I have a Lenovo X201 notebook PC running Windows 7 Pro (x64) (also has Avast).
Before things went totally wrong I had some odd signs (may be unrelated):
- computer stopping (like a hard switch off) when doing computation intensive stuff like circuit simulations (fan would start running faster, and then turned off) or too many programs running.
- annoying Acrobat Reader Update at startup that would never actually execute when I selected it, seemed to fail.
Suddenly things degenerated on the 31st of december, right after installing Samsung Kies (unrelated coincidence?) :
- on boot I get errors for Acrotray.exe and ipoint.exe, and for PrivateIconClient.exe I get error unable to load Jit Compiler, Intel Management and Security has stopped running
- all printers are gone and USB wireless mouse gone (but USB working)
- I can no longer launch most programs from the taskbar or from shortcut icons (I would get a message "incorrect parameter" and then the choice of deleting the shortcut), though some of those apps would launch if I went straight to the location of the exe file. If I try running Mozilla I get could not load XPCOM. I can run Google Chrome.
- I cannot install or uninstall programs. I cannot disable or remove Avast
- If I download an exe, I can execute it if I do it right after download, but whatever evil is in there quickly catches up and mucks things. Changing the filename of executable sometimes helps make them launchable, if I do it fast.
- before running any scans I tried backing up some files to NAS (stupid?), on some files I got Error 0x800700E1 file contains a virus for some files
In SAFE MODE I can launch programs normally, but I cannot uninstall or install and Security Center is off (I think this is normal in safe mode).
I ran the following sequence:
- Kaspersky TDSSkiller - nothing found
- ran Rkill
- ran Malwarebytes (have log if needed), found and quarantined :
Worm.Waledac 3 on my accounting software download files (probably been there for a while)
PUP.Optional.Softonic.A on a download (looks harmless?)
PUP Adware.Installer on a download of 7zip.exe (looks harmless?)
- ran Hitmanpro, found mostly ad cookies
- ran RogueKiller, found:
PUM HJ POL HKLM\[...]\System DisableRegistryTools - Deleted
PUM HJ POL HKLM\[...]\WOW6432Node\[...]\System DisableRegistryTools - 0x2 file does not exist
(these two were also in the other 2 PCs on the same network - I ran RogueKiller to remove the two PUMs and they seem fine now.) ON THE INFECTED NOTEBOOK EVEN AFTER REMOVAL BY ROGUEKILLER THESE PUMs keep reappearing at each boot in Normal Mode (but not in Safe Mode)
- ran ADW Cleaner
- ran Junkware Removal Tool
- ran ESET Online Scanner
- ran Emsisoft EmergencyKitscanner
Somewhere along there I found (sorry, lost track of things out of frustration):
- Win32/Adware.Error attached to old download registryfix.exe
- Win32:Dropper-gen and Win32:Malware-gen and Somoto-F
Sorry about not doing all this in a structured way, frustration got in the way.
PC is in sorry shape, would love to avoid reinstall of Windows, especially because laptop does not come with CD, Preinstall is on disk (corrupted too?).
I ran DDS, attached logs.
Would appreciate some help!