Just 3 questions for now please

[TIA]

I have a couple of question please?

Firstly, when a report log says 'Invisible on the disk' what does that mean ? As I have 'view all folders' option activated at the moment?

Anyway,

I don't want to C&P the whole log unless I'm allowed but I'm also curious as to why all system drivers were Invisible on the disk plus these:

C:\WINDOWS\System32\drivers\CLFS.SYS => Invisible on the disk

C:\Users\RUBBI_~1\AppData\Local\Temp\kgldypog.sys => Invisible on the disk

And lastly ....................it mentioned 7 MBR Code and unknown MBR code, so should that mean anything to me and should I be worried? .. lol

And this lot of unreadable code at the end of the log .. what does it all mean?

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions : NOEXECUTE=OPTIN SAFEBOOT:MINIMAL BOOTLOG NOVGA

______________________________________________________________________________



_______MBR \Device\Harddisk0\DR0 (then a load of letters and numbers ... like this:



0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿.

0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹..



AND THEN THIS: BUT LOADS OF THE SAME

_______MBR \Device\Harddisk1\DR1



0x00000000 FA B8 00 00 8E D0 BC 00 7C 8B F4 50 07 50 1F FB ú¸...м.|.ôP.P.û

0x00000010 FC BF 00 06 B9 00 01 F3 A5 EA 1E 06 00 00 BE BE ü¿..¹..ó¥ê....¾¾

Sorry for such a long post , but 'IM REALLY TRYING TO UNDERSTAND ALL THESE REPORT LOGS FOR FUTURE INFECTIONS.

And very quickly, just to update my predicament:

THE LAPTOP IS RESPONDING A LOT BETTER now BUT, I KNOW ITS STILL THERE AS MY ANTIVIRUS, FIRE WALL, WINDOWS DEFENDER ARE ALL TURNED OFF AFTER A FRESH BOOT, SO I PUT THEM BACK ON EXCEPT ANTVIUS ... NO WAY CAN I GET THAT to run.

I HAVE STARTED SCANNING THE OTHER TWO LAPTOPS, SINCE I realised THEY ARE BOTH INFECTED TOo AND ACTING THE SAME AS THIS LAPTOP.

SO FAR, ON JUST THE HP .... MY SCAN WITH SPYBOT, GMER + MORE HAVE REVEALED (AND QUARANTINED): 560 TROJANS, MASSES OF ADWARE VIRUS NAMES I RECOGNISE AND QUITE FRANKLY THE HP IS A MESS.

THE OTHER VERY OLD VAIO THAT I USE Sporadically , IS DEAD!

IT DIED A LONG AND SUFFERING DEATH YESTERDAY MORNING. .I LOVED THAT OLD GEEZER.. :-(

I'm still waiting for my spare storage to arrive before I can finally get rid with your help.

If that's still okay?
But just for now, what does it all mean?



Tia
(sorry about upper case, my computer seems to do it now and then)

 

[Prorootect]

I think: remove completely your antivirus (in Add/Remove programs), which may be corrupted by malwares.

Then scan your computer with MBAM, AdwCleaner, and RogueKiller - and what says MBRScan.exe - you have here on MT the topics about these software ..

But I'm not expert, I think only about your problems ..

 

[TIA]

Thank you Proroorect!
I have already scanned with AdwCleaner and Roguekiller but that was prior to finding this place and quite frankly the 'reason' I did find you.
But I was getting desperate at that time and didn't understand the reports at all.
But I do have reports from GMR, spybot, ClearVirus, ASWMBR, TDSKILLER AND FRST AMONG OTHERS.

I need to get my act into gear and do this properly, but I have to admit: I have quite enjoyed my private war these last few days.
But its time i stopped playing around I think.

 

[Prorootect]

Stop playing please - it's not play, with viruses. If you like well your machines.

So what says MBAM, AdwCleaner, and RogueKiller now?

.. and what says MBRScan.exe, please .. report from it is clear, understandable - and final solution for your MBR.

Thank you TIA, sorry Jack!

 

[Cowpipe]

Ok so firstly I'll answer your question about what all those alien codes mean

This code here is divided into three parts.

0x00000000 FA B8 00 00 8E D0 BC 00 7C 8B F4 50 07 50 1F FB ú¸...м.|.ôP.P.û

The bold part at the beginning is known as an offset, that means it's a hexadecimal representation of a location within a file or partition or 'section of data'. 0x00000000 means that this begins at the very first byte. So FA is the first piece of data that appears in this data block

0x00000000 FA B8 00 00 8E D0 BC 00 7C 8B F4 50 07 50 1F FB ú¸...м.|.ôP.P.û

This next section is the actual hexadecimal representation of each byte. So for example "A" is represented by 41. Whereas "ú" is represented by FA. And so you can see, the third part on the right is basically just translating the hexadecimal representations to their symbol equivalents.

It's actually pretty meaningless per-se (eg: it has no logical meaning in English) but "FA B8 00 00 8E D0 BC 00" is actually an identifier code, known as a "header" which tells the computer that this is a partition. It's like writing "Dear Mr Blah," on a letter, you see that unique text and you know it's a letter, the computer sees the code above and knows it's a partition. And further along, more unique identifiers like this one, help the computer to make sense of stuff like, where abouts does the actual partition data begin and end.

Like how you would use chapter titles in a book and a contents page to link a chapter title to the page. The page number is the offset, the chapter title is the header (sometimes called section headers) etc.

Now onto your computer. I'd like you to run a scan with FRST if you don't mind so I can see what's going on with your computer and help you to make sure it's virus free and that there are no malware or corrupted settings etc.

So first step is to download FRST to your desktop from here, you'll see two versions 32 Bit and 64 bit. If you're not sure which one is right to use, download both of them. Only one will open without an error and that shall be the one we shall use

You'll notice a disclaimer pop up, click YES to that and then click the Scan button. Two log files (open in Notepad.exe windows) will open.

You'll find these files titled FRST.txt and Addition.txt on your Desktop and I'd like you to attach both of them to your post here (when posting click "Upload a File" next to the "Post Reply" button).

Hope that helps and any further questions, fire away, I love answering them

Note: I know you've run scans with lots of other tools, maybe even this one, but I'll need a fresh scan to be able to determine that your computer is safe