Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Epic struggle with an infection that just won't die.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Epic struggle with an infection that just won't die.

Unread postby Nera » September 29th, 2014, 3:42 pm

Partly my fault as I left the computer without an antivirus for a while (to not slow me), but in any case the computer was having troubles lately so I tried to do some basic cleanups, and the more I cleaned the more other stuff started to act up, viruses wising up to the removal attempt and was shutdown on several steps. Overall I think it was also a hacking attempt as I had my registries open to remote access at some point and so on. I could go into painstaking detail of what happened and all the steps and all past symptoms if you ask me to, but most of the problems I managed to solve myself.

I had viruses that entered in startup registries, they even made my Windows startup REALLY slowed down, with a black screen happening before the desktop even shows. There were visible applications that entered in AppData too (one even had a cute virus face icon) and a virus that kept reopening its process every time I killed it, several times even. All around these viruses were back and showed up on the scans again between restarts and cleans, even if I did not connect to the Internet at all. It even corrupted my Windows Safe mode so as to not be cleaned properly. Computer just had a Windows Explorer crash in it, and now I think I get a Blue Screen infinite restart loop going there. In any case ComboFix says Safe Mode is still un-enterable.

Due to a combination of several anti-viruses and anti-rogues, including ComboFix and a Windows Repair tool, and full scan from Safe mode and with startup Run registry edits I managed to get most of the stuff that acted in a visible and performance hurting way at least. But Panda full scan said it couldn't remove some stuff. Also the main symptoms that frustrate me aren't gone yet. So currently my problems are this:

1. Disk space just keeps disappearing for no reason. I find myself having to delete files to make room for new stuff I wanted, but then as soon as I restart, even if I didn't get anything else to replace it, anywhere between 500MB-1GB disappears. And for a while now, and before I started cleaning viruses, if I was bellow 1 GB Windows startup kept giving me a prompt that supposedly the Windows paging file somehow failed, and that it created a temporary paging file that was somehow bigger than the specified size (even tho' I checked the settings and its Windows default, of 26-6000 MB, and these temp files keep adapting to whatever little space I had). If I stay above 2 GB they don't seem to happen but I still basically have whole GB missing from disk space and it is infuriating. Maybe it is a different, unconnected problem but it is my biggest one now, and it started around the same time.

2. Windows Safe Mode might still be corrupted, except the one I managed to enter in to fix some stuff.

3. Playing League of Legends resets my Screen Resolution, i.e. ingame settings, between each loaded game. This doesn't seem to affect my other games tho'.

4. Other ones are minor nuisances, like for example I kept getting an "Update Flash Player.exe" virus or whatever that kept asking for Permision from Windows 7 with one of those prompts that blacks out the background and you can't do much else. Except it kept spamming it and opened several of them. Hasn't happened this restart. Actually I don't think I have any of my other previous ones now...Except now this restart I seem to have a thing in typing fields for browser, like this forum post, where the typing cursor either vanishes or moves up, like some auto-click thing.

5. Chekdisk reports hard disk errors but I ran it several times and they don't seem to get fixed. (Just to be sure I did one as I typed this and now it seems ok, hmm).

Some other points of interests regarding how this started:

1) Browser startup tabs open to a site that got DDOS attacked and was down on and off for a few solid weeks. Page just showed that it couldn't be found and all that but is it likely that it was just enough to get infected?

2) One virus I had was something pretending to be Microsoft Security Essentials, asking me to do scans and restarts and Windows Offline Defender (or something that burrowed inside it). I thought nothing of it and I think that helped spread the infection more likely than anything else.

Both are around the same timeframe, so yeah, for about a month I was probably attacked by the crippling ones (with other ones that I likely had from before).

I feel like my Windows is functioning as normally as before now (at least in the boot from when I type this) but since the anti-virus said it couldn't remove some problems I wanted to get more professional help to clear it for good and those main big problems are still here and bothering me and I would like the damage undone.

I have ComboFix logs and the Panda Full Scan report here for you guys, but I am just following the rules and didn't post them. Here's the DDS...

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.51.2
Run by Iuliu at 22:22:55 on 2014-09-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.40.1048.18.4000.924 [GMT 3:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Panda Free Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
FW: Panda Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Join Air\UIExec.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [UIExec] "C:\Program Files (x86)\Join Air\UIExec.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [Smart File Advisor] "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /checkassoc
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll] "C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: Run = "C:\Users\Iuliu\AppData\Roaming\Microsoft\Windows\IEUpdate\schtasks.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Descarcă cu BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: Descarcă &Tot cu BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
TCP: Interfaces\{8226C880-5273-4135-94E4-3DE19C6F09E0}\C696E6B6379737 : DHCPNameServer = 81.196.170.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-mStart Page = about:blank
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - <orphaned>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-2-19 14456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2014-6-4 96800]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2014-6-18 162336]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2014-6-4 112160]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2014-6-4 115232]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2014-1-16 46336]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2014-6-4 95776]
R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2014-6-4 70176]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2014-6-4 125984]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2014-6-4 306720]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2014-6-4 169504]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2014-6-4 115744]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2014-6-4 261152]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2014-6-4 109088]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2014-7-24 195616]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-9-25 127752]
R2 NanoServiceMain;Panda Free Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2014-7-24 141560]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-7-23 61688]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2014-7-24 160800]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2014-7-24 120352]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2014-7-24 122400]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2014-7-24 132128]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2014-7-24 106016]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2014-7-24 38136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2014-7-16 2145080]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-6-2 128488]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-6-2 401896]
R3 IntcDAud;Audio afişaj Intel(R);C:\Windows\System32\drivers\IntcDAud.sys [2012-5-5 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-5 76912]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-9-28 60400]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [2013-12-16 14112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 UI Assistant Service;UI Assistant Service;C:\Program Files (x86)\Join Air\AssistantServices.exe [2012-6-17 261456]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2012-5-5 138024]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-9-25 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-11 111616]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2012-6-17 11776]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\6EF9.tmp [2014-9-7 6144]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 125584]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-5-5 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-1 59392]
S3 WatAdminSvc;Serviciul tehnologii de activare Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-17 1255736]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-5-5 2656280]
.
=============== Created Last 30 ================
.
2014-09-29 09:16:10 622592 ----a-w- C:\Users\Iuliu\AppData\Roaming\Y55o5.exe
2014-09-29 06:44:49 106496 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2F1C.exe
2014-09-29 06:01:05 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9A16D89-0534-4A93-8119-5294BF98B05C}\offreg.dll
2014-09-28 19:55:31 60400 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
2014-09-28 08:35:01 -------- d-sh--w- C:\$RECYCLE.BIN
2014-09-25 20:30:17 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2014-09-25 17:05:26 -------- d-----w- C:\Windows\pss
2014-09-25 17:02:17 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2014-09-25 16:09:07 98816 ----a-w- C:\Windows\sed.exe
2014-09-25 16:09:07 256000 ----a-w- C:\Windows\PEV.exe
2014-09-25 16:09:07 208896 ----a-w- C:\Windows\MBR.exe
2014-09-25 15:48:33 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-09-25 15:48:22 -------- d-----w- C:\ProgramData\RogueKiller
2014-09-25 15:46:52 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{89173C8B-6433-4397-88A9-6D3580628416}\gapaengine.dll
2014-09-25 15:46:27 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9A16D89-0534-4A93-8119-5294BF98B05C}\mpengine.dll
2014-09-25 15:24:20 -------- d-----w- C:\Program Files\HitmanPro
2014-09-25 15:24:09 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-25 15:19:31 -------- d-----w- C:\Users\Iuliu\AppData\Local\YhPack
2014-09-25 15:19:11 126976 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp75EB.exe
2014-09-24 15:48:43 -------- d-----w- C:\Windows\System32\catroot2
2014-09-24 15:40:41 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2014-09-24 15:02:09 -------- d-----w- C:\RegBackup
2014-09-24 12:53:51 231 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{96AE5DB4-BA2D-803E-41CD-51370C0C9B3B}-tmp0aca04c2.bat
2014-09-24 12:49:20 -------- d-----w- C:\Users\Iuliu\AppData\Roaming\Icatuqyc
2014-09-24 12:48:42 -------- d-----w- C:\Users\Iuliu\AppData\Roaming\Yxqeokmu
2014-09-24 10:08:06 -------- d-----w- C:\Windows\System32\winrm
2014-09-24 07:24:31 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-23 17:56:59 -------- d-----w- C:\09218d3fee7dcc12fc3a
2014-09-23 11:50:35 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-09-23 08:46:36 -------- d-----w- C:\Program Files (x86)\Age of Empires II HD The Forgotten
2014-09-23 07:52:07 -------- d-----w- C:\ProgramData\Steam
2014-09-23 07:09:29 -------- d-----w- C:\Program Files (x86)\Mr DJ
2014-09-21 21:15:24 22752 ----a-w- C:\Windows\System32\PCloudBroom64.exe
2014-09-21 13:38:52 -------- d-----w- C:\Program Files (x86)\NirSoft
2014-09-21 11:12:48 29496 ----a-w- C:\Windows\System32\authuitu.dll
2014-09-21 11:12:48 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2014-09-21 11:08:34 43320 ----a-w- C:\Windows\System32\uxtuneup.dll
2014-09-21 11:08:33 36152 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2014-09-21 11:08:20 -------- d-----w- C:\Users\Iuliu\AppData\Local\TuneUp Software
2014-09-21 09:17:22 196608 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7C55.exe
2014-09-19 14:23:57 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2014-09-16 03:09:48 -------- d-----w- C:\Windows\Microsoft Antimalware
2014-09-12 14:20:17 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-09-11 08:11:58 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-11 05:58:42 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-09-11 05:58:41 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-09-11 05:58:40 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-09-11 05:58:38 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-09-11 05:58:37 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-09-10 07:06:55 48648 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-09-07 18:53:52 -------- d-----w- C:\ProgramData\panda_url_filtering
2014-09-07 18:53:51 -------- d-----w- C:\ProgramData\Panda Security URL Filtering
2014-09-07 18:53:20 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2014-09-07 18:52:49 -------- d-----w- C:\Program Files (x86)\pandasecuritytb
2014-09-07 18:45:02 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2014-09-07 18:36:01 -------- d-----w- C:\Users\Iuliu\AppData\Roaming\DesktopIconGoodgame
2014-09-07 18:36:01 -------- d-----w- C:\Program Files (x86)\Common Files\Bitdefender
2014-09-07 16:14:43 18816 ------w- C:\Windows\SysWow64\SAVRKBootTasks.sys
2014-09-07 10:19:24 6144 ------w- C:\Windows\System32\6EF9.tmp
2014-09-07 10:10:25 6144 ------w- C:\Windows\System32\36E8.tmp
2014-09-07 10:09:45 -------- d-----w- C:\Program Files (x86)\Sophos
2014-09-07 07:13:13 -------- d-----w- C:\Users\Iuliu\AppData\Roaming\Liurme
2014-09-06 20:51:54 -------- d-----w- C:\Users\Iuliu\AppData\Local\Efbtion
2014-09-06 20:50:39 2498560 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
.
==================== Find3M ====================
.
2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-24 23:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2014-07-24 18:24:04 132128 ----a-w- C:\Windows\System32\drivers\PSINProt.sys
2014-07-24 18:24:04 106016 ----a-w- C:\Windows\System32\drivers\PSINReg.sys
2014-07-24 18:24:03 195616 ----a-w- C:\Windows\System32\drivers\PSINKNC.sys
2014-07-24 18:24:03 122400 ----a-w- C:\Windows\System32\drivers\PSINProc.sys
2014-07-24 18:24:03 120352 ----a-w- C:\Windows\System32\drivers\PSINFile.sys
2014-07-24 18:24:02 160800 ----a-w- C:\Windows\System32\drivers\PSINAflt.sys
2014-07-17 15:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2014-07-17 15:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2014-07-16 08:24:34 40760 ----a-w- C:\Windows\System32\TURegOpt.exe
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-14 02:02:45 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-07-13 16:05:32 1737728 ----a-w- C:\Program Files\FilelistCreator.exe
2014-07-09 06:47:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 06:47:37 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-09 01:27:31 49940480 ----a-w- C:\Program Files (x86)\GUTCC36.tmp
2013-07-05 12:41:30 4249600 ----a-w- C:\Program Files (x86)\GUTF23F.tmp
.
============= FINISH: 22:26:04,53 ===============


And the other one...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 05.05.2012 14:55:25
System Uptime: 29.09.2014 12:13:09 (10 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K54C
Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | CPU 1 | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 152 GiB total, 2,611 GiB free.
D: is FIXED (NTFS) - 146 GiB total, 0 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition)
AC3Filter 1.62b
AChat v0.150
Adobe Flash Player 14 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader X (10.1.9)
Alcor Micro USB Card Reader
AML Free Registry Cleaner 4.22
Asmedia ASM104x USB 3.0 Host Controller Driver
ASUS AI Recovery
ASUS FancyStart
ASUS LifeFrame3
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ATK Package
Battle.net
BitComet 1.32 64-bit
BurnAware Free 4.9
CCleaner
CDisplay 1.8
Combined Community Codec Pack 2013-05-30
Dawngate
DivX Setup
ETDWare PS/2-X64 8.0.5.1_WHQL
Fast Boot
FLAC 1.2.1b (remove only)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hero Editor V1.04
HitmanPro 3.7
InstantOn for NB
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
IrfanView (remove only)
Java 7 Update 51
Java Auto Updater
Join Air
K-Lite Codec Pack 9.5.5 (Full)
League of Legends
Media Player Codec Pack 4.2.8
MediaInfo 0.7.61
Microsoft .NET Framework 4.5
Microsoft Age of Empires II
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
MpcStar 5.4
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NirSoft ShellExView
One Finger Death Punch 1.0
Opera 12.15
Panda Cloud Cleaner
Panda Devices Agent
Panda Free Antivirus
Panda Security Toolbar
Panda Security URL Filtering
PowerISO
Qualcomm Atheros WiFi Driver Installation
RaidCall
Realtek High Definition Audio Driver
Registration Code Creator
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft .NET Framework 4.5 (KB2861208)
Security Update for Microsoft .NET Framework 4.5 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5 (KB2898864)
Security Update for Microsoft .NET Framework 4.5 (KB2901118)
Security Update for Microsoft .NET Framework 4.5 (KB2931368)
Security Update for Microsoft .NET Framework 4.5 (KB2972216)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Skype Click to Call
Skype™ 6.18
Smart File Advisor 1.1.3
Sonic Focus
Sophos Anti-Rootkit 1.5.4
swMSM
Torchlight
Total Commander (Remove or Repair)
TuneUp Utilities 2014
TuneUp Utilities 2014 (en-US)
Tweaking.com - Windows Repair (All in One)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.1.0
Winamp
WinRAR 4.20 (32-bit)
Wireless Console 3
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
29.09.2014 21:31:25, Error: Application Popup [1060] - \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
29.09.2014 12:15:21, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
29.09.2014 12:14:26, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
29.09.2014 09:36:39, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
29.09.2014 09:01:05, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
29.09.2014 09:00:09, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
28.09.2014 22:55:50, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
28.09.2014 22:55:41, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
28.09.2014 15:47:28, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
28.09.2014 14:44:53, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
28.09.2014 14:44:51, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
28.09.2014 11:01:32, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: MpFilter SAVRKBootTasks SBRE spldr
28.09.2014 11:00:48, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
25.09.2014 20:01:22, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
25.09.2014 20:00:46, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
25.09.2014 19:22:09, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25.09.2014 19:00:24, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
25.09.2014 18:58:45, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
25.09.2014 18:54:33, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
25.09.2014 18:21:30, Error: Service Control Manager [7022] - Serviciul Windows Update s-a blocat la pornire.
25.09.2014 18:16:33, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
25.09.2014 18:16:19, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
24.09.2014 19:38:13, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 19:38:03, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
24.09.2014 19:17:07, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 19:01:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
24.09.2014 19:01:24, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
24.09.2014 19:01:19, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
24.09.2014 19:01:05, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
24.09.2014 19:00:56, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: ATKWMIACPIIO discache MpFilter NNSALPC NNSHTTP NNSHTTPS NNSIDS NNSPICC NNSPIHSW NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC SAVRKBootTasks SBRE SCDEmu spldr Wanarpv6
24.09.2014 18:54:51, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 18:45:48, Error: Service Control Manager [7024] - Serviciul Windows Firewall s-a terminat cu eroare de serviciu specifică: Parametrul este incorect..
24.09.2014 18:45:48, Error: Service Control Manager [7001] - Serviciul Internet Connection Sharing (ICS) depinde de serviciul Remote Access Connection Manager care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 18:45:36, Error: Service Control Manager [7024] - Serviciul Windows Firewall s-a terminat cu eroare de serviciu specifică: Parametrul este incorect..
24.09.2014 18:45:36, Error: Service Control Manager [7001] - Serviciul Internet Connection Sharing (ICS) depinde de serviciul Remote Access Connection Manager care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 17:21:54, Error: Service Control Manager [7001] - Serviciul Programator de activităţi depinde de serviciul Windows Event Log care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 17:21:40, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 17:21:40, Error: Service Control Manager [7001] - Serviciul Microsoft Network Inspection System depinde de serviciul Base Filtering Engine care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 17:21:05, Error: Service Control Manager [7001] - Serviciul Programator de activităţi depinde de serviciul Windows Event Log care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 16:48:06, Error: Service Control Manager [7001] - Serviciul Programator de activităţi depinde de serviciul Windows Event Log care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 16:47:52, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 16:47:52, Error: Service Control Manager [7001] - Serviciul Microsoft Network Inspection System depinde de serviciul Base Filtering Engine care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 16:47:18, Error: Service Control Manager [7001] - Serviciul Programator de activităţi depinde de serviciul Windows Event Log care nu a pornit din cauza erorii următoare: Serviciul nu poate fi pornit, deoarece este dezactivat sau nu are asociat niciun dispozitiv activat.
24.09.2014 13:20:04, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 13:19:50, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
24.09.2014 12:36:00, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 12:35:42, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
24.09.2014 10:01:13, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
24.09.2014 10:01:01, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
23.09.2014 22:15:16, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
23.09.2014 22:15:00, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
23.09.2014 13:17:58, Error: Service Control Manager [7023] - Serviciul Windows Modules Installer s-a terminat cu următoarea eroare: Resurse de sistem insuficiente pentru a termina serviciul solicitat.
23.09.2014 08:52:24, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
23.09.2014 08:52:00, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
23.09.2014 08:13:00, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
23.09.2014 08:12:30, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
22.09.2014 14:47:01, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. The error: "8" Happened while starting this command: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
22.09.2014 08:48:58, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
22.09.2014 08:48:23, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
22.09.2014 00:19:43, Error: Service Control Manager [7026] - Următoarele drivere boot-start sau system-start nu s-au încărcat: SAVRKBootTasks SBRE
22.09.2014 00:18:37, Error: Service Control Manager [7000] - Serviciul UI Assistant Service nu a pornit din cauza erorii următoare: Serviciul nu a răspuns la solicitarea de pornire sau de control în timp util.
.
==== End Of File ===========================

Uhh, sorry about my lack of an installed English language pack lmao. If you want anything of those errors translated let me know, but Google Translate should probably suffice to any tech savvy person. Anyway, that is all I have for now, going into waiting mode.
Nera
Active Member
 
Posts: 2
Joined: September 29th, 2014, 12:46 pm
Advertisement
Register to Remove

Re: Epic struggle with an infection that just won't die.

Unread postby Cypher » October 5th, 2014, 6:11 am

With all the self fixes you have attempted, it looks as though you have some fundamental damage to your System.
I'm afraid the only practical solution to that is to backup your personal files and folders, and then reformat your hard drive and re-install Windows.
Attempting anything else is just going to be a waste of both your time, and the time of anyone helping you.
It's probably not what you want to hear, but there is not a simpler solution for you other than a reformat, sometimes there's really no other option.

As your problems appear to require a reformat, this topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 456 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware