pal Posted July 8, 2014 ID:850469 Share Posted July 8, 2014 Catalyst sometimes shows my HD7770 @ 100% workload and 90C. People suggests bitcoin mining virus. Bitdefender Total Security does not find anything, neither does Malwarebytes Anti-Malware. Addition.txtFRST.txt Link to post Share on other sites More sharing options...
Psychotic Posted July 9, 2014 ID:850868 Share Posted July 9, 2014 Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding. Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run. There will be a short delay before the next dialog box comes up. Please just wait a minute or two. When asked if you'd like to "download the latest Avast! virus definitions", click Yes. Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready. Click the Scan button to start the scan once the update has finished downloading On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Link to post Share on other sites More sharing options...
pal Posted July 10, 2014 Author ID:851215 Share Posted July 10, 2014 I can only do the quick scan, the program shuts down before it is finished. aswMBR version 1.0.1.2041 Copyright© 2014 AVAST SoftwareRun date: 2014-07-10 21:14:34-----------------------------21:14:34.965 OS Version: Windows x64 6.1.7601 Service Pack 121:14:34.965 Number of processors: 4 586 0x170721:14:34.965 ComputerName: XX UserName: X21:14:35.355 Initialize success21:14:35.355 VM: initialized successfully21:14:35.386 VM: Intel CPU supported21:14:37.352 VM: supported disk I/O ataport.SYS21:14:59.636 AVAST engine defs: 1407100021:15:06.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-021:15:06.578 Disk 0 Vendor: OCZ-VERTEX4 1.3 Size: 122104MB BusType: 321:15:06.578 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-121:15:06.578 Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 321:15:06.594 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-521:15:06.594 Disk 2 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 321:15:06.687 Disk 0 MBR read successfully21:15:06.687 Disk 0 MBR scan21:15:06.750 Disk 0 Windows 7 default MBR code21:15:06.750 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204821:15:06.765 Disk 0 default boot code21:15:06.765 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 20684821:15:06.875 Disk 0 scanning C:\Windows\system32\drivers21:15:14.831 Service scanning21:15:19.620 Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 521:15:19.635 Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 521:15:19.667 Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 521:15:25.813 Modules scanning21:15:25.813 Disk 0 trace - called modules:21:15:25.813 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys21:15:25.813 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007282060]21:15:25.829 3 CLASSPNP.SYS[fffff88001a5c43f] -> nt!IofCallDriver -> [0xfffffa800706f520]21:15:25.829 5 ACPI.sys[fffff88000f677a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007068060]21:15:26.203 AVAST engine scan C:\Windows21:15:28.824 AVAST engine scan C:\Windows\system3221:17:07.244 AVAST engine scan C:\Windows\system32\drivers21:17:11.160 AVAST engine scan C:\Users\X21:18:30.923 AVAST engine scan C:\ProgramData21:18:37.849 Scan finished successfully21:18:45.805 Disk 0 MBR has been saved successfully to "I:\Ner\MBR.dat"21:18:45.883 The log file has been saved successfully to "I:\Ner\aswMBR.txt" Link to post Share on other sites More sharing options...
Psychotic Posted July 11, 2014 ID:851489 Share Posted July 11, 2014 Fix with FRST (normal mode)WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Download the attached fixlist.txt and save it to the location where FRST is saved to.Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply. Full System Scan with Malwarebytes Antimalware If not existing, please download Malwarebytes Anti-Malware to your desktop.Double-click the downloaded setup file and follow the prompts to install the program.At the end, be sure a checkmark is placed next to the following:Launch Malwarebytes Anti-MalwareA 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.Click Finish.If the program is already installed:Run Malwarebytes AntimalwareOn the Dashboard, click the 'Update Now >>' linkAfter the update completes, click the 'Scan Now >>' button.Or, on the Dashboard, click the Scan Now >> button.If an update is available, click the Update Now button.A Threat Scan will begin.When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.In most cases, a restart will be required.Wait for the prompt to restart the computer to appear, then click on Yes.After the restart once you are back at your desktop, open MBAM once more.Click on the History tab > Application Logs.Double click on the scan log which shows the Date and time of the scan just performed.Click 'Copy to Clipboard'Paste the contents of the clipboard into your reply. fixlist.txt Link to post Share on other sites More sharing options...
pal Posted July 12, 2014 Author ID:851846 Share Posted July 12, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014Ran by X at 2014-07-12 14:05:43 Run:1Running from I:\Ner\FRSTBoot Mode: Normal==============================================Content of fixlist:*****************AlternateDataStreams: C:\ProgramData:gs5sysAlternateDataStreams: C:\Users\All Users:gs5sysAlternateDataStreams: C:\Users\X:gs5sysAlternateDataStreams: C:\ProgramData\Application Data:gs5sysAlternateDataStreams: C:\ProgramData\Mallar:gs5sysAlternateDataStreams: C:\ProgramData\Programdata:gs5sysAlternateDataStreams: C:\ProgramData\Templates:gs5sysAlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sysAlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sysAlternateDataStreams: C:\Users\X\Cookies:gs5sysAlternateDataStreams: C:\Users\X\Lokala inställningar:gs5sysAlternateDataStreams: C:\Users\X\Mallar:gs5sysAlternateDataStreams: C:\Users\X\Programdata:gs5sysAlternateDataStreams: C:\Users\X\Desktop\desktop.ini:gs5sysAlternateDataStreams: C:\Users\X\AppData\Local:gs5sysAlternateDataStreams: C:\Users\X\AppData\Roaming:gs5sysAlternateDataStreams: C:\Users\X\AppData\Local\Programdata:gs5sysAlternateDataStreams: C:\Users\X\AppData\Local\Tidigare:gs5sysAlternateDataStreams: C:\Users\X\Documents\desktop.ini:gs5sysFF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\firefox-tillgg.xmlFF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\goodsearch.xmlFF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\imdb.xmlFF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\thepiratebayorg.xmlFF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\wikipedia-eng.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml*****************C:\ProgramData => ":gs5sys" ADS removed successfully."C:\Users\All Users" => ":gs5sys" ADS not found.C:\Users\X => ":gs5sys" ADS removed successfully."C:\ProgramData\Application Data" => ":gs5sys" ADS not found."C:\ProgramData\Mallar" => ":gs5sys" ADS not found."C:\ProgramData\Programdata" => ":gs5sys" ADS not found."C:\ProgramData\Templates" => ":gs5sys" ADS not found.C:\ProgramData\Documents\desktop.ini => ":gs5sys" ADS removed successfully."C:\Users\Public\Documents\desktop.ini" => ":gs5sys" ADS not found."C:\Users\X\Cookies" => ":gs5sys" ADS not found."C:\Users\X\Lokala inställningar" => ":gs5sys" ADS not found."C:\Users\X\Mallar" => ":gs5sys" ADS not found."C:\Users\X\Programdata" => ":gs5sys" ADS not found.C:\Users\X\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.C:\Users\X\AppData\Local => ":gs5sys" ADS removed successfully.C:\Users\X\AppData\Roaming => ":gs5sys" ADS removed successfully."C:\Users\X\AppData\Local\Programdata" => ":gs5sys" ADS not found. Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 2014-07-12Scan Time: 14:15:22Logfile:Administrator: YesVersion: 2.00.2.1012Malware Database: v2014.07.12.03Rootkit Database: v2014.07.09.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: XScan Type: Threat ScanResult: CompletedObjects Scanned: 275749Time Elapsed: 4 min, 40 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: WarnPUM: WarnProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Psychotic Posted July 13, 2014 ID:852303 Share Posted July 13, 2014 Scan with ESET Online ScanPlease go to here to run the online scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applicationsScan for potentially unsafe applicationsEnable Anti-Stealth Technology[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic. Link to post Share on other sites More sharing options...
pal Posted July 15, 2014 Author ID:853092 Share Posted July 15, 2014 C:\Documents and Settings\X\AppData\Local\Programdata\Temp\is-3M2LG.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\X\AppData\Local\Temp\is-3M2LG.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationC:\Documents and Settings\X\Lokala inställningar\Temp\is-3M2LG.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationC:\Users\X\AppData\Local\Temp\is-3M2LG.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationC:\Users\X\Lokala inställningar\Temp\is-3M2LG.tmp\OCSetupHlp.dll Win32/OpenCandy potentially unsafe applicationI:\Ner\cbsidlm-cbsi188-Sound_Lock-ORG-75761078.exe a variant of Win32/CNETInstaller.B potentially unwanted applicationI:\Ner\DriverSweeper_3.2.0.exe Win32/OpenCandy potentially unsafe applicationI:\Ner\KMPlayer_EN_3.0.0.1441_R2.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application Link to post Share on other sites More sharing options...
Psychotic Posted July 15, 2014 ID:853095 Share Posted July 15, 2014 I cannot see anything suspcious - how about your GPU load? Link to post Share on other sites More sharing options...
pal Posted July 20, 2014 Author ID:855278 Share Posted July 20, 2014 I am now quite sertain its the amd gpu drivers causing the problem, or that the gpu is broken. Thanks for your help! And i apologise for taking your time! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted August 6, 2014 Root Admin ID:863006 Share Posted August 6, 2014 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts