Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 Black Screen with Mouse Virus


  • This topic is locked This topic is locked
59 replies to this topic

#1 SShaffner33

SShaffner33

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 02 February 2014 - 07:38 PM

My Lenovo 64bit Laptop has suddenly decided to give me the deathly black screen after I log in and deny me access to my homepage. All I can see is my white mouse. I normally run thru Explorer.

 

I can access Safe Mode and System Recovery Options, I have tried all those selections including Last Known Good Configuration, System Restore, StartUp Repair, nothing is working...

 

I am not computer savvy so I would appreciate your help! :)



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:23 AM

Posted 10 February 2014 - 09:27 PM

Sorry you were lost, I have asked another to look here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 10 February 2014 - 09:52 PM

Hi and :welcome:

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.
  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html



    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt

    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,026 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:23 AM

Posted 10 February 2014 - 09:57 PM

Hello, just letting you know I moved this topic to here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.

Thanks JSntgRvr
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:23 AM

Posted 10 February 2014 - 10:00 PM

Disregard.

Edited by JSntgRvr, 10 February 2014 - 10:25 PM.


#6 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 11:54 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by SYSTEM on MININT-L479345 on 11-02-2014 12:48:06
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-07-05] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Administrator\...\Run: [FactoryTest] - C:\Windows\Test.bat
HKU\Administrator\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [19812536 2010-02-02] (ooVoo LLC)
HKU\Administrator\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKU\Administrator\...\Run: [Power2GoExpress] - C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink)
HKU\Default\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [19812536 2010-02-02] (ooVoo LLC)
HKU\Default User\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [19812536 2010-02-02] (ooVoo LLC)

==================== Services (Whitelisted) =================

S2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-07-14] (McAfee, Inc.)
S4 McNASvc; C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
S4 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
S3 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
S3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
S4 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [894136 2009-07-08] (McAfee, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 SAService; C:\Windows\system32\SAsrv.exe [445496 2010-03-25] ()
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] ()
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-07-05] ()
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 12:47 - 2014-02-11 12:48 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-02-11 12:48 - 2014-02-11 12:47 - 00000000 ____D () C:\FRST

==================== Known DLLs (Whitelisted) ================

[2009-07-13 15:38] - [2009-07-13 17:41] - 0801280 ____A () C:\Windows\System32\USP10.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\User32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) B8D1DF394FE1716CAEF2C9D11F14E576

C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4028.6 MB
Available physical RAM: 3363.52 MB
Total Pagefile: 4026.75 MB
Available Pagefile: 3353.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.69 GB) (Free:176.2 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:19.77 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
Drive g: (LEXAR MEDIA) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 31F5BCEA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=188 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 123 MB) (Disk ID: 4C73F9B2)
Partition 1: (Active) - (Size=122 MB) - (Type=06)


LastRegBack: 2009-07-28 22:01

==================== End Of Log ============================



#7 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 11:56 AM

Thank you so much for your help! :)



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 11 February 2014 - 12:49 PM

Download the enclosed file.

Save it in the same location FRST64 is. Run FRST64 and click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Type the following in the edit box on FRST, after "Search:".

services.exe;User32.dll

It then should look like:

Search: services.exe;User32.dll

Click Search button and post the log (Search.txt) it makes on the USB drive in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 01:10 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by SYSTEM at 2014-02-11 14:07:04 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
HKU\Administrator\...\Run: [FactoryTest] - C:\Windows\Test.bat
End

*****************

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\FactoryTest => Value deleted successfully.

==== End of Fixlog ====



#10 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 01:12 PM

Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by SYSTEM at 2014-02-11 14:07:41
Running from G:\
Boot Mode: Recovery

================== Search: "services.exe;User32.dll" ===================

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) B8D1DF394FE1716CAEF2C9D11F14E576

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) D41D8CD98F00B204E9800998ECF8427E

C:\Windows\SysWOW64\user32.dll
[2009-07-13 15:24] - [2009-07-13 17:11] - 0833024 ____A (Microsoft Corporation) E8B0FFC209E504CB7E79FC24E6C085F0

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) D41D8CD98F00B204E9800998ECF8427E

C:\Windows\System32\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) B8D1DF394FE1716CAEF2C9D11F14E576

X:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

X:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

X:\Windows\System32\user32.dll
[2009-07-13 15:38] - [2009-07-13 17:41] - 1008640 ____A (Microsoft Corporation) 72D7B3EA16946E8F0CF7458150031CC6

====== End Of Search ======



#11 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 11 February 2014 - 01:46 PM

The Service.exe and the User.dll files seems patched. I will replace it with the one in the boot device.

Download the enclosed file.

Save it in the same location FRST64 is. Run FRST64 and click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#12 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 01:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by SYSTEM at 2014-02-11 14:57:26 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
Replace: X:\Windows\System32\user32.dll C:\Windows\System32\user32.dll
Replace: X:\Windows\System32\services.exe C:\Windows\System32\services.exe
End
*****************

C:\Windows\System32\user32.dll => Moved successfully.
X:\Windows\System32\user32.dll copied successfully to C:\Windows\System32\user32.dll
C:\Windows\System32\services.exe => Moved successfully.
X:\Windows\System32\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====



#13 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 11 February 2014 - 02:07 PM

Please re-scan with FRST and post the new FRST.txt log.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#14 SShaffner33

SShaffner33
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:09:23 AM

Posted 11 February 2014 - 02:16 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by SYSTEM on MININT-GQC1V67 on 11-02-2014 15:14:36
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VeriFaceManager] - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122440 2010-07-05] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Administrator\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\oovoo.exe [19812536 2010-02-02] (ooVoo LLC)
HKU\Administrator\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-27] ()
HKU\Administrator\...\Run: [Power2GoExpress] - C:\Program Files (x86)\Lenovo\Power2Go\Power2GoExpress.exe [2532648 2009-07-13] (Cyberlink)
HKU\Default\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [19812536 2010-02-02] (ooVoo LLC)
HKU\Default User\...\Run: [ooVoo.exe] - C:\Program Files (x86)\ooVoo\ooVoo.exe [19812536 2010-02-02] (ooVoo LLC)

==================== Services (Whitelisted) =================

S2 IGRS; C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-07-14] (McAfee, Inc.)
S4 McNASvc; C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
S4 McProxy; C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
S3 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
S3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
S4 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [894136 2009-07-08] (McAfee, Inc.)
S3 PS_MDP; C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-15] (Lenovo Group Limited)
S2 ReadyComm.DirectRouter; C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
S2 SAService; C:\Windows\system32\SAsrv.exe [445496 2010-03-25] ()
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-13] ()

==================== Drivers (Whitelisted) ====================

S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [79376 2009-07-15] (Lenovo)
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] ()
S1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [58896 2010-07-05] ()
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11280 2009-07-16] (Lenovo)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [X]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-11 12:47 - 2014-02-11 15:14 - 00000000 ____D () C:\FRST

==================== One Month Modified Files and Folders =======

2014-02-11 15:14 - 2014-02-11 12:47 - 00000000 ____D () C:\FRST

==================== Known DLLs (Whitelisted) ================

[2009-07-13 15:38] - [2009-07-13 17:41] - 0801280 ____A () C:\Windows\System32\USP10.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 4028.6 MB
Available physical RAM: 3359.75 MB
Total Pagefile: 4026.75 MB
Available Pagefile: 3354.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:187.69 GB) (Free:176.2 GB) NTFS
Drive d: (Lenovo) (Fixed) (Total:30.25 GB) (Free:19.77 GB) NTFS
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.26 GB) (Free:0 GB) UDF
Drive g: (LEXAR MEDIA) (Removable) (Total:0.12 GB) (Free:0.11 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 31F5BCEA)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=188 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 123 MB) (Disk ID: 4C73F9B2)
Partition 1: (Active) - (Size=122 MB) - (Type=06)


LastRegBack: 2009-07-28 22:01

==================== End Of Log ============================



#15 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,401 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:09:23 AM

Posted 11 February 2014 - 02:19 PM

Boot in Normal Mode and let me know the outcome.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users