Jump to content

GPU @ 100%


Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

Link to post
Share on other sites

I can only do the quick scan, the program shuts down before it is finished.

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-07-10 21:14:34
-----------------------------
21:14:34.965    OS Version: Windows x64 6.1.7601 Service Pack 1
21:14:34.965    Number of processors: 4 586 0x1707
21:14:34.965    ComputerName: XX  UserName: X
21:14:35.355    Initialize success
21:14:35.355    VM: initialized successfully
21:14:35.386    VM: Intel CPU supported
21:14:37.352    VM: supported disk I/O ataport.SYS
21:14:59.636    AVAST engine defs: 14071000
21:15:06.578    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:15:06.578    Disk 0 Vendor: OCZ-VERTEX4 1.3 Size: 122104MB BusType: 3
21:15:06.578    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
21:15:06.578    Disk 1 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
21:15:06.594    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T1L0-5
21:15:06.594    Disk 2 Vendor: SAMSUNG_HD103SJ 1AJ10001 Size: 953869MB BusType: 3
21:15:06.687    Disk 0 MBR read successfully
21:15:06.687    Disk 0 MBR scan
21:15:06.750    Disk 0 Windows 7 default MBR code
21:15:06.750    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:15:06.765    Disk 0 default boot code
21:15:06.765    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       122002 MB offset 206848
21:15:06.875    Disk 0 scanning C:\Windows\system32\drivers
21:15:14.831    Service scanning
21:15:19.620    Service BdfNdisf c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys **LOCKED** 5
21:15:19.635    Service bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys **LOCKED** 5
21:15:19.667    Service bdfwfpf_pc C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys **LOCKED** 5
21:15:25.813    Modules scanning
21:15:25.813    Disk 0 trace - called modules:
21:15:25.813    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:15:25.813    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007282060]
21:15:25.829    3 CLASSPNP.SYS[fffff88001a5c43f] -> nt!IofCallDriver -> [0xfffffa800706f520]
21:15:25.829    5 ACPI.sys[fffff88000f677a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007068060]
21:15:26.203    AVAST engine scan C:\Windows
21:15:28.824    AVAST engine scan C:\Windows\system32
21:17:07.244    AVAST engine scan C:\Windows\system32\drivers
21:17:11.160    AVAST engine scan C:\Users\X
21:18:30.923    AVAST engine scan C:\ProgramData
21:18:37.849    Scan finished successfully
21:18:45.805    Disk 0 MBR has been saved successfully to "I:\Ner\MBR.dat"
21:18:45.883    The log file has been saved successfully to "I:\Ner\aswMBR.txt"

 

Link to post
Share on other sites

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-07-2014
Ran by X at 2014-07-12 14:05:43 Run:1
Running from I:\Ner\FRST
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\ProgramData:gs5sys
AlternateDataStreams: C:\Users\All Users:gs5sys
AlternateDataStreams: C:\Users\X:gs5sys
AlternateDataStreams: C:\ProgramData\Application Data:gs5sys
AlternateDataStreams: C:\ProgramData\Mallar:gs5sys
AlternateDataStreams: C:\ProgramData\Programdata:gs5sys
AlternateDataStreams: C:\ProgramData\Templates:gs5sys
AlternateDataStreams: C:\ProgramData\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\Public\Documents\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\X\Cookies:gs5sys
AlternateDataStreams: C:\Users\X\Lokala inställningar:gs5sys
AlternateDataStreams: C:\Users\X\Mallar:gs5sys
AlternateDataStreams: C:\Users\X\Programdata:gs5sys
AlternateDataStreams: C:\Users\X\Desktop\desktop.ini:gs5sys
AlternateDataStreams: C:\Users\X\AppData\Local:gs5sys
AlternateDataStreams: C:\Users\X\AppData\Roaming:gs5sys
AlternateDataStreams: C:\Users\X\AppData\Local\Programdata:gs5sys
AlternateDataStreams: C:\Users\X\AppData\Local\Tidigare:gs5sys
AlternateDataStreams: C:\Users\X\Documents\desktop.ini:gs5sys
FF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\firefox-tillgg.xml
FF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\goodsearch.xml
FF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\imdb.xml
FF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\thepiratebayorg.xml
FF SearchPlugin: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\0g96csdl.default\searchplugins\wikipedia-eng.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\allaannonser-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\prisjakt-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\tyda-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wikipedia-sv-SE.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-sv-SE.xml
*****************

C:\ProgramData => ":gs5sys" ADS removed successfully.
"C:\Users\All Users" => ":gs5sys" ADS not found.
C:\Users\X => ":gs5sys" ADS removed successfully.
"C:\ProgramData\Application Data" => ":gs5sys" ADS not found.
"C:\ProgramData\Mallar" => ":gs5sys" ADS not found.
"C:\ProgramData\Programdata" => ":gs5sys" ADS not found.
"C:\ProgramData\Templates" => ":gs5sys" ADS not found.
C:\ProgramData\Documents\desktop.ini => ":gs5sys" ADS removed successfully.
"C:\Users\Public\Documents\desktop.ini" => ":gs5sys" ADS not found.
"C:\Users\X\Cookies" => ":gs5sys" ADS not found.
"C:\Users\X\Lokala inställningar" => ":gs5sys" ADS not found.
"C:\Users\X\Mallar" => ":gs5sys" ADS not found.
"C:\Users\X\Programdata" => ":gs5sys" ADS not found.
C:\Users\X\Desktop\desktop.ini => ":gs5sys" ADS removed successfully.
C:\Users\X\AppData\Local => ":gs5sys" ADS removed successfully.
C:\Users\X\AppData\Roaming => ":gs5sys" ADS removed successfully.
"C:\Users\X\AppData\Local\Programdata" => ":gs5sys" ADS not found.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2014-07-12
Scan Time: 14:15:22
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.12.03
Rootkit Database: v2014.07.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: X

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 275749
Time Elapsed: 4 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\Documents and Settings\X\AppData\Local\Programdata\Temp\is-3M2LG.tmp\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\X\AppData\Local\Temp\is-3M2LG.tmp\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Documents and Settings\X\Lokala inställningar\Temp\is-3M2LG.tmp\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Users\X\AppData\Local\Temp\is-3M2LG.tmp\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
C:\Users\X\Lokala inställningar\Temp\is-3M2LG.tmp\OCSetupHlp.dll    Win32/OpenCandy potentially unsafe application
I:\Ner\cbsidlm-cbsi188-Sound_Lock-ORG-75761078.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
I:\Ner\DriverSweeper_3.2.0.exe    Win32/OpenCandy potentially unsafe application
I:\Ner\KMPlayer_EN_3.0.0.1441_R2.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.