[boosra123]

Here we go:

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001

www.malwarebytes.org

 

Database version:

  main:    v2016.01.06.05

  rootkit: v2016.01.05.01

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.18124

Aodh :: VANDENNIS [administrator]

 

06/01/2016 22:04:30

mbar-log-2016-01-06 (22-04-30).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled: 

Objects scanned: 435090

Time elapsed: 53 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.09.3.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.18124

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.893000 GHz

Memory total: 8570683392, free: 6018850816

 

Downloaded database version: v2016.01.06.05

Downloaded database version: v2016.01.05.01

Downloaded database version: v2016.01.04.01

=======================================

Initializing...

Driver version: 0.3.0.4

------------ Kernel report ------------

     01/06/2016 22:03:53

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\drivers\blbdrive.sys

\SystemRoot\system32\DRIVERS\avkmgr.sys

\SystemRoot\system32\DRIVERS\avipbb.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\drivers\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\asmtxhci.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\drivers\nvvad64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\asmthub3.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\RTL8192su.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\avgntflt.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\avnetflt.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

----------- End -----------

Done!

 

Scan started

Database versions:

  main:    v2016.01.06.05

  rootkit: v2016.01.05.01

 

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800a09c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800a09cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800a09c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80077b8050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 2BD2C32A

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 204800

    Partition is bootable

    Partition file system is NTFS

 

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848  Numsec = 2844084224

    Partition is not bootable

    Partition file system is NTFS

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2844291072  Numsec = 83886080

    Partition is not bootable

    Partition file system is NTFS

 

    Partition 3 type is Other (0x12)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2928177152  Numsec = 2097968

    Partition is not bootable

    Partition file system is NTFS

 

Disk Size: 1500301910016 bytes

Sector size: 512 bytes

 

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa800df5f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800c39ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800df5f790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800c39fb60, DeviceName: \Device\0000007f\, DriverName: \Driver\USBSTOR\

------------ End ----------

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\01. albinoni - concerto a cinque in d minor op 9 no. 2 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\01. albinoni - concerto a cinque in d minor op 9 no. 2 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\01. albinoni - concerto a cinque in d minor op 9 no. 2 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\02. albinoni - concerto a cinque in d minor op 9 no. 2 - adagio.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\02. albinoni - concerto a cinque in d minor op 9 no. 2 - adagio.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\02. albinoni - concerto a cinque in d minor op 9 no. 2 - adagio.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\02. albinoni - concerto a cinque in d minor op 9 no. 2 - adagio.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\03. albinoni - concerto a cinque in d minor op 9 no. 2 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\04. vivaldi - concerto for 4 violins in bb r.553 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\05. vivaldi - concerto for 4 violins in bb r.553 - largo.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\06. vivaldi - concerto for 4 violins in bb r.553 - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\08. marcello - concerto for oboe #2 in c minor - adagio.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\09. marcello - concerto for oboe #2 in c minor - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\10. geminiani - concerto grosso op 3 no. 2 - largo e staccato.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\10. geminiani - concerto grosso op 3 no. 2 - largo e staccato.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\10. geminiani - concerto grosso op 3 no. 2 - largo e staccato.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\10. geminiani - concerto grosso op 3 no. 2 - largo e staccato.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\11. geminiani - concerto grosso op 3 no. 2 - andante risoluto.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\14. scarlatti - concerto for oboe in a minor - largo - fugae.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\14. scarlatti - concerto for oboe in a minor - largo - fugae.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\15. scarlatti - concerto for oboe in a minor - piano - allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\16. locatelli - concerto for strings in f minor op 4. no. 8 - grave.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\17. locatelli - concerto for strings in f minor op 4. no. 8 - fuga a cappella.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\18. locatelli - concerto for strings in f minor op 4. no. 8  - largo.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\19. locatelli - concerto for strings in f minor op 4. no. 8 - vivace.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\19. locatelli - concerto for strings in f minor op 4. no. 8 - vivace.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\20. vivaldi - concerto for oboe in d minor - r.454 allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\21. vivaldi - concerto for oboe in d minor r.454 - largo.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\22. vivaldi - concerto for oboe in d minor - r.454 allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\22. vivaldi - concerto for oboe in d minor - r.454 allegro.flac" is sparse (flags = 32768)

File "c:\users\aodh\desktop\downloads\baroque in italy - albinoni, marcello, geminiani, scarlatti, locatelli, vivaldi\baroque in italy - claudio scimone, le florilegium musicum de paris & il solisti veneti\07. marcello - concerto for oboe #2 in c minor - allegro moderato.flac" is sparse (flags = 32768)

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-2844291072-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-2928177152-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

 

Cheers!

[Advertisements]

That was clean.

 

Now

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

• Click the blue Run ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
   then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
• Check "Enable detection of potentially unwanted applications"
• Click on Start and say yes to allow the program to proceed.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
• After that click the button "Back"
• Select and check Uninstall application on close and Delete quarantined files.
• Then click on: Finish
• Copy and paste the ESET log back here and tell me how your machine is now.

 

 

[emeraldnzl]

That was clean.

 

Now

 

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Windows 8 & 8.1 users may face another warning from the Windows SmartScreen Protection - please click More information and Run.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you may need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Disable your security programs.

• Click the blue Run ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
   then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow/install to install. If your firewall asks whether you want to allow installation, say yes. If asked, click yes to allow the program to run on your computer.
• Check "Enable detection of potentially unwanted applications"
• Click on Start and say yes to allow the program to proceed.
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed click "List of found threats" and click again on Copy to clipboard. Open notepad and past in the clipboard list. Save it as ESET log somewhere that you can find .
• After that click the button "Back"
• Select and check Uninstall application on close and Delete quarantined files.
• Then click on: Finish
• Copy and paste the ESET log back here and tell me how your machine is now.

 

 

[boosra123]

Progress! 

 

Ok, I will post back tomorrow with that scan, as I have no more time tonight for a potentially long download and scan.

[emeraldnzl]

[boosra123]

Hi!

 

The log:

 

C:\Users\Aodh\Downloads\BitTorrent(1).exe    a variant of Win32/AdkDLLWrapper.A potentially unwanted application    cleaned by deleting
C:\Users\Aodh\Downloads\cbsidlm-cbsi134-XPS_Annotator-ORG-10912169.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    cleaned by deleting
C:\Users\Aodh\Downloads\vppsetup.exe    a variant of Win32/Toolbar.Conduit.H potentially unwanted application    deleted
 

 

As far as my machine goes: It seems snappier, certainly my browser seems to be working better.

 

However, I still see the high RAM usage, in the 30% region when doing nothing ( though my luddism allows the possibility that that is normal, and I simply didn't notice until my machine started misbehaving ). I wonder  if, despite infections, my issues could have been more the result of legit processes? Like, the "windows 10" prompt/harassment thing - my issues have coincided very neatly with its appearance - perhaps I should give in?

Also, the process has shown me just how many near random programs I have apparently installed on a whim, which I suppose could be stressing my ageing, but hitherto entirely unstressed computer. I suppose such things wouldn't be relevant to our malware removal process here.

 

I think I should probably test it with DOTA 2, the program which was causing the most problems. It is concievable my specs struggle with the very recent new client - though all blurb insists that it should in fact be closer to the opposite.

 

Either way, I'll post back after a wander around my system

 

Cheers!

[boosra123]

Hi emeraldnzl,

 

reporting back. Not much changed with Dota, still heating my computer crazily and increasingly eating all my cpu and ram the longer I leave it running, perhaps its just the game has terrible memory leak or whatever.

 

Everything else seems ok, though, 

 

*Question* When I click the windows button top left of my screen, I see 19 seperate chromes to click. I don't know whats up with that. Is my computer simply a mess and using up its memory? That wouldn't explain overnight, finding nearly 40% RAm usage when doing nothing whatsoever though.

Edited by boosra123, 07 January 2016 - 12:08 PM.

[emeraldnzl]

 

*Question* When I click the windows button top left of my screen, I see 19 seperate chromes to click. I don't know whats up with that. Is my computer simply a mess and using up its memory? That wouldn't explain overnight, finding nearly 40% RAm usage when doing nothing whatsoever though.

 

If it were me I would reinstall i.e. completely uninstall including browsing data then reinstall. See if that makes a difference.

 

To do that - firstly

You might like to backup your bookmarks. Go to the link below to learn how to export Chrome's bookmarks. You can save them somewhere you can find them and import them back to Chrome when you reinstall.

https://support.goog...wer/96816?hl=en

Step 2

Go to the link below for instructions to uninstall Google Chrome. Use the Windows instructions for Windows Vista/ Windows 7/ Windows 8

https://support.goog...wer/95319?hl=en

Note: To completely uninstall you must remove your profile information so make sure you tick the "Also delete your browsing data" check box.

Step 3

Download and reinstall Google Chrome.

Next

 

You might like to check for physical causes of overheating too.

 

Go to the link below for some information about symptoms of overheating.

http://www.ehow.com/...g-symptoms.html

Go to the link below for some actions you can take to reduce overheating

http://www.ehow.com/...-computers.html

 

Finally

 

It might be worth running chkdsk

 

To run Chkdsk:
 

• Right click on the Start > Open Windows Explorer.
• Find the hard drive letter (usually local disk C)  for which you want to run the Chkdsk utility.
• Right-click on the driver letter and select Properties > Tools.
• Under the Error-Checking section of the window, click the Check Now button. If you have User Account Controls enabled, a window will pop up asking permission to continue. Click Continue.
• Click to have Chkdsk Automatically fix file system errors and to Scan for and attempt recovery of bad sectors.
• Click Start.
• Chkdsk might take a very long time to run, depending on the number of files and folders, the size of the volume, disk performance, and available system resources (such as processor and memory).

Note: Chkdsk will not run if the drive you wish to check is in use. You will be requested to schedule Chkdsk. Click Schedule Check Disk, it then will run the next time you boot your computer.
 
Shut down your computer and then turn it back on, Chkdsk will run.
 

 

Tell me how it went.

 

When we have completed these actions we will remove the tools we have been using. As you suggest I am not sure that the principle cause of the machines problems is malware related. If we don't have any luck with our solutions then you might try opening a topic in the Windows 7 forum and see if someone there has any suggestions. Let's finish here first though.

[boosra123]

Hi!

 

Another potentially long one, I'll post back tomorrow.

 

I went and uninstalled Chrome, though I think they were all just redundant shortcuts. Reinstalled, but now can't remember why I ever stopped using Firefox in the first place.

[emeraldnzl]

 

Another potentially long one, I'll post back tomorrow.

 

 

 

Reinstalled, but now can't remember why I ever stopped using Firefox in the first place.

 

Yes Firefox is my browser of choice.

[boosra123]

Hi!

 

Ok, I ran the Chkdsk:everything seemed fine. There were no "bad files" or "uncompleted whatever" and generally no low numbers apart from zeros.

 

Apparently all is ship-shape.

[emeraldnzl]

Okay I think this is a technical rather than a malware problem. Seems to be related to Dota.

 

Let's remove the tools we have been using. After that, try opening a topic in the Windows 7 forum and see if someone there can find a solution.

 

To clear away the tools we have been using download Delfix from here. You will be taken to the download page. Just wait and shortly the download will appear.

Put a check (tick) in the following boxes:
 

• Remove disinfection tools
• Purge System Restore
• Reset System Settings
  
  Then click Run

The tool will run for a short time. When completed a notepad window will open with a log. Please copy and paste the log back here.

Any remaining tools may be deleted.
 

 

 

[boosra123]

Hi!

 

Some "unusual" disinfection tools in there apparently, I mean I knew Fargo was good, but I didn't know it disinfected your computer by watching it.

 

# DelFix v1.011 - Logfile created 08/01/2016 at 21:35:14
# Updated 18/08/2015 by Xplode
# Username : Aodh - VANDENNIS
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Aodh\Desktop\FRST-OlderVersion
Deleted : C:\Users\Aodh\Desktop\mbar
Deleted : C:\Users\Aodh\Desktop\AdwCleaner.exe
Deleted : C:\Users\Aodh\Desktop\Fixlog.txt
Deleted : C:\Users\Aodh\Desktop\FRST64.exe
Deleted : C:\Users\Aodh\Desktop\JRT.exe
Deleted : C:\Users\Aodh\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Aodh\Downloads\Extras.Txt
Deleted : C:\Users\Aodh\Downloads\HijackThis.exe
Deleted : C:\Users\Aodh\Downloads\hijackthis.log
Deleted : C:\Users\Aodh\Downloads\[kat.cr]fargo.s02e08.1080p.web.dl.dd5.1.h264.rarbg.torrent
Deleted : C:\Users\Aodh\Downloads\[kat.cr]house.of.cards.s01.complete.season.1.bluray.720p.x265.hevc.nate.666.torrent
Deleted : C:\Users\Aodh\Downloads\mkvtoolnix-unicode-6.4.0-setup.exe
Deleted : C:\Users\Aodh\Downloads\OTL.Txt
Deleted : C:\Users\Aodh\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...


New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

I got rid of any other such things I found lying about, and took the opportunity to ruthlessly cull anything not regularly used from my system. I also disabled some startup programs, cleared files to make more disk space, uninstalled the most recent windows 7 update, disabled unnecessary processes (like geoforce experience, and even my beloved rainmeter skins ), defragged the drive, anything I could think of that was straightforward and could make life easier for the machine.

 

Seems to have reduced my RAM usage somewhat and my computer seems to have a spring in its step once again. So I think yes, a non-malware forum might be the place to sort this out.

 

Cheers:)

[emeraldnzl]

I mean I knew Fargo was good, but I didn't know it disinfected your computer by watching it.

I haven't seen that before. My only thought is that it was a cracked copy (which is against our terms of use) that DelFix removed.

Moving on

Here is a link to the Win 7 forum:

http://www.geekstogo...-and-windows-7/

 

 

Best of luck.

-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

So many of us use Facebook nowadays. Go here for a guide to Facebook security.

-----------------------------------------------------------------------------------------------------------------------

CryptoLocker Warning

There is a particularly nasty infection out there at the moment.

Go here for information about CryptoLocker Ransomeware

Download CryptoPrevent free for home use.

--------------------------------------------------------------------------------------------------------------------

Hola users warning.

If you use the Hola VPN (Virtual Private Network) you should be aware that you might be compromised. See here.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

    * Click Start > Control Panel > System and Security > Windows Update
    * Under Windows Update click on Turn automatic updating on or off
    * Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

For some common sense advice about protecting your computer read How to boost your malware defense and protect your PC

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

[boosra123]

Moving on
 

 

*cough*, yes, quite.

 

Thank you very much for all your help!

[emeraldnzl]

Thank you very much for all your help!

You are very welcome.

I will keep this topic open for a few days in case you need to come back for any reason.