 7711669E 4 Bytes [28, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtSetInformationThread + B 771166A3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 1 Byte [68]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 4 Bytes [68, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[1928] ntdll.dll!NtUnmapViewOfSection + B 771169C3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + 6 771155CE 4 Bytes [28, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtCreateFile + B 771155D3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + 6 77115C2E 1 Byte [28]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + 6 77115C2E 4 Bytes [28, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtMapViewOfSection + B 77115C33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + 6 77115CDE 4 Bytes [68, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenFile + B 77115CE3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + 6 77115D8E 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcess + B 77115D93 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + 6 77115D9E 4 Bytes CALL 761164A4 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessToken + B 77115DA3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + 6 77115DAE 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenProcessTokenEx + B 77115DB3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + 6 77115E0E 4 Bytes [68, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThread + B 77115E13 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + 6 77115E1E 4 Bytes [68, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadToken + B 77115E23 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + 6 77115E2E 4 Bytes CALL 76116535 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtOpenThreadTokenEx + B 77115E33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + 6 77115F3E 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryAttributesFile + B 77115F43 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + 6 77115FEE 4 Bytes CALL 761166F3 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtQueryFullAttributesFile + B 77115FF3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + 6 7711663E 4 Bytes [28, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationFile + B 77116643 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + 6 7711669E 4 Bytes [28, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtSetInformationThread + B 771166A3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 1 Byte [68]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 4 Bytes [68, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[4800] ntdll.dll!NtUnmapViewOfSection + B 771169C3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + 6 771155CE 4 Bytes [28, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtCreateFile + B 771155D3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77115C2E 1 Byte [28]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + 6 77115C2E 4 Bytes [28, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtMapViewOfSection + B 77115C33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + 6 77115CDE 4 Bytes [68, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenFile + B 77115CE3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + 6 77115D8E 4 Bytes [A8, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcess + B 77115D93 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + 6 77115D9E 4 Bytes CALL 761164A4 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessToken + B 77115DA3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + 6 77115DAE 4 Bytes [A8, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenProcessTokenEx + B 77115DB3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + 6 77115E0E 4 Bytes [68, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThread + B 77115E13 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + 6 77115E1E 4 Bytes [68, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadToken + B 77115E23 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + 6 77115E2E 4 Bytes CALL 76116535 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtOpenThreadTokenEx + B 77115E33 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + 6 77115F3E 4 Bytes [A8, 00, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryAttributesFile + B 77115F43 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + 6 77115FEE 4 Bytes CALL 761166F3 C:\Windows\system32\USER32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtQueryFullAttributesFile + B 77115FF3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + 6 7711663E 4 Bytes [28, 01, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationFile + B 77116643 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + 6 7711669E 4 Bytes [28, 02, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtSetInformationThread + B 771166A3 1 Byte [E2]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 1 Byte [68]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + 6 771169BE 4 Bytes [68, 03, 07, 00]
    .text C:\Users\My Train Stuff\AppData\Local\Google\Chrome\Application\chrome.exe[5832] ntdll.dll!NtUnmapViewOfSection + B 771169C3 1 Byte [E2]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\rundll32.exe[5576] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751EFFF6] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume12 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume10 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume11 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)

    ---- EOF - GMER 1.0.15 ----
     
    DeaconBernie,
    #1
  2. 2011/06/17
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...