Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some help, onclickads.net outbound


  • This topic is locked This topic is locked
2 replies to this topic

#1 btakasper

btakasper

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 May 2014 - 09:44 AM

Okay, so this is starting to become extremely annoying.  I've usually been able to remove any sort of threat no problem but can't figure out how this one is getting through and nothing seems to block it.  I recently had my SSD drive fail, so i had to format and reinstall windows on my 2 TB drive.  I used my windows 8.1 Pro 64 iso that I downloaded from microsoft itself, created a bootable usb stick, installed fine.  But kept getting these popups and malicious website protection from malwarebytes showing this same IP address over and over again.  So I decided to attempt to install windows off my disc, which has a few scratches so it can be a pain.  ERverything back up and running again and still, same thing.  After installing windows, i did all the updates first, then moved onto malwarebytes, then to my gpu driver from amd.  Not sure how these still pop up.  Now that I have everything installed that I did before, when i run steam (which i believe uses iexplorer) i get pop ups inside steam through the browser telling me to click here to update FLV player and all this junk.  Malwarebytes comes up with 0 infections, defender shows 0 infections, i had BitDefender internet security suite installed which also showed 0 infections (no longer installed).

 

malwarebytes when browsing the web shows this

 

Detection, 5/21/2014 1:12:36 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 49334, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 5/21/2014 1:12:36 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 49334, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 5/21/2014 1:12:36 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 49336, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

*

Detection, 5/21/2014 8:54:01 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 52787, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 5/21/2014 8:54:01 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 52787, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 5/21/2014 8:54:01 AM, SYSTEM, ADMINS, Protection, Malicious Website Protection, IP, 78.140.143.6, onclickads.net, 52790, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,

*

Detection, 5/21/2014 1:13:13 AM, ADMIN, ADMINS, Protection, Malware Protection, File, PUP.Optional.Somoto, C:\Users\ADMIN\AppData\Local\Temp\bitool.dll, Quarantine, [3acd78dce99255e1e7b74ebfaa58837d]

 

Not sure what I should try.  Here is my DDS log,

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17037
Run by ADMIN at 10:35:08 on 2014-05-21
Microsoft Windows 8.1 Pro  6.3.9600.0.1252.1.1033.18.16342.14304 [GMT -4:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\dwm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Windows\System\HsMgr64.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [Corsair M60 Mouse] C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe
TCP: NameServer = 50.30.37.164 69.65.41.30 8.8.8.8
TCP: Interfaces\{06CB7A55-633B-4E04-AFBA-9B189C0AC1A2} : DHCPNameServer = 50.30.37.164 69.65.41.30 8.8.8.8
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\baxnu6vx.default\
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 intelpep;Intel® Power Engine Plug-in Driver;C:\Windows\System32\drivers\intelpep.sys [2014-3-18 39768]
R0 Wof;Windows Overlay File System Filter Driver;C:\Windows\System32\drivers\wof.sys [2014-5-21 157016]
R1 ahcache;Application Compatibility Cache;C:\Windows\System32\drivers\ahcache.sys [2013-8-22 76800]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-5-21 283064]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2014-4-17 239616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-21 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-21 860472]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdWB6.sys [2014-3-11 222720]
R3 cmudaxp;ASUS Xonar DX Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2014-5-21 2735616]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C63x64.sys [2013-8-22 129224]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-21 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-21 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-21 64216]
R3 NcbService;Network Connection Broker;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\Windows\System32\drivers\NdisVirtualBus.sys [2013-8-22 16384]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\Windows\System32\drivers\WdNisDrv.sys [2014-5-21 123224]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2014-5-21 347880]
R3 WIMBLEMS;Corsair M60 Gaming Mouse;C:\Windows\System32\drivers\WIMBLEMS.sys [2014-5-21 25600]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\drivers\WUDFRd.sys [2013-8-22 230912]
S3 ADP80XX;ADP80XX;C:\Windows\System32\drivers\adp80xx.sys [2013-8-22 782176]
S3 amdkmafd;AMD Audio Bus Lower Filter;C:\Windows\System32\drivers\amdkmafd.sys [2012-9-22 21160]
S3 AppReadiness;App Readiness;C:\Windows\System32\svchost.exe -k AppReadiness [2013-8-22 37768]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\Windows\System32\svchost.exe -k wsappx [2013-8-22 37768]
S3 bcmfn2;bcmfn2 Service;C:\Windows\System32\drivers\bcmfn2.sys [2013-8-22 17624]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [2013-8-22 24568]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\Windows\System32\drivers\iaLPSSi_I2C.sys [2013-8-22 99320]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\Windows\System32\drivers\iaStorAV.sys [2013-8-22 651248]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-18 111616]
S3 kbldfltr;kbldfltr;C:\Windows\System32\drivers\kbldfltr.sys [2014-3-18 22272]
S3 lfsvc;Windows Location Framework Service;C:\Windows\System32\svchost.exe -k netsvcs [2013-8-22 37768]
S3 LSI_SAS3;LSI_SAS3;C:\Windows\System32\drivers\lsi_sas3.sys [2013-8-22 81760]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc63.sys [2013-8-22 87040]
S3 ReFS;ReFS;C:\Windows\System32\drivers\refs.sys [2014-3-18 924504]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 SerCx2;Serial UART Support Library;C:\Windows\System32\drivers\SerCx2.sys [2014-3-18 146776]
S3 smphost;Microsoft Storage Spaces SMP;C:\Windows\System32\svchost.exe -k smphost [2013-8-22 37768]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\Windows\System32\drivers\stornvme.sys [2014-3-18 57176]
S3 UEFI;Microsoft UEFI Driver;C:\Windows\System32\drivers\uefi.sys [2013-8-22 26976]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\drivers\vmbusr.sys [2014-3-18 129536]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-8-22 37768]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\Windows\System32\svchost.exe -k WepHostSvcGroup [2013-8-22 37768]
S3 workfolderssvc;Work Folders;C:\Windows\System32\svchost.exe -k LocalService [2013-8-22 37768]
S4 MsKeyboardFilter;Microsoft Keyboard Filter;C:\Windows\System32\svchost.exe -k netsvcs [2013-8-22 37768]
.
=============== Created Last 30 ================
.
2014-05-21 14:03:18    --------    d-----w-    C:\FRST
2014-05-21 13:43:53    --------    d-----w-    C:\Users\ADMIN\AppData\Local\Macromedia
2014-05-21 13:00:40    25600    ----a-w-    C:\Windows\System32\drivers\WIMBLEMS.sys
2014-05-21 13:00:39    1193175    ----a-w-    C:\Windows\unins000.exe
2014-05-21 13:00:39    --------    d-----w-    C:\Program Files (x86)\Corsair
2014-05-21 12:21:18    --------    d-----w-    C:\Fraps
2014-05-21 11:39:13    --------    d-----w-    C:\ProgramData\Steam
2014-05-21 11:28:59    72200    ----a-w-    C:\Windows\System32\XAPOFX1_1.dll
2014-05-21 08:11:54    --------    d-----w-    C:\Windows\Panther
2014-05-21 05:39:28    --------    d-----w-    C:\Windows\ERUNT
2014-05-21 05:38:39    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-21 05:38:28    --------    d-----w-    C:\AdwCleaner
2014-05-21 05:25:47    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2014-05-21 05:25:45    --------    d-----w-    C:\Program Files (x86)\Steam
2014-05-21 05:14:58    --------    d-----w-    C:\Program Files (x86)\Wolfenstein The New Order
2014-05-21 05:13:36    283064    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2014-05-21 05:13:35    --------    d-----w-    C:\Users\ADMIN\AppData\Roaming\DAEMON Tools Lite
2014-05-21 05:13:33    --------    d-----w-    C:\Program Files (x86)\DAEMON Tools Lite
2014-05-21 05:13:09    --------    d-----w-    C:\ProgramData\DAEMON Tools Lite
2014-05-21 05:11:23    --------    d-----w-    C:\Users\ADMIN\AppData\Local\Google
2014-05-21 05:02:27    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-21 05:01:18    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-21 05:01:18    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-05-21 05:01:18    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-21 05:01:18    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-21 05:01:18    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-21 04:38:15    --------    d-----w-    C:\Windows\System32\MRT
2014-05-21 04:36:23    --------    d-----w-    C:\Users\ADMIN\AppData\Local\ATI
2014-05-21 04:35:25    --------    d-----w-    C:\ProgramData\AMD
2014-05-21 04:35:25    --------    d-----w-    C:\Program Files (x86)\Common Files\ATI Technologies
2014-05-21 04:35:25    --------    d-----w-    C:\Program Files (x86)\AMD AVT
2014-05-21 04:35:10    0    ----a-w-    C:\Windows\ativpsrm.bin
2014-05-21 04:35:08    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2014-05-21 04:35:08    --------    d-----w-    C:\Program Files\AMD
2014-05-21 04:34:57    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2014-05-21 04:34:56    --------    d-----w-    C:\ProgramData\Package Cache
2014-05-21 04:34:54    --------    d-----w-    C:\Program Files\ATI
2014-05-21 04:34:27    --------    d-----w-    C:\Program Files\ATI Technologies
2014-05-21 04:33:50    --------    d-----w-    C:\AMD
2014-05-21 04:28:39    512000    ----a-w-    C:\Windows\System32\wlidprov.dll
2014-05-21 04:19:32    17536    ----a-w-    C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
.
==================== Find3M  ====================
.
2014-05-21 04:27:45    419840    ----a-w-    C:\Windows\System32\wrap_oal.dll
2014-05-21 04:27:45    413696    ----a-w-    C:\Windows\SysWow64\wrap_oal.dll
2014-05-21 04:27:45    111616    ----a-w-    C:\Windows\System32\OpenAL32.dll
2014-05-21 04:27:45    102400    ----a-w-    C:\Windows\SysWow64\OpenAL32.dll
2014-05-16 18:00:00    112640    ----a-w-    C:\Windows\SysWow64\ff_vfw.dll
2014-05-01 20:30:26    693240    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-01 20:30:26    105464    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-18 14:57:16    32600    ----a-w-    C:\Windows\System32\ploptin.dll
2014-04-18 14:44:33    1466856    ----a-w-    C:\Windows\System32\propsys.dll
2014-04-18 13:29:08    1200288    ----a-w-    C:\Windows\SysWow64\propsys.dll
2014-04-18 09:44:23    55296    ----a-w-    C:\Windows\System32\energyprov.dll
2014-04-18 09:32:25    13287936    ----a-w-    C:\Windows\System32\twinui.dll
2014-04-18 09:14:19    2441216    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2014-04-18 08:58:40    11792384    ----a-w-    C:\Windows\SysWow64\twinui.dll
2014-04-18 08:32:53    805376    ----a-w-    C:\Windows\System32\win32spl.dll
2014-04-18 08:21:09    1126912    ----a-w-    C:\Windows\System32\SearchFolder.dll
2014-04-18 08:09:30    8652800    ----a-w-    C:\Windows\System32\Windows.UI.Search.dll
2014-04-18 07:51:14    836608    ----a-w-    C:\Windows\SysWow64\SearchFolder.dll
2014-04-18 07:49:01    5833216    ----a-w-    C:\Windows\SysWow64\Windows.UI.Search.dll
2014-04-18 02:43:08    127872    ----a-w-    C:\Windows\System32\amdhcp64.dll
2014-04-18 02:43:06    78432    ----a-w-    C:\Windows\System32\atimpc64.dll
2014-04-18 02:43:06    117560    ----a-w-    C:\Windows\SysWow64\amdhcp32.dll
2014-04-18 02:43:04    71704    ----a-w-    C:\Windows\SysWow64\atimpc32.dll
2014-04-18 02:43:02    78432    ----a-w-    C:\Windows\System32\amdpcom64.dll
2014-04-18 02:43:00    71704    ----a-w-    C:\Windows\SysWow64\amdpcom32.dll
2014-04-18 02:43:00    143304    ----a-w-    C:\Windows\System32\atiuxp64.dll
2014-04-18 02:42:58    126336    ----a-w-    C:\Windows\SysWow64\atiuxpag.dll
2014-04-18 02:42:58    117584    ----a-w-    C:\Windows\System32\atiu9p64.dll
2014-04-18 02:42:56    99520    ----a-w-    C:\Windows\SysWow64\atiu9pag.dll
2014-04-18 02:42:54    1343272    ----a-w-    C:\Windows\System32\aticfx64.dll
2014-04-18 02:42:52    1117184    ----a-w-    C:\Windows\SysWow64\aticfx32.dll
2014-04-18 02:42:48    10335208    ----a-w-    C:\Windows\System32\atidxx64.dll
2014-04-18 02:42:46    8866928    ----a-w-    C:\Windows\SysWow64\atidxx32.dll
2014-04-18 02:42:40    6796592    ----a-w-    C:\Windows\SysWow64\atiumdva.dll
2014-04-18 02:42:36    6799688    ----a-w-    C:\Windows\SysWow64\atiumdag.dll
2014-04-18 02:42:30    7520200    ----a-w-    C:\Windows\System32\atiumd6a.dll
2014-04-18 02:42:28    8010968    ----a-w-    C:\Windows\System32\atiumd64.dll
2014-04-18 02:39:06    274656    ----a-w-    C:\Windows\System32\drivers\amdacpksd.sys
2014-04-18 02:36:46    15376384    ----a-w-    C:\Windows\System32\drivers\atikmdag.sys
2014-04-18 02:33:02    51200    ----a-w-    C:\Windows\System32\kdbsdk64.dll
2014-04-18 02:28:30    38912    ----a-w-    C:\Windows\SysWow64\kdbsdk32.dll
2014-04-18 02:23:08    231424    ----a-w-    C:\Windows\System32\clinfo.exe
2014-04-18 02:22:58    1187342    ----a-w-    C:\Windows\System32\amdocl_as64.exe
2014-04-18 02:22:58    1061902    ----a-w-    C:\Windows\System32\amdocl_ld64.exe
2014-04-18 02:22:56    995342    ----a-w-    C:\Windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22:56    798734    ----a-w-    C:\Windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22:54    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-04-18 02:22:48    83456    ----a-w-    C:\Windows\SysWow64\OpenVideo.dll
2014-04-18 02:22:42    86528    ----a-w-    C:\Windows\System32\OVDecode64.dll
2014-04-18 02:22:38    73216    ----a-w-    C:\Windows\SysWow64\OVDecode.dll
2014-04-18 02:22:32    28685824    ----a-w-    C:\Windows\System32\amdocl64.dll
2014-04-18 02:19:54    24107520    ----a-w-    C:\Windows\SysWow64\amdocl.dll
2014-04-18 02:17:28    65024    ----a-w-    C:\Windows\System32\OpenCL.dll
2014-04-18 02:17:24    58880    ----a-w-    C:\Windows\SysWow64\OpenCL.dll
2014-04-18 02:15:16    420864    ----a-w-    C:\Windows\System32\amdmiracast.dll
2014-04-18 02:14:30    134144    ----a-w-    C:\Windows\System32\amdhdl64.dll
2014-04-18 02:14:26    123392    ----a-w-    C:\Windows\SysWow64\amdhdl32.dll
2014-04-18 02:13:30    127488    ----a-w-    C:\Windows\System32\mantle64.dll
2014-04-18 02:13:10    113664    ----a-w-    C:\Windows\SysWow64\mantle32.dll
2014-04-18 02:12:54    27907584    ----a-w-    C:\Windows\System32\atio6axx.dll
2014-04-18 02:12:48    5442048    ----a-w-    C:\Windows\System32\amdmantle64.dll
2014-04-18 01:58:32    4358656    ----a-w-    C:\Windows\SysWow64\amdmantle32.dll
2014-04-18 01:51:44    23409152    ----a-w-    C:\Windows\SysWow64\atioglxx.dll
2014-04-18 01:46:34    368128    ----a-w-    C:\Windows\System32\atiapfxx.exe
2014-04-18 01:46:26    62464    ----a-w-    C:\Windows\System32\aticalrt64.dll
2014-04-18 01:46:24    52224    ----a-w-    C:\Windows\SysWow64\aticalrt.dll
2014-04-18 01:46:18    55808    ----a-w-    C:\Windows\System32\aticalcl64.dll
2014-04-18 01:46:18    49152    ----a-w-    C:\Windows\SysWow64\aticalcl.dll
2014-04-18 01:46:04    15716352    ----a-w-    C:\Windows\System32\aticaldd64.dll
2014-04-18 01:45:56    91136    ----a-w-    C:\Windows\System32\mantleaxl64.dll
2014-04-18 01:45:46    85504    ----a-w-    C:\Windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42:52    14302208    ----a-w-    C:\Windows\SysWow64\aticaldd.dll
2014-04-18 01:33:06    48128    ----a-w-    C:\Windows\System32\amdmmcl6.dll
2014-04-18 01:33:02    37888    ----a-w-    C:\Windows\SysWow64\amdmmcl.dll
2014-04-18 01:30:14    442368    ----a-w-    C:\Windows\System32\atidemgy.dll
2014-04-18 01:30:02    31232    ----a-w-    C:\Windows\System32\atimuixx.dll
2014-04-18 01:29:54    586240    ----a-w-    C:\Windows\System32\atieclxx.exe
2014-04-18 01:29:24    239616    ----a-w-    C:\Windows\System32\atiesrxx.exe
2014-04-18 01:28:30    190976    ----a-w-    C:\Windows\System32\atitmm64.dll
2014-04-18 01:21:30    806912    ----a-w-    C:\Windows\System32\coinst_14.100.dll
2014-04-18 01:09:20    1177600    ----a-w-    C:\Windows\System32\atiadlxx.dll
2014-04-18 01:09:00    848896    ----a-w-    C:\Windows\SysWow64\atiadlxy.dll
2014-04-18 01:08:50    95744    ----a-w-    C:\Windows\System32\amdave64.dll
2014-04-18 01:08:44    90112    ----a-w-    C:\Windows\SysWow64\amdave32.dll
2014-04-18 01:08:34    89088    ----a-w-    C:\Windows\System32\atisamu64.dll
2014-04-18 01:08:28    80896    ----a-w-    C:\Windows\SysWow64\atisamu32.dll
2014-04-18 01:07:54    75264    ----a-w-    C:\Windows\System32\atig6pxx.dll
2014-04-18 01:07:46    69632    ----a-w-    C:\Windows\SysWow64\atiglpxx.dll
2014-04-18 01:07:46    69632    ----a-w-    C:\Windows\System32\atiglpxx.dll
2014-04-18 01:07:36    146944    ----a-w-    C:\Windows\System32\atig6txx.dll
2014-04-18 01:07:20    133632    ----a-w-    C:\Windows\SysWow64\atigktxx.dll
2014-04-18 01:07:06    638976    ----a-w-    C:\Windows\System32\drivers\atikmpag.sys
2014-04-18 01:04:24    43520    ----a-w-    C:\Windows\System32\drivers\ati2erec.dll
2014-04-14 09:20:34    324888    ----a-w-    C:\Windows\System32\MFCaptureEngine.dll
2014-04-14 08:01:02    285144    ----a-w-    C:\Windows\SysWow64\MFCaptureEngine.dll
2014-04-11 10:03:36    555736    ----a-w-    C:\Windows\System32\twinapi.appcore.dll
2014-04-11 08:25:54    419928    ----a-w-    C:\Windows\SysWow64\twinapi.appcore.dll
2014-04-11 05:53:36    79872    ----a-w-    C:\Windows\System32\WSReset.exe
2014-04-11 04:51:25    250368    ----a-w-    C:\Windows\System32\rdpencom.dll
2014-04-11 04:23:52    209920    ----a-w-    C:\Windows\SysWow64\rdpencom.dll
.
============= FINISH: 10:35:21.74 ===============

 

Any help would be much appreciated.  Thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 btakasper

btakasper
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 21 May 2014 - 10:23 AM

Disregard needing help.  I seemed to have fixed it by resetting my router settings.  I suppose it's possible my router was comprimised.   I changed my password, which was different than the default, changed my static dns servers to opendns, and turned off web access for the router.   I also updated my network adapter dns to the same as well.  No more popups or outbound/incoming connection warnings from malwarebytes.

 

Sorry for the post, but i think its safe enough for me to assume this issue has been fixed.



#3 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:07:37 AM

Posted 24 May 2014 - 09:59 PM

Thanks for letting us know! :)

 

Since this issue appears to be resolved, I am closing this topic. If this is not the case, and you would still like assistance with this issue, please PM me to have this topic re-opened. If you have another issue that you would like help with, please begin a new topic.

 

Everyone else, please begin a new topic.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users