My Lenovo thinkpad has acquired a virus that makes it essentially unusable. I ave to keep Task Manager open and keep killing the process to keep memory usae from going up to 95-97% and freezing the computer. I need some help, please. Thank you in advance.
I ran several malware removal tools and anti-spyware, including spy-bot and anti-malware and removed a lot of junk, but none have eliminated this problem.
I ran the ERUNT program per the instructions. I think it ran okay.
I ran the DDS program. It did NOT generate te DDS.txt report, only attach.txt, which is zipped and attached.
I ran the aswMBR program three different times because it would freeze after about 8 minutes. I waited about 20 minutes before stopping the scan and saving the log. The freeze point seemed to be at
scanning:C:\Users\admin\App Data\Local\Microsoft\Toolbar\Backup\wlextension.dll
The aswMBR.txt file is below:
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-14 20:36:24
-----------------------------
20:36:24.558 OS Version: Windows x64 6.1.7601 Service Pack 1
20:36:24.558 Number of processors: 4 586 0x2505
20:36:24.628 ComputerName: ADMIN-THINK UserName: admin
20:36:31.418 Initialize success
20:36:31.498 VM: initialized successfully
20:36:31.618 VM: Intel CPU BiosDisabled
20:36:41.040 VM: supported disk I/O iaStor.sys
20:42:08.575 AVAST engine defs: 14071401
20:42:29.495 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:42:29.510 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:42:30.353 Disk 0 MBR read successfully
20:42:30.353 Disk 0 MBR scan
20:42:30.415 Disk 0 Windows VISTA default MBR code
20:42:30.431 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:42:30.431 Disk 0 Boot: NTFS code=1
20:42:30.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:42:30.493 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:42:31.101 Disk 0 scanning C:\Windows\system32\drivers
20:43:13.903 Service scanning
20:44:04.750 Modules scanning
20:44:04.750 Disk 0 trace - called modules:
20:44:04.781 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:44:04.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
20:44:04.797 3 CLASSPNP.SYS[fffff88001b8043f] -> nt!IofCallDriver -> [0xfffffa800491ec90]
20:44:04.797 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494b050]
20:44:08.073 AVAST engine scan C:\Windows
20:44:13.033 AVAST engine scan C:\Windows\system32
20:47:55.371 AVAST engine scan C:\Windows\system32\drivers
20:48:13.629 AVAST engine scan C:\Users\admin
20:58:51.294 Scan stopped
20:58:57.160 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:58:57.175 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:58:57.253 Disk 0 MBR read successfully
20:58:57.269 Disk 0 MBR scan
20:58:57.269 Disk 0 Windows VISTA default MBR code
20:58:57.285 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:58:57.300 Disk 0 Boot: NTFS code=1
20:58:57.316 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:58:57.347 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:58:57.363 Disk 0 scanning C:\Windows\system32\drivers
20:58:57.363 Service scanning
20:59:57.683 Modules scanning
20:59:57.683 Disk 0 trace - called modules:
20:59:57.713 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:59:57.729 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c51060]
20:59:57.729 3 CLASSPNP.SYS[fffff88001b8043f] -> nt!IofCallDriver -> [0xfffffa800491ec90]
20:59:57.729 5 ACPI.sys[fffff88000f027a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494b050]
21:00:01.317 AVAST engine scan C:\Windows
21:00:08.118 AVAST engine scan C:\Windows\system32
21:03:39.405 AVAST engine scan C:\Windows\system32\drivers
21:03:55.130 AVAST engine scan C:\Users\admin
21:37:21.353 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
21:37:21.431 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-15 20:23:47
-----------------------------
20:23:47.436 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:47.436 Number of processors: 4 586 0x2505
20:23:47.436 ComputerName: ADMIN-THINK UserName: admin
20:23:54.627 Initialize success
20:23:54.643 VM: initialized successfully
20:23:54.674 VM: Intel CPU BiosDisabled
20:24:08.248 VM: supported disk I/O iaStor.sys
20:24:43.063 AVAST engine defs: 14071401
20:24:53.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:24:53.367 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:24:53.539 Disk 0 MBR read successfully
20:24:53.539 Disk 0 MBR scan
20:24:53.555 Disk 0 Windows VISTA default MBR code
20:24:53.555 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:24:53.570 Disk 0 Boot: NTFS code=1
20:24:53.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:24:53.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:24:53.695 Disk 0 scanning C:\Windows\system32\drivers
20:25:05.130 Service scanning
20:26:00.486 Modules scanning
20:26:00.486 Disk 0 trace - called modules:
20:26:00.517 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys
20:26:00.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:26:00.533 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:26:00.548 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:26:04.105 AVAST engine scan C:\Windows
20:26:09.035 AVAST engine scan C:\Windows\system32
20:30:31.360 AVAST engine scan C:\Windows\system32\drivers
20:30:49.737 AVAST engine scan C:\Users\admin
20:43:26.480 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
20:43:26.730 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-07-15 20:23:47
-----------------------------
20:23:47.436 OS Version: Windows x64 6.1.7601 Service Pack 1
20:23:47.436 Number of processors: 4 586 0x2505
20:23:47.436 ComputerName: ADMIN-THINK UserName: admin
20:23:54.627 Initialize success
20:23:54.643 VM: initialized successfully
20:23:54.674 VM: Intel CPU BiosDisabled
20:24:08.248 VM: supported disk I/O iaStor.sys
20:24:43.063 AVAST engine defs: 14071401
20:24:53.367 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:24:53.367 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:24:53.539 Disk 0 MBR read successfully
20:24:53.539 Disk 0 MBR scan
20:24:53.555 Disk 0 Windows VISTA default MBR code
20:24:53.555 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:24:53.570 Disk 0 Boot: NTFS code=1
20:24:53.601 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:24:53.648 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:24:53.695 Disk 0 scanning C:\Windows\system32\drivers
20:25:05.130 Service scanning
20:26:00.486 Modules scanning
20:26:00.486 Disk 0 trace - called modules:
20:26:00.517 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys
20:26:00.533 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:26:00.533 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:26:00.548 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:26:04.105 AVAST engine scan C:\Windows
20:26:09.035 AVAST engine scan C:\Windows\system32
20:30:31.360 AVAST engine scan C:\Windows\system32\drivers
20:30:49.737 AVAST engine scan C:\Users\admin
20:43:26.480 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
20:43:26.730 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
20:44:18.214 Scan stopped
20:44:22.966 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:44:22.971 Disk 0 Vendor: WDC_WD50 02.0 Size: 476940MB BusType: 3
20:44:23.059 Disk 0 MBR read successfully
20:44:23.064 Disk 0 MBR scan
20:44:23.164 Disk 0 Windows VISTA default MBR code
20:44:23.184 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 2048
20:44:23.206 Disk 0 Boot: NTFS code=1
20:44:23.229 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 465737 MB offset 2459648
20:44:23.286 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 956291072
20:44:23.319 Disk 0 scanning C:\Windows\system32\drivers
20:44:23.324 Service scanning
20:45:21.116 Modules scanning
20:45:21.116 Disk 0 trace - called modules:
20:45:21.147 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ntoskrnl.exe iaStor.sys hal.dll
20:45:21.147 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c92060]
20:45:21.147 3 CLASSPNP.SYS[fffff88001b7c43f] -> nt!IofCallDriver -> [0xfffffa800492de40]
20:45:21.147 5 ACPI.sys[fffff88000f097a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004930050]
20:45:28.870 AVAST engine scan C:\Windows
20:46:25.708 AVAST engine scan C:\Windows\system32
20:51:01.970 AVAST engine scan C:\Windows\system32\drivers
20:51:22.950 AVAST engine scan C:\Users\admin
21:14:45.336 Scan stopped
21:15:08.042 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
21:15:08.092 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"