Please register at one of the forums (posted on the right) to start a thread with your problem. Then me or someone else will give you step-by-step instructions and review logs from your computer. Don't contact me via mail, because I do not give support via mail. I only give personal support via the forums.

• 2 days ago

Not sure if you have read my blogpost. The sysaudio.sys file present in the system32 folder isn't the legitimate one. The legitimate one is present in the drivers folder (a subfolder of the system32 folder). In case you have deleted the legitmate one, then it should replace itself again from the dllcache folder (since there's a copy of the legitimate sysaudio.sys present there as well).

• 3 days ago

You'll have to delete the Windowssystem32wdmaud.sys file.
Do NOT delete the wdmaud.drv file in there, or the Windowssystem32driverswdmaud.sys file, because both are legitimate.

• 1 week ago

If it comes back everytime, then it's because you're visiting the same infected site/page again. So it will be a matter of figuring out what site/page is infecting you. If you figured it out, then contact the owner to make him/her aware of this. As I said previously.. This one is getting installed via a malicious javascript injected on many forums/sites/blogs.

• 3 weeks ago

Malware can be present anywhere, in every folder. They can indeed fake date on files and may also have the MS sig (this for example when a legitimate file was infected/patched). If all these Antivirus/Antispyware programs and other tools that create logfiles are useless, so how comes that we can still find and solve the problems? ;-) But then again, it needs a trained eye and good knowledge about malware and Windows in general. That's why there are so many forums where you can get help with your malware related issues. These helpers are trained helpers.

• 6 weeks ago