hearing ads through svchost.exe. help?

[kevwon]

So I've been hearing ads lately and on my Volume Mixer the sound is coming from "Host Process for Windows Services".

This has only been occurring since the past hour. Help please?

[MrCharlie]

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS won't run on W8)

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

[kevwon]

Before you responded, I went ahead and scanned with Malwarebytes, Roguekiller, and Combofix. Hopefully this will not be a problem. Here is the DDS and attach.

 

--DDS--

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 8.0.7600.16385

Run by Chongjin at 19:46:09 on 2014-01-03

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.8190.6228 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\viakaraokesrv.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Chongjin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SndVol.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [skyDrive] "C:\Users\Chongjin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{62D56652-318A-4DE6-975E-664DBABC3C6C} : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-10-8 239616]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-10-8 344064]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-11-20 57512]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-29 2210640]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-12-18 27760]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]

R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-12-18 2157680]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

.

=============== Created Last 30 ================

.

2014-01-04 01:37:58 -------- d-sh--w- C:\$RECYCLE.BIN

2014-01-03 06:33:53 -------- d-----w- C:\Users\Chongjin\AppData\Roaming\Malwarebytes

2014-01-03 06:33:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-01-03 06:33:47 -------- d-----w- C:\ProgramData\Malwarebytes

2014-01-03 06:33:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-03 06:33:37 -------- d-----w- C:\Users\Chongjin\AppData\Local\Programs

2014-01-03 06:22:59 76288 ----a-w- C:\Windows\System32\drivers\hidclass.sys.bak

2014-01-02 23:33:00 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBFCCD03-245A-4746-A046-C320F000B500}\offreg.dll

2014-01-01 01:35:35 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys

2014-01-01 00:52:30 -------- d-----w- C:\Users\Chongjin\AppData\Local\ElevatedDiagnostics

2013-12-30 19:43:27 -------- d-----w- C:\Users\Chongjin\AppData\Local\Western Digital

2013-12-27 22:38:07 -------- d-----w- C:\Users\Chongjin\AppData\Roaming\uTorrent

2013-12-25 04:00:59 -------- d-----w- C:\Users\Chongjin\AppData\Local\LogMeIn Hamachi

2013-12-25 04:00:59 -------- d-----w- C:\Users\Chongjin\AppData\Local\LogMeIn

2013-12-25 04:00:59 -------- d-----w- C:\ProgramData\LogMeIn

2013-12-25 04:00:47 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2013-12-21 20:08:00 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab

2013-12-21 06:31:05 -------- d-----w- C:\Users\Chongjin\AppData\Local\TERA

2013-12-21 06:08:39 453456 ----a-w- C:\Windows\SysWow64\d3dx10_41.dll

2013-12-21 06:08:39 1846632 ----a-w- C:\Windows\SysWow64\D3DCompiler_41.dll

2013-12-21 06:07:26 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-21 06:07:26 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-12-21 06:07:11 -------- d-----w- C:\ProgramData\HappyCloud

2013-12-20 23:18:00 -------- d-----w- C:\Users\Chongjin\AppData\Local\Blizzard

2013-12-20 04:10:12 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-12-20 01:28:25 -------- d-----w- C:\Users\Chongjin\AppData\Roaming\LolClient

2013-12-18 21:44:19 -------- d-----w- C:\SkyDriveTemp

2013-12-18 21:39:21 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2013-12-18 21:39:21 -------- d-----r- C:\Users\Chongjin\SkyDrive

2013-12-18 21:39:17 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2013-12-18 21:31:06 414632 ------w- C:\Windows\difxapi.dll

2013-12-18 21:31:06 -------- d-----w- C:\Program Files (x86)\VIA

2013-12-18 21:30:43 994416 ----a-w- C:\Windows\System32\VIAPropPageExt.dll

2013-12-18 21:30:43 91760 ----a-w- C:\Windows\System32\Dts2PropPageExt.dll

2013-12-18 21:30:43 87152 ----a-w- C:\Windows\System32\ViaMicArrayPropPageExt.dll

2013-12-18 21:30:43 86016 ----a-w- C:\Windows\System32\nQPropPageExt.dll

2013-12-18 21:30:43 82432 ----a-w- C:\Windows\System32\nQAPO.dll

2013-12-18 21:30:43 556144 ----a-w- C:\Windows\System32\VIASysFx.dll

2013-12-18 21:30:43 27760 ----a-w- C:\Windows\System32\ViakaraokeSrv.exe

2013-12-18 21:30:43 248944 ----a-w- C:\Windows\System32\Dts2APO.dll

2013-12-18 21:30:43 2157680 ----a-w- C:\Windows\System32\drivers\viahduaa.sys

2013-12-18 21:30:43 202864 ----a-w- C:\Windows\System32\ViaMicArrayAPO.dll

2013-12-18 21:30:43 116848 ----a-w- C:\Windows\System32\ViaKaraokePropPageExt.dll

2013-12-18 21:30:43 1161328 ----a-w- C:\Windows\System32\ViaKaraokeApo.dll

2013-12-18 21:25:17 -------- d-----w- C:\Program Files\CPUID

2013-12-18 21:04:30 -------- d-----w- C:\Users\Chongjin\AppData\Local\SearchProtect

2013-12-18 21:03:44 -------- d-----w- C:\ProgramData\Conduit

2013-12-18 21:03:34 -------- d-----w- C:\Users\Chongjin\AppData\Local\NativeMessaging

2013-12-18 21:03:34 -------- d-----w- C:\Users\Chongjin\AppData\Local\Conduit

2013-12-18 21:03:32 -------- d-----w- C:\Users\Chongjin\AppData\Local\CRE

2013-12-18 21:03:32 -------- d-----w- C:\Program Files (x86)\Conduit

2013-12-15 00:39:52 -------- d-----w- C:\Windows\Panther

2013-12-14 23:44:43 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll

2013-12-14 23:44:43 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll

2013-12-14 23:44:43 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll

2013-12-14 23:44:43 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2013-12-14 23:44:43 3495784 ----a-w- C:\Windows\SysWow64\d3dx9_33.dll

2013-12-14 23:44:43 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll

2013-12-14 23:44:43 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll

2013-12-14 23:44:26 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2013-12-14 23:27:22 -------- d-----r- C:\Program Files (x86)\Skype

2013-12-14 23:10:14 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-14 23:10:14 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DBFCCD03-245A-4746-A046-C320F000B500}\mpengine.dll

2013-12-14 23:01:58 -------- d-----w- C:\Program Files (x86)\Hearthstone

2013-12-14 23:01:09 -------- d-----w- C:\Users\Chongjin\AppData\Local\Blizzard Entertainment

2013-12-14 23:01:08 -------- d-----w- C:\Users\Chongjin\AppData\Roaming\Battle.net

2013-12-14 23:01:08 -------- d-----w- C:\Users\Chongjin\AppData\Local\Battle.net

2013-12-14 23:01:06 -------- d-----w- C:\ProgramData\Blizzard Entertainment

2013-12-14 23:01:06 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment

2013-12-14 23:01:06 -------- d-----w- C:\Program Files (x86)\Battle.net

2013-12-14 23:00:27 -------- d-----w- C:\ProgramData\Battle.net

2013-12-14 22:58:04 -------- d-----w- C:\Users\Chongjin\AppData\Local\Apple Computer

2013-12-14 22:56:34 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll

2013-12-14 22:56:34 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll

2013-12-14 22:56:34 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll

2013-12-14 22:56:34 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll

2013-12-14 22:56:34 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll

2013-12-14 22:56:29 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin

2013-12-14 22:56:28 -------- d-----w- C:\Riot Games

2013-12-14 22:55:55 -------- d-----w- C:\Program Files (x86)\Pando Networks

2013-12-14 22:55:44 -------- d-----w- C:\Users\Chongjin\AppData\Roaming\Riot Games

2013-12-14 22:53:02 -------- d-----w- C:\Program Files (x86)\Steam

2013-12-14 22:53:02 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2013-12-14 22:52:34 -------- d-----w- C:\Users\Chongjin\AppData\Local\AMD

2013-12-14 22:52:27 -------- d-----w- C:\Users\Chongjin\AppData\Local\ATI

2013-12-14 22:52:21 0 ----a-w- C:\Windows\ativpsrm.bin

2013-12-14 22:51:40 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-12-14 22:51:39 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-12-14 22:51:20 -------- d-----w- C:\ProgramData\AMD

2013-12-14 22:51:14 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-12-14 22:51:05 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2013-12-14 22:50:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-12-14 22:50:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-12-14 22:50:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-12-14 22:50:22 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-12-14 22:50:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-12-14 22:50:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-12-14 22:50:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-12-14 22:50:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-12-14 22:50:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-12-14 22:50:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-12-14 22:49:59 -------- d-sh--w- C:\Windows\Installer

2013-12-14 22:49:59 -------- d-----w- C:\ProgramData\Package Cache

2013-12-14 22:49:47 -------- d-----w- C:\Program Files\ATI Technologies

2013-12-14 22:49:46 -------- d-----w- C:\Program Files\ATI

2013-12-14 22:49:04 -------- d-----w- C:\AMD

2013-12-14 22:46:19 -------- d-----w- C:\Users\Chongjin\AppData\Local\Google

2013-12-14 22:46:15 -------- d-----w- C:\Users\Chongjin\AppData\Local\Deployment

2013-12-14 22:46:15 -------- d-----w- C:\Users\Chongjin\AppData\Local\Apps

2013-12-14 22:44:08 -------- d-----w- C:\Recovery

.

==================== Find3M  ====================

.

2013-10-08 15:50:12 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll

2013-10-08 15:45:08 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\atimpc64.dll

2013-10-08 14:01:14 78432 ----a-w- C:\Windows\System32\amdpcom64.dll

2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2013-10-08 14:01:12 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2013-10-08 14:01:06 142792 ----a-w- C:\Windows\System32\atiuxp64.dll

2013-10-08 14:01:06 125824 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2013-10-08 14:01:04 97984 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2013-10-08 14:01:04 114488 ----a-w- C:\Windows\System32\atiu9p64.dll

2013-10-08 14:01:02 1237200 ----a-w- C:\Windows\System32\aticfx64.dll

2013-10-08 14:01:00 1030128 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2013-10-08 14:00:56 9464840 ----a-w- C:\Windows\System32\atidxx64.dll

2013-10-08 14:00:52 8215992 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2013-10-08 14:00:46 6176008 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2013-10-08 14:00:42 6189416 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2013-10-08 14:00:36 6767240 ----a-w- C:\Windows\System32\atiumd6a.dll

2013-10-08 14:00:32 7256496 ----a-w- C:\Windows\System32\atiumd64.dll

2013-10-08 13:58:42 12534784 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2013-10-08 13:39:22 229376 ----a-w- C:\Windows\System32\clinfo.exe

2013-10-08 13:39:10 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe

2013-10-08 13:39:10 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe

2013-10-08 13:39:08 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe

2013-10-08 13:39:08 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe

2013-10-08 13:39:06 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll

2013-10-08 13:38:58 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2013-10-08 13:38:58 127488 ----a-w- C:\Windows\System32\coinst_13.152.1.8.dll

2013-10-08 13:38:52 86528 ----a-w- C:\Windows\System32\OVDecode64.dll

2013-10-08 13:38:48 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2013-10-08 13:38:30 28192256 ----a-w- C:\Windows\System32\amdocl64.dll

2013-10-08 13:36:22 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll

2013-10-08 13:34:34 63488 ----a-w- C:\Windows\System32\OpenCL.dll

2013-10-08 13:34:28 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2013-10-08 13:17:50 25385984 ----a-w- C:\Windows\System32\atio6axx.dll

2013-10-08 13:13:44 368640 ----a-w- C:\Windows\System32\atiapfxx.exe

2013-10-08 13:13:34 62464 ----a-w- C:\Windows\System32\aticalrt64.dll

2013-10-08 13:13:32 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2013-10-08 13:13:26 55808 ----a-w- C:\Windows\System32\aticalcl64.dll

2013-10-08 13:13:24 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2013-10-08 13:13:08 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll

2013-10-08 13:09:52 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2013-10-08 13:00:30 21400064 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2013-10-08 12:54:10 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2013-10-08 12:53:58 26112 ----a-w- C:\Windows\System32\atimuixx.dll

2013-10-08 12:53:50 576512 ----a-w- C:\Windows\System32\atieclxx.exe

2013-10-08 12:52:58 239616 ----a-w- C:\Windows\System32\atiesrxx.exe

2013-10-08 12:51:30 190976 ----a-w- C:\Windows\System32\atitmm64.dll

2013-10-08 12:28:36 784384 ----a-w- C:\Windows\System32\atiadlxx.dll

2013-10-08 12:28:26 594944 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2013-10-08 12:28:12 75264 ----a-w- C:\Windows\System32\atig6pxx.dll

2013-10-08 12:28:08 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2013-10-08 12:28:08 69632 ----a-w- C:\Windows\System32\atiglpxx.dll

2013-10-08 12:28:04 100352 ----a-w- C:\Windows\System32\atig6txx.dll

2013-10-08 12:27:56 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2013-10-08 12:27:46 619008 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2013-10-08 12:24:54 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

.

============= FINISH: 19:46:29.66 ===============

 

 

--ATTACH--

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 12/14/2013 4:44:28 PM

System Uptime: 1/3/2014 7:43:21 PM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. |  | M4A78LT-M

Processor: AMD Phenom II X6 1090T Processor | AM3 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 112 GiB total, 60.829 GiB free.

E: is CDROM ()

F: is FIXED (NTFS) - 466 GiB total, 434.819 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP17: 1/3/2014 1:20:05 AM - ComboFix created restore point

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD Catalyst Control Center

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Battle.net

Bonjour

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CPUID CPU-Z 1.66.1

Google Chrome

Google Update Helper

Happy Cloud Client

Hearthstone

iTunes

League of Legends

Left 4 Dead 2

LogMeIn Hamachi

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 4.5

Microsoft Silverlight

Microsoft SkyDrive

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727

Microsoft XNA Framework Redistributable 4.0

Platform

Realtek High Definition Audio Driver

Skype™ 6.11

Steam

swMSM

System Requirements Lab Detection

TERA

Terraria

VIA Platform Device Manager

WinRAR 5.01 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

1/3/2014 7:43:30 PM, Error: Service Control Manager [7023]  - The Power service terminated with the following error:  The WMI request could not be completed and should be retried.

1/3/2014 12:55:27 AM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

1/3/2014 12:55:08 AM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Audio service to connect.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HomeGroup Provider service to connect.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7000]  - The Windows Event Log service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7000]  - The Windows Audio service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/3/2014 12:17:55 AM, Error: Service Control Manager [7000]  - The HomeGroup Provider service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The Windows Event Log service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The Windows Audio service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The TCP/IP NetBIOS Helper service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 100 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The Security Center service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The HomeGroup Provider service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7031]  - The DHCP Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.

1/3/2014 12:16:55 AM, Error: Service Control Manager [7000]  - The TCP/IP NetBIOS Helper service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/3/2014 12:16:54 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

1/3/2014 12:16:54 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

1/3/2014 12:10:05 AM, Error: Service Control Manager [7034]  - The VIA Karaoke digital mixer Service service terminated unexpectedly.  It has done this 1 time(s).

1/3/2014 12:01:51 AM, Error: Service Control Manager [7034]  - The LogMeIn Hamachi Tunneling Engine service terminated unexpectedly.  It has done this 1 time(s).

.

==== End Of File ===========================

 

Thank you.

[kevwon]

Sorry, I had also "fixed" my computer after the scan has completed. Hopefully this will not come in the way. Here is my RogueKiller report.

 

RogueKiller V8.8.0 [Dec 27 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Chongjin [Admin rights]

Mode : Scan -- Date : 01/03/2014 20:25:45

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 3 ¤¤¤

[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721050CLA362 ATA Device +++++

--- User ---

[MBR] d7d89d9c59833286ae7a552939b2adc8

[bSP] a39dafa848d25c258a34725bda4a3010 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476837 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) Samsung SSD 840 Series ATA Device +++++

--- User ---

[MBR] 2d473ecb92426986c9f6710c06fd447b

[bSP] 70069ecb14cd3cff5d070ad1e7d7ecd5 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01032014_202545.txt >>

[MrCharlie]

Can you post or attach the log from ComboFix, MrC

[kevwon]

Hello MrC, I've decided to reformat my computer to be on the safe side. Thank you for your efforts and the thousands of other people you have helped. Your time is appreciated.

 

Thanks 

[MrCharlie]

OK..MrC

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.