Impossible to Remove Malware?

[MadBritSF]

Hi,

Thanks in advance for your help...

In short, I have been dealing with this infection for 4-6 weeks. Originally had BitDefender on the system but it was quickly infected by a worm my wife brought home on her office laptop (NIMD?). After using everything from Combofix, OTL, GMER. etc. I ran an OTL script that allowed MBAM (Pro) to detect Trojan.FAKEMS (4 instances) which it had trouble cleaning 1 instance. Within 5 minutes I knew I was reinfected again (TCPv6 communications when IPv6 is disabled, etc). after weeks of trying to track this down I believe it was hiding in the \System Volume Information directories and also weird files hidden in user instances of the $Recycle bin. Rescue CD's don't seem to work.

After reformatting all my drives(low level, cleaned MBR's, etc.) I reinstalled today and locked down everything ASAP. Within 2 hours I got an alert from MBAM; It's a pretty fresh installation with not much junk.

On running Windows Update; the downloads came from 4.23.42.126 (according to TCPView) - not a Microsoft address as far as I can determine...

11:22:07 <USERNAME> IP-BLOCK 195.234.4.30 (Type: outgoing, Port: 49228, Process: firefox.exe)

The website is in Kiev - this has happened before and maybe downloading a Trojan Dropper (also found previously). My PC Tools firewall is blocking IGMP outbound calls and inbound calls from unknown MAC addresses. All IPv6 interfaces and tunnels are disabled.

DSS logs as follows:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514

Run by Parker at 11:52:55 on 2011-10-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.16361.14139 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

E:\Program Files\SuperAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

E:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe

C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

E:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe

E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

E:\Program Files (x86)\Mozilla Firefox\firefox.exe

E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

mRun: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [00PCTFW] "E:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s

mRun: [TrueImageMonitor.exe] "E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: FilterAdministratorToken = 1 (0x1)

TCP: DhcpNameServer = 68.87.76.182 68.87.78.134

TCP: Interfaces\{D894AA7A-E254-4744-8B82-4DBDD79E384F} : DhcpNameServer = 68.87.76.182 68.87.78.134

mRun-x64: [Malwarebytes' Anti-Malware] "E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [00PCTFW] "E:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s

mRun-x64: [TrueImageMonitor.exe] "E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - E:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\ireaveb8.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt53;Acronis Disk Storage Filter (53);C:\Windows\system32\DRIVERS\vsflt53.sys --> C:\Windows\system32\DRIVERS\vsflt53.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 pctgntdi;pctgntdi;\??\C:\Windows\System32\drivers\pctgntdi64.sys --> C:\Windows\System32\drivers\pctgntdi64.sys [?]

R1 SASDIFSV;SASDIFSV;E:\Program Files\SuperAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;E:\Program Files\SuperAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;E:\Program Files\SuperAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 MBAMService;MBAMService;E:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-20 366152]

R2 PCToolsFirewallPlus;PC Tools Firewall Plus;E:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [2011-10-21 286000]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;\??\C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys --> C:\Windows\system32\drivers\pctNdis-PacketFilter64.sys [?]

R3 pctNdisMP;PC Tools Driver;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]

R3 pctplfw;pctplfw;\??\C:\Windows\System32\drivers\pctplfw64.sys --> C:\Windows\System32\drivers\pctplfw64.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\system32\DRIVERS\pctNdis64.sys --> C:\Windows\system32\DRIVERS\pctNdis64.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-10-21 18:48:18 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-10-21 18:02:33 69000 ----a-w- E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1641FC4B-CF75-4F57-AA45-B4099715EE67}\offreg.dll

2011-10-21 17:36:44 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys

2011-10-21 17:36:42 275552 ----a-w- C:\Windows\System32\drivers\snapman.sys

2011-10-21 17:36:42 210016 ----a-w- C:\Windows\System32\drivers\vididr.sys

2011-10-21 17:36:42 141920 ----a-w- C:\Windows\System32\drivers\vsflt53.sys

2011-10-21 17:29:01 -------- d-----w- E:\Users\Parker\AppData\Roaming\PCToolsFirewallPlus

2011-10-21 17:26:39 233488 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys

2011-10-21 17:26:38 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys

2011-10-21 17:26:38 140800 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys

2011-10-21 17:25:21 79000 ----a-w- C:\Windows\System32\drivers\pctNdis64.sys

2011-10-21 17:25:21 42968 ----a-w- C:\Windows\System32\drivers\pctNdis-DNS64.sys

2011-10-21 17:25:21 119688 ----a-w- C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys

2011-10-21 17:25:21 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-10-21 17:25:20 179976 ----a-w- C:\Windows\System32\drivers\pctplfw64.sys

2011-10-21 17:23:32 -------- d-----w- C:\Program Files (x86)\Flash-Data

2011-10-21 17:22:28 -------- d-----w- E:\Users\Parker\Flash-Data

2011-10-21 17:12:01 -------- d-----w- E:\Users\Parker\AppData\Local\Mozilla

2011-10-21 16:51:26 -------- d-----w- C:\Program Files (x86)\Renesas Electronics

2011-10-21 16:50:34 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2011-10-21 16:50:09 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys

2011-10-21 16:49:38 -------- d-----w- C:\Windows\System32\appmgmt

2011-10-21 16:48:43 53248 ----a-r- C:\Windows\SysWow64\CSVer.dll

2011-10-21 16:48:30 -------- d-----w- C:\Intel

2011-10-21 16:47:00 16896 ----a-w- C:\Windows\AsTaskSched.dll

2011-10-21 16:45:51 1937312 ----a-w- C:\Windows\System32\FMAPO64.dll

2011-10-21 16:34:27 -------- d-----w- E:\Users\Parker\AppData\Local\ATI

2011-10-21 16:14:00 -------- d-----w- E:\Users\Parker\AppData\Roaming\SUPERAntiSpyware.com

2011-10-21 16:09:32 -------- d-----w- E:\Users\Parker\AppData\Roaming\Malwarebytes

2011-10-21 15:59:22 -------- d-----w- E:\ProgramData\SUPERAntiSpyware.com

2011-10-21 15:38:29 -------- d-----w- C:\Windows\SysWow64\Wat

2011-10-21 15:38:29 -------- d-----w- C:\Windows\System32\Wat

2011-10-21 00:17:07 -------- d-----w- C:\Program Files\CCleaner

2011-10-20 23:39:59 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2011-10-20 23:17:00 9049936 ----a-w- E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-20 23:16:56 8570192 ----a-w- E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1641FC4B-CF75-4F57-AA45-B4099715EE67}\mpengine.dll

2011-10-20 23:16:43 917840 ------w- E:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B3971F0-B197-4361-B5EA-F9343B4F9251}\gapaengine.dll

2011-10-20 23:15:47 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2011-10-20 23:15:46 -------- d-----w- C:\Program Files\Microsoft Security Client

2011-10-20 22:54:26 0 ----a-w- C:\Windows\ativpsrm.bin

2011-10-20 22:53:00 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2011-10-20 22:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2011-10-20 22:53:00 -------- d-----w- C:\Program Files (x86)\AMD APP

2011-10-20 22:52:43 -------- d-----w- C:\Program Files\ATI

2011-10-20 22:29:30 -------- d-----w- E:\ProgramData\Malwarebytes

2011-10-20 22:29:28 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-10-20 22:23:34 9049936 ----a-w- E:\ProgramData\Microsoft\Windows Defender\Definition Updates\{27AEEB6F-3146-4498-B0BD-D1E1E6E9DA40}\mpengine.dll

2011-10-20 22:15:30 314568 ----a-r- C:\Windows\System32\PROUnstl.exe

2011-10-20 22:15:03 68264 ----a-w- C:\Windows\System32\e1cmsg.dll

2011-10-20 22:15:03 36472 ----a-w- C:\Windows\System32\NicCo36.dll

2011-10-20 22:15:03 313520 ----a-w- C:\Windows\System32\drivers\e1c62x64.sys

2011-10-20 22:15:02 91840 ----a-w- C:\Windows\System32\NicInstC.dll

2011-10-20 22:14:38 -------- d-sh--w- C:\Windows\Installer

2011-10-20 22:08:51 -------- d-sh--w- C:\Recovery

2011-10-20 19:00:24 -------- d-----w- C:\Windows\Panther

.

==================== Find3M ====================

.

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-14 18:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll

2011-09-14 18:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2011-09-14 18:47:22 51200 ----a-w- C:\Windows\System32\OpenCL.dll

2011-09-14 18:47:18 43520 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2011-09-14 18:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll

2011-09-14 18:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll

2011-09-14 18:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll

2011-09-14 18:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll

2011-09-08 18:27:22 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2011-09-08 17:59:44 24229376 ----a-w- C:\Windows\System32\atio6axx.dll

2011-09-08 17:39:44 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2011-09-08 17:34:20 151552 ----a-w- C:\Windows\System32\atiapfxx.exe

2011-09-08 17:34:10 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2011-09-08 17:32:58 862720 ----a-w- C:\Windows\System32\aticfx64.dll

2011-09-08 17:30:38 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2011-09-08 17:30:26 486912 ----a-w- C:\Windows\System32\atieclxx.exe

2011-09-08 17:29:56 204288 ----a-w- C:\Windows\System32\atiesrxx.exe

2011-09-08 17:28:54 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2011-09-08 17:28:38 423424 ----a-w- C:\Windows\System32\atipdl64.dll

2011-09-08 17:28:32 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll

2011-09-08 17:28:22 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll

2011-09-08 17:28:18 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2011-09-08 17:28:14 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2011-09-08 17:28:10 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2011-09-08 17:24:38 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2011-09-08 17:18:56 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll

2011-09-08 17:18:22 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2011-09-08 17:18:08 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll

2011-09-08 17:16:00 4944896 ----a-w- C:\Windows\System32\atidxx64.dll

2011-09-08 17:09:42 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2011-09-08 17:09:40 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2011-09-08 17:09:30 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2011-09-08 17:09:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2011-09-08 17:09:18 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll

2011-09-08 17:08:24 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2011-09-08 17:05:52 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2011-09-08 17:05:44 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2011-09-08 17:00:02 5428736 ----a-w- C:\Windows\System32\atiumd64.dll

2011-09-08 16:59:48 58880 ----a-w- C:\Windows\System32\coinst.dll

2011-09-08 16:53:20 381952 ----a-w- C:\Windows\System32\atiadlxx.dll

2011-09-08 16:53:12 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2011-09-08 16:52:58 15360 ----a-w- C:\Windows\System32\atig6pxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2011-09-08 16:52:56 13312 ----a-w- C:\Windows\System32\atiglpxx.dll

2011-09-08 16:52:54 39936 ----a-w- C:\Windows\System32\atig6txx.dll

2011-09-08 16:52:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2011-09-08 16:52:40 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2011-09-08 16:52:00 40960 ----a-w- C:\Windows\System32\atiuxp64.dll

2011-09-08 16:51:54 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2011-09-08 16:51:50 38912 ----a-w- C:\Windows\System32\atiu9p64.dll

2011-09-08 16:51:44 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2011-09-08 16:51:12 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2011-09-08 16:51:02 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2011-09-08 16:50:54 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

.

============= FINISH: 11:53:05.74 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume2

Install Date: 10/20/2011 3:08:51 PM

System Uptime: 10/21/2011 11:02:24 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 DELUXE

Processor: Intel® Core i7-2600K CPU @ 3.40GHz | LGA1155 | 3401/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 72.369 GiB free.

E: is FIXED (NTFS) - 932 GiB total, 929.925 GiB free.

F: is CDROM ()

Y: is FIXED (NTFS) - 932 GiB total, 931.359 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Teredo Tunneling Adapter

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

.

Class GUID:

Description: Ethernet Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\6&1831193F&0&004800E7

Manufacturer:

Name: Ethernet Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_84321043&REV_06\6&1831193F&0&004800E7

Service:

.

Class GUID:

Description: Marvell 91xx Config ATA Device

Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\8&AAF7465&0&7.0.0

Manufacturer:

Name: Marvell 91xx Config ATA Device

PNP Device ID: IDE\PROCESSORMARVELL_91XX_CONFIG_____________________1.01____\8&AAF7465&0&7.0.0

Service:

.

==== System Restore Points ===================

.

RP3: 10/20/2011 3:14:50 PM - Installed Intel® Network Connections.

RP4: 10/20/2011 3:23:30 PM - Windows Update

RP5: 10/20/2011 3:27:41 PM - Installed Microsoft Fix it 50409

RP6: 10/20/2011 3:27:58 PM - Installed Microsoft Fix it 50410

RP7: 10/20/2011 3:28:13 PM - Installed Microsoft Fix it 50411

RP8: 10/20/2011 3:28:29 PM - Installed Microsoft Fix it 50412

RP9: 10/20/2011 4:40:11 PM - Windows Update

RP10: 10/21/2011 8:38:23 AM - Windows Update

RP11: 10/21/2011 9:22:55 AM - Windows Update

RP12: 10/21/2011 9:47:50 AM - Installed Browser Configuration Utility.

RP13: 10/21/2011 9:49:10 AM - Removed Browser Configuration Utility.

RP14: 10/21/2011 9:51:23 AM - Installed Renesas Electronics USB 3.0 Host Controller Driver

RP15: 10/21/2011 9:59:02 AM - Installed Intel® Solid-State Drive Toolbox

RP16: 10/21/2011 10:36:28 AM - Installed Acronis True Image

.

==== Installed Programs ======================

.

Acronis True Image WD Edition

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

CCC Help English

Intel® Management Engine Components

Intel® Solid-State Drive Toolbox

Malwarebytes' Anti-Malware version 1.51.2.1300

Mozilla Firefox 7.0.1 (x86 en-US)

PC Tools Firewall Plus 7.0

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

.

==== Event Viewer Messages From Past Week ========

.

10/21/2011 9:24:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based Systems.

10/21/2011 9:14:46 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/21/2011 9:07:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

10/21/2011 9:07:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

10/21/2011 9:07:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/21/2011 9:07:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/21/2011 9:07:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/21/2011 9:07:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

10/21/2011 9:07:29 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

10/20/2011 6:10:26 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The service has not been started.

10/20/2011 5:09:42 PM, Error: Service Control Manager [7023] -

10/20/2011 4:42:31 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/20/2011 3:08:17 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

10/20/2011 3:08:17 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.

10/20/2011 12:45:01 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread

.

==== End Of File ===========================

Whatever it is it's got me. Thanks Again in advance!

Regards,

MB

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[MadBritSF]

Hi and welcome to Malwarebytes.

Do you still need help?

Hi,

I decided to go ahead and reformat and reinstall. I think there are some false positive issues with MBAM on outbound calls but now everything appears to be fine.

Thanks for getting back to me though...

Regards,

MB

[screen317]

Thanks for letting us know.

[screen317]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.