Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Audio Ads on Desktop no Rootkit found PLEASE HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Audio Ads on Desktop no Rootkit found PLEASE HELP!

Unread postby DrewThaNinja » January 1st, 2014, 4:10 pm

I am a YouTuber so my personal files are very important to me please keep this in mind!

This morning my PC (Win 7 Ult 64-bit) abruptly shut itself off and seince the restart I have been experiencing several issues.
1. There are AUDIO ADS playing in the background of my PC constantly, they start when my PC starts up even before opening a browser, and are listed in my Ausio Mixer as No Name Available. There is no apparent source of the audio as I am unable to locate the process.
2. I randomly get errors saying either: My Plug N Play has had an error or DCom has had an error and both require restarts.

I have run MBAM, MBar, Adwcleaner, ComboFix, damagefix, TRL, RKiller, and TDSSKiller and NOTHING can find whatever is causing this issue.

As far as I know I have NO ROOTKITS. I will include the MBAM full scan results and the DDS here for starters.

Thank you in advance from HOPEFULLY saving me from a reformat.

P.S. When I kill the process svchost.exe - audiodg.exe all my sound goes away when I restart the process the Audio Ads stop. If interested I'd be willing to make a Video showing the exact order of actions taken to stop the virus's processes.

-Drew

Malwarebytes Anti-Malware 1.75.0.1300
http://www.malwarebytes.org

Database version: v2014.01.01.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Drew :: NCC-1701-C [administrator]

1/1/2014 12:35:25 PM
mbam-log-2014-01-01 (12-35-25).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 423177
Time elapsed: 43 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\Users\Drew\Desktop\downloads\Adobe photoshop CS6 13.0 [Extended x86+x64] (2012) PC\Patch\Crack\x64\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Users\Drew\Desktop\downloads\Adobe photoshop CS6 13.0 [Extended x86+x64] (2012) PC\Patch\Crack\x86\amtlib.dll (PUP.RiskwareTool.CK) -> No action taken.
C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Steam\SteamApps\common\Fable 3\paul.dll (PUP.RiskwareTool.CK) -> Quarantined and deleted successfully.
C:\ProgramData\Martau\Total Uninstall 6\Backup\Connect DLC 5 Toolbar for IE.Analyzed.zip (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\Martau\Total Uninstall 6\Backup\weDownload Manager Pro.Analyzed.zip (PUP.Optional.WeDownload.A) -> Quarantined and deleted successfully.
C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 (PUP.Optional.Somoto) -> Quarantined and deleted successfully.
C:\Users\Drew\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000 (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.45.2
Run by Drew at 14:13:31 on 2014-01-01
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8174.5330 [GMT -6:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SndVol.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Spotify Web Helper] "C:\Users\Drew\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{52998234-5EA3-4582-ACE8-A25140A20DD3} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-11-22 79488]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-11-22 40064]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-24 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-8 344064]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-11-26 9216]
R2 HOSTNT;HOSTNT;C:\Windows\System32\drivers\hostnt.sys [2013-11-24 13864]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 MSI_SuperCharger;MSI_SuperCharger;C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [2013-11-22 143416]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-22 25928]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2013-11-22 13368]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-22 676968]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-11-22 44672]
S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-22 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-22 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2013-11-22 46136]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-30 121416]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-22 1255736]
.
=============== Created Last 30 ================
.
2014-01-01 19:48:10 -------- d-----w- C:\Windows\ERUNT
2014-01-01 19:45:30 -------- d-----w- C:\AdwCleaner
2014-01-01 19:40:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-01-01 19:25:02 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-01 19:24:48 89304 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-01-01 19:22:57 145920 ----a-w- C:\Windows\System32\drivers\rmcast.sys.bak
2014-01-01 18:27:34 -------- d-----w- C:\TDSSKiller_Quarantine
2014-01-01 17:56:36 98816 ----a-w- C:\Windows\sed.exe
2014-01-01 17:56:36 256000 ----a-w- C:\Windows\PEV.exe
2014-01-01 17:56:36 208896 ----a-w- C:\Windows\MBR.exe
2013-12-31 09:48:46 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1E2EB68B-B92D-4F63-9990-885A3AD7A9D2}\offreg.dll
2013-12-30 17:55:39 -------- d-----w- C:\Users\Drew\AppData\Roaming\MotioninJoy
2013-12-30 17:55:24 74960 ----a-w- C:\Windows\System32\drivers\xusb21.sys
2013-12-30 17:55:24 328712 ----a-w- C:\Windows\System32\MijFrc.dll
2013-12-30 17:55:24 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-12-30 17:55:24 121416 ----a-w- C:\Windows\System32\drivers\MijXfilt.sys
2013-12-30 17:55:24 -------- d-----w- C:\Program Files\MotioninJoy
2013-12-29 12:21:14 -------- d-----w- C:\ProgramData\Steam
2013-12-29 12:20:54 -------- d-----w- C:\Users\Drew\AppData\Roaming\Injustice
2013-12-28 19:31:05 -------- d-----w- C:\Users\Drew\AppData\Roaming\Fatshark
2013-12-26 20:30:44 -------- d-----w- C:\Users\Drew\AppData\Roaming\Warner Bros. Interactive Entertainment
2013-12-21 19:49:00 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2013-12-21 19:49:00 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2013-12-21 19:48:58 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2013-12-21 19:48:45 -------- d-----w- C:\Riot Games
2013-12-21 19:47:47 -------- d-----w- C:\Users\Drew\AppData\Local\PMB Files
2013-12-21 19:47:46 -------- d-----w- C:\ProgramData\PMB Files
2013-12-21 19:47:44 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-12-21 19:46:52 -------- d-----w- C:\Users\Drew\AppData\Roaming\Riot Games
2013-12-17 16:46:06 -------- d-----w- C:\Users\Drew\AppData\Roaming\Wondershare Video Converter Ultimate
2013-12-17 16:45:39 -------- d-----w- C:\Users\Drew\AppData\Local\Wondershare
2013-12-17 16:45:39 -------- d-----w- C:\Program Files\Common Files\Wondershare
2013-12-17 16:45:32 -------- d-----w- C:\ProgramData\Wondershare Video Converter Ultimate
2013-12-17 16:45:30 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-12-17 16:05:12 -------- d-----w- C:\Users\Drew\.lennasinception
2013-12-12 20:48:55 -------- d-----w- C:\Program Files\Ventrilo
2013-12-12 20:48:39 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-12-09 22:20:12 -------- d-----w- C:\Games
2013-12-09 21:49:52 -------- d-----w- C:\Users\Drew\AppData\Roaming\StepMania 5
2013-12-09 21:42:31 -------- d-----w- C:\ProgramData\InstallMate
2013-12-09 20:33:17 -------- d-----w- C:\Program Files\ATI
2013-12-09 20:32:54 -------- d-----w- C:\ATI
2013-12-09 20:27:19 -------- d-----w- C:\Users\Drew\AppData\Local\Logitech® Webcam Software
2013-12-09 20:24:28 53248 ----a-r- C:\Users\Drew\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-09 20:24:12 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2013-12-09 20:17:14 -------- d-----w- C:\ProgramData\DriverGenius
2013-12-08 02:48:42 -------- d-----w- C:\Users\Drew\AppData\Roaming\7 Sticky Notes
2013-12-08 02:46:35 805376 ----a-w- C:\Windows\SysWow64\EditCtlsU.ocx
2013-12-08 02:46:35 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2013-12-08 02:46:35 604672 ----a-w- C:\Windows\SysWow64\ExTVwU.ocx
2013-12-08 02:46:35 554008 ----a-w- C:\Windows\SysWow64\dao360.dll
2013-12-08 02:46:35 212240 ----a-w- C:\Windows\SysWow64\richtx32.ocx
2013-12-08 02:46:35 198456 ----a-w- C:\Windows\SysWow64\MCI32.OCX
2013-12-08 02:46:35 140488 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2013-12-08 02:46:35 1351392 ----a-w- C:\Windows\SysWow64\comctl32.ocx
2013-12-08 02:46:35 1071088 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2013-12-08 02:46:35 1031168 ----a-w- C:\Windows\SysWow64\ExLVwU.ocx
2013-12-08 02:46:35 -------- d-----w- C:\Program Files (x86)\7 Sticky Notes
2013-12-06 19:26:28 -------- d-----w- C:\Users\Drew\AppData\Roaming\Hello Fangaming
2013-12-05 20:48:50 -------- d-----w- C:\Users\Drew\AppData\Local\Diagnostics
2013-12-05 20:20:57 -------- d-----w- C:\Users\Drew\AppData\Local\Mr_Reds_adventure_TMB
2013-12-05 03:28:02 -------- d-----w- C:\Windows\pss
2013-12-05 03:05:20 33856 ---ha-w- C:\Windows\System32\hamachi.sys
2013-12-05 03:05:16 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-12-03 03:31:17 -------- d-----w- C:\Users\Drew\AppData\Local\My Games
.
==================== Find3M ====================
.
2013-12-20 03:49:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-20 03:49:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-05 20:58:31 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-12-05 20:58:31 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-25 02:06:05 76968 ----a-w- C:\Windows\System32\drivers\GrandUsb.sys
2013-11-25 02:06:05 13864 ----a-w- C:\Windows\System32\drivers\hostnt.sys
2013-11-24 18:40:02 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-11-23 01:32:11 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-11-23 00:51:30 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-11-23 00:36:18 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2013-11-22 16:44:46 44544 ----a-w- C:\Windows\System32\themeservice.dll
2013-11-22 16:44:46 332288 ----a-w- C:\Windows\System32\uxtheme.dll
2013-11-22 16:44:46 2851328 ----a-w- C:\Windows\System32\themeui.dll
2013-11-22 16:14:55 0 ----a-w- C:\Windows\ativpsrm.bin
2013-11-22 15:41:21 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-22 15:33:55 14848 ----a-w- C:\Windows\System32\slwga.dll
2013-11-22 15:33:55 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2013-11-22 15:33:54 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2013-11-22 15:33:52 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2013-11-22 15:33:52 1008640 ----a-w- C:\Windows\System32\user32.dll
2013-11-11 11:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-10-08 15:50:12 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-10-08 15:45:08 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-10-08 14:01:20 156712 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-10-08 14:01:18 141256 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-10-08 14:01:06 142792 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-10-08 14:01:06 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-10-08 14:01:04 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-10-08 14:01:04 114488 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-10-08 14:01:02 1237200 ----a-w- C:\Windows\System32\aticfx64.dll
2013-10-08 14:01:00 1030128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-10-08 14:00:56 9464840 ----a-w- C:\Windows\System32\atidxx64.dll
2013-10-08 14:00:52 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-10-08 14:00:46 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-10-08 14:00:42 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-10-08 14:00:36 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-10-08 14:00:32 7256496 ----a-w- C:\Windows\System32\atiumd64.dll
2013-10-08 13:58:42 12534784 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-10-08 13:39:22 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-10-08 13:39:10 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-10-08 13:39:10 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-10-08 13:39:08 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-10-08 13:39:08 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-10-08 13:39:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-10-08 13:38:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-10-08 13:38:58 127488 ----a-w- C:\Windows\System32\coinst_13.152.1.8.dll
2013-10-08 13:38:52 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-10-08 13:38:48 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-10-08 13:38:30 28192256 ----a-w- C:\Windows\System32\amdocl64.dll
2013-10-08 13:36:22 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-10-08 13:34:34 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-10-08 13:34:28 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-10-08 13:17:50 25385984 ----a-w- C:\Windows\System32\atio6axx.dll
2013-10-08 13:13:44 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-10-08 13:13:34 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-10-08 13:13:32 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-10-08 13:13:26 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-10-08 13:13:24 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-10-08 13:13:08 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-10-08 13:09:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-10-08 13:00:30 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-10-08 12:54:10 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-10-08 12:53:58 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-10-08 12:53:50 576512 ----a-w- C:\Windows\System32\atieclxx.exe
2013-10-08 12:52:58 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-10-08 12:51:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-10-08 12:29:04 96256 ----a-w- C:\Windows\System32\amdave64.dll
2013-10-08 12:28:56 90624 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-10-08 12:28:42 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-10-08 12:28:36 784384 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-10-08 12:28:34 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-10-08 12:28:26 594944 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-10-08 12:28:12 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-10-08 12:28:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-10-08 12:28:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-10-08 12:27:56 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-10-08 12:27:46 619008 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-10-08 12:24:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
.
============= FINISH: 14:14:06.21 ===============
You do not have the required permissions to view the files attached to this post.
DrewThaNinja
Active Member
 
Posts: 2
Joined: January 1st, 2014, 4:01 pm
Advertisement
Register to Remove

Re: Audio Ads on Desktop no Rootkit found PLEASE HELP!

Unread postby DrewThaNinja » January 2nd, 2014, 12:58 pm

Screw this waiting BS. I'm just going to reformat. Thanks tho. For nothing
DrewThaNinja
Active Member
 
Posts: 2
Joined: January 1st, 2014, 4:01 pm

Re: Audio Ads on Desktop no Rootkit found PLEASE HELP!

Unread postby Cypher » January 2nd, 2014, 2:16 pm

As you have decided to reformat, this topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Audio Ads on Desktop no Rootkit found PLEASE HELP!

Unread postby Gary R » January 3rd, 2014, 5:32 am

DrewThaNinja wrote:Screw this waiting BS. I'm just going to reformat. Thanks tho. For nothing


Yes, you had to wait a whole day, at a time of the year when people were inconsiderate enough to be spending some time with their families, how unthinkably selfish of them to want to celebrate the New Year.

Had you taken the time to think, instead of stamping your foot like a spoiled child, you might have consider the fact that the people helping on this forum are all volunteers. They contribute their time and knowledge free of charge, and get no recompense for the work they do.

If the service we provide is not swift enough for your liking, then might I suggest you put your hand in your pocket and pay for the assistance you need.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21872
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware