I was able to run the Killbox program in Safe mode. When I got to removing the startdrv.exe program, I got a response of "PendingFileRenameOperations Registry Data has been Removed by external Process" and the system did not reboot automatically. I rebooted back into normal mode and the program was gone, but the internet connection was slow and dropping. When I rebooted back into SafeMode w/ Networking, I looked to see if the program was still gone, and it had come back! I then ran the Kaspersy scan while in SafeMode. I then tried to boot back into Normal mode. I was able to get a consistent connection, so a again ran the Kaspersy scan. I then ran a Deckard scan. I have posted all logs below.
While I had access to another computer, I tried to look up some stuff on this startdrv. It looks like it is some kind of rootkit. Any advise you can give will help. Thanks.
Reply With Quote