Win7 Laptop sloooowdown

[an8el]

Have had some slowing down issues with this laptop, a trusty Acer Aspire 5532.  Had abandoned it for awhile when I was able to use a friend's laptop, but it's gotta get fixed. I live in an off-grid camping-type situation, but right now I'm house-sitting with a reliable Internet access for the next week, so the time is ripe to deal with it.

 That is why the dates on the scans are a bit back in the past. I have only sporadically had the consistent, uninterrupted electricity to complete these scans. Nothing has happened on this computer since it has been misbehaving. Fortunately, I'd just done a backup of all files right before I got the virus (- except for video and sound files) because I needed them to use on the alternate computer while traveling - Murphy's law was in my favor this time! Also, I run Baidu alongside Avira because it says Baidu is compatible with Avira, (unlike most virus-scanning software) and offers real-time scanning of flash drives.

OK - So here is what gave me a heads up something was wrong...besides things going too slow, (which made me do that back up because I thought the computer was getting too full to work at speed...thus, the lucky break.) Downloaded a new version of Malwarebytes during a regular update.

When I went to reinstall MalwareBytes, here's what happened:

Internal error: Expression error 'Runtime Error (at 115:260):
MoveFileEx failed; code 5
Access is denied.'
Then extracting files stalled and would not work, until I closed the dialog box. 
I ran a scan after the install. While watching, I noticed it was finding viruses, but at the end of the scan it said that nothing had happened?
So I updated Malwarebytes recently, got the same error, but this

So, in the last few days, tried it again. This time the new version installed after the same error message. I wasn't able to sit through the whole scan as I could do for the first round. Again, the result said nothing happened. The first result is from the latest scan, the second result is back in the past when I could spot viruses, but the scan came out "clean."


Anyway, I included the two MBAM files at the end; the most recent first.


# AdwCleaner v5.037 - Logfile created 05/03/2016 at 22:22:35
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1

(x64)
# Username : Franis - ACERTAIN
# Running from : C:\Users\Franis\Downloads\installs\Cleaners

\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\yuna software
[-] Folder Deleted : C:\ProgramData\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome

\User Data\Default\Local Storage

\hxxp_websearch.about.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome

\User Data\Default\Local Storage

\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome

\User Data\Default\Local Storage

\hxxp_www.dogpile.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Roaming\Mozilla\Firefox

\Profiles\2c9a767w.default\extensions\jid0-

[email protected]
[-] File Deleted : C:\Windows\Downloaded Program Files

\popcaploader.inf
[-] File Deleted : C:\Windows\Reimage.ini

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-

FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8

-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface

\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib

\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Code Store

Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-

73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows

\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-

73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows

\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-

73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows

\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-

EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID

\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface

\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface

\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\yuna software
[-] Key Deleted : HKLM\SOFTWARE\yuna software
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-

CB62727F01CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Installer\UserData\S-1-5-18\Components

\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Installer\UserData\S-1-5-18\Components

\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Installer\UserData\S-1-5-18\Components

\86EB95E1AFCBABE3DB9ECCC669B99494
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer

\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer

\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet

Explorer\Main [Start Page]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet

Explorer\Main [Start Page]
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet

Explorer\SearchScopes\{D9E82B08-C735-445D-80CC-

48AACEE16C1B}

***** [ Web browsers ] *****

[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles

\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref

("browser.search.defaultenginename", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles

\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref

("browser.search.defaultenginename.US", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles

\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref

("browser.search.selectedEngine", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles

\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref

("browser.startup.homepage", "hxxps://ixquick.com/eng/");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles

\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref

("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Certainly\AppData\Roaming\Mozilla\Firefox\Profiles

\qgl4j35n.default\prefs.js] [Preference] Deleted : user_pref

("browser.startup.homepage", "hxxps://ixquick.com/eng/");
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data

\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data

\Default\Web Data] [Search Provider] Deleted : ask.com

• [C:\Users\Franis\AppData\Local\Google\Chrome\User Data

\Default\Web Data] [Search Provider] Not Deleted : ixquick.com
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data

\Default\Secure Preferences] [Extension] Deleted :

mcbkbpnkkkipelfledbfocopglifcfmi
[-] [C:\Users\Franis\AppData\Local\Comodo\Dragon\User Data

\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Franis\AppData\Local\Comodo\Dragon\User Data

\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5513 bytes] - [05/03/2016

22:22:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5446 bytes] - [05/03/2016

22:08:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5659

bytes] ##########


Security check:
 Results of screen317's Security Check version 0.99.43 
 Windows 7 Service Pack 1 x64   
 Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running!

This report may not be accurate!
 Windows Firewall Enabled! 
Avira Antivirus   
Baidu Antivirus   
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````[/u]
 Abexo Free Registry Cleaner 
 Java 8 Update 40 
 Java version out of Date!
 Adobe Reader 9 Adobe Reader out of Date!


 Mozilla Firefox (42.0)
 Google Chrome 47.0.2526.111 
 Google Chrome 48.0.2564.116 
 Google Chrome VisualElementsManifest.xml.. 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Baidu Security Baidu Antivirus 5.4.3.122701.0 BavSvc.exe
 Baidu Security Baidu Antivirus 5.4.3.122701.0 bavhm.exe
 Baidu Security Baidu Antivirus 5.4.3.122701.0 BavTray.exe
 Baidu Security Baidu Antivirus 5.4.3.122701.0 Bav.exe
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````[/u]




Then...the most recent Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/31/2016
Scan Time: 4:06 PM
Logfile: MBAM an8el on5-31-16.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.01.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Franis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398419
Time Elapsed: 1 hr, 9 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Now, the Malwarebytes scan where I spotted viruses, but the

result of the scan came out "clean."

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/2/2016
Scan Time: 9:23:43 AM
Logfile: 3-2-16-2016FranisAn8el.txt
Administrator: Yes

Version: 2.02.0.1024
Malware Database: v2016.03.02.04
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Franis

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474410
Time Elapsed: 54 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0

thanks for your HELP with these mysteries!!!!


Frani

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
You should not run two AV's on your computer. That could be causing some of your problems.
*********************************************
Registry cleaners are extremely powerful applications and their potential for harming your OS far outweighs any small potential for improving your computer's performance.

There are a number of them available and some are more safe than others. Keep in mind that no two registry cleaners work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad" entry. One cleaner may find entries on your system that will not cause a problem when removed, another may not find the same entries, and still another may want to remove entries required for a program to work. Without research into what the registry entry selected for deletion is, a registry cleaner can end up being an automated method to cause problems with the registry.

For routine use by those not familiar with the registry, the benefits to your computer are negligible while the potential risks are great.

Further reading: XP Fixes Myth #1: Registry Cleaners

*************************************************
Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.

[an8el]

Hello Mr. Dave,
Thanks for taking on the challenge. My computer is still working and can access the internet, obviously. If not, I have another to use so that's not an issue...but I must use a flash drive because the CD maker on my other computer doesn't work correctly. ...and I don't have blank CDs because I'm not in my own house right now.

OK, on your advice, I uninstalled Baidu, and it also (unbidden) uninstalled my other anti-virus, which was related to it - Avira. I'm running naked at this point, so not going anywhere else but this link until things get fixed. What anti-virus would you recommend? I'm broke so can't do a pay one.

Then followed the rest of your destructions... Here's the result:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Franis (Administrator) on Sun 06/05/2016 at 19:40:18.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 50

Successfully deleted: C:\ProgramData\messenger plus! for skype (Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{21C2D7C2-0E12-4D1C-B64E-A61353143982} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{2502F81A-FC20-4CB5-8EAD-1D9B09B1F314} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{2BBE0E3E-14CB-45D1-A342-8FB38DDD0EB4} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{2F4E5F7C-A4A7-41A6-A258-B830ACCA33AA} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{34629612-2BE5-4C86-9A8F-3AE865797F39} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{40340BD9-30B8-40E3-9804-76E6432485B6} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{5FA01F87-248F-41ED-A75D-EDBCCEB5D4EE} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{7C3494A4-4D2E-4EFD-8F4B-903FC48B4F09} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{D6E5827E-68B8-4051-AD42-FB037C7F756D} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{EF2A51CB-D314-4846-B16B-5888B20B6A42} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\{FB520F90-F4A2-4449-B0A7-33D541A2E90B} (Empty Folder)
Successfully deleted: C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles\2c9a767w.default\user.js (File)
Successfully deleted: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C9PS098 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N8RPSP4 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZD6K2YV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX8XYUAS (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\II9FFBA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J63YLAPN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGCQSQHC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA1S9FWC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7MHEC9V (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW1JCBSR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCY3RUSC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W83ZY50M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCVZXPMG (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Franis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCCZP9BE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5C9PS098 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7N8RPSP4 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZD6K2YV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HX8XYUAS (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\II9FFBA6 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J63YLAPN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGCQSQHC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KA1S9FWC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q7MHEC9V (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QW1JCBSR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SCY3RUSC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W83ZY50M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCVZXPMG (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZCCZP9BE (Temporary Internet Files Folder)



Registry: 5

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Jing (Registry Value)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\56337231 (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\56337232 (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\MsgPlusService (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/05/2016 at 19:49:04.40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[SuperDave]

You should download and install MicroSoft Security Essentials. It is free and is a good AV.That is all I use on all my computers.

MicroSoft Security Essentials   All versions and all languages.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[an8el]

Avira appears to have not been deleted, only the icon on the desktop lower right hand corner was changed.
I turned off Avira "real time" monitoring before I started the recommended scan. It closed its little umbrella.
The scan is running now... but it appears to have stalled when it found its first threat. So, I found a mark on the screen and located the little scanner window so I could see the progress bar go forward in detail once I suspected it had stalled. It had turned black in the areas that were white after I'd returned to see if it had advanced. I've waited 4 hours for this stall to advance. Not happening.
When I tried to stop and start the scan again, the scan window would not stop or close.
It said when I returned to the site ESET again and reinitialized it, "there is a scan already running."
It still would not cancel or close that scan window.
Then I realized that wonderful windows update picked this time to be downloading around 230 mgs of updates. Made me wonder if the malware had commandeered the windows update services....
So got that control panel window open, (the lower corner icon would not work to do so, but I had the other control panel avenue.) I unchecked all the updates...then changed the update feature to "don't download and install until I say you can."
The scan window still will not close or cancel.
So I got a hard wire hooked up to the Internet connection instead of the wireless connection in hopes of improving the speed. I'm worried that now since I've told it to stop or the window to close a few times that it's not scanning for those reasons.
Who knows?
So, until you reply I'm going to wait, wait, wait for  the scan...to keep going in hopes that the progress bar doesn't represent what is actually happening. Because I do not see any 'action' in the little hard drive light on the computer at this point, unfortunately.

Hopefully, being left connected online for an extended time will not result in MORE malware being uploaded to my poor unguarded little laptop.

So, what next?

[an8el]

after a few more hours with no action on the hard drive light, I got the bright idea to restart using "force' restart to prevent Windows from downloading and installing more updates...even though I'd disabled the feature. It still installed some updates, arrgh.

So, I've returned to do the online scan, and everything appears to be running as it should as the scan is going this time...
Crossing my fingers .....

OK... onward!

[SuperDave]

Uninstalling an antivirus or any other program should always be done through Add/Remove Programs or by using a free third party uninstaller like Revo Uninstaller Select the 30 day trial one. Only use the below methods if the add/remove programs method fails.

[an8el]

Yes, I removed Baidu using the "remove program" feature in the control panel. Always do it that way for obvious reasons I've been advised previously.

OK, 14 hours later... the online scan says ...nothing.
Which is strange because it hung up on a detection that it caught the first time I ran it.

The popup screen that was on my desktop after the end of the scan did not give me an option to print out any results, I guess since it didn't find anything.
It said:
Files scanned: 284233

when I went into the only link on that report popup, (manage quarantine) it caught two "unwanted applications," both were in programs designed to scan:
glary/susetup.exe - a variant of Win32 ELAX.AG
and: in adware cleaner quarrentine from MessengerPlus! for Skype a variant of Win32/MessengerPlus.A

I checked enable detection of potentially unwanted, possibly malicious apps. The only differences, now that I think about it, was that the second time around, when the laptop restarted, did not load up Avira. Which I thought was OK because the warning said that Avira could influence the scanning. So I left Avira unloaded while the scan ran.

I wonder if, since Avira was a feature of the scanning system of Baidu, if uninstalling that program messed with Avira and I should remove and use the other Microsoft anti-virus, at least for the time being? Windows is designed to run with its own products, after all. Think I'll do that next, since you recommended it.

The laptop is faster than it was. The only symptom that remains is it somehow wiped the directory and also the two flash drives where I'd backed up files. Now, I may have done this inadvertently without noticing it, but that's pretty unlikely...since it happened on TWO of them. Perhaps the files are still there and "unhide" would reveal them, I don't know. When I transferred more files onto the flash drive that I was using to backup more sound files I discovered that weren't in the collection...it acted as if they weren't there when I couldn't see them. (a duplicate file warning popped up.)

So - what about the fact that I used a flash drive in this Acer laptop when it was in a state of infection? Can I scan the flash drives on another computer that isn't infected and "clean" it up effectively?

OK, given I've uninstalled Avira and switched my anti-virus to Microsoft, what next?

[SuperDave]

is it somehow wiped the directory and also the two flash drives where I'd backed up files. Now, I may have done this inadvertently without noticing it, but that's pretty unlikely...since it happened on TWO of them

I've never heard of this before. When you delete a file it removes the first letter of the file and allows it to be over-written. The more activity on the device will over-write most of the deleted files. You can use Recuva here to possibly recover those files.

what about the fact that I used a flash drive in this Acer laptop when it was in a state of infection? Can I scan the flash drives on another computer that isn't infected and "clean" it up effectively?

You can try this program or just scan it with MSE.

Flash Disinfector was designed to remove unwanted files including autorun.inf on removable USB drives, flash drives and memory sticks. Use flash disinfector if you cannot access your USB drives, flash drives and memory stick due to modifications done by autorun Worms.
*******************************************************

Please download Flash_Disinfector from HERE
•First, download it to your desktop.

•Now double click it to run it and it will tell you what to do when you open it.
•It will temporarily kill explorer.exe and your desktop will go blank.

•Let Flash_Disinfector do it's job and it will restart explorer.exe for you.

•It will make a dummy autorun.inf in the root of every drive.

•You can now delete Flash_Disinfector.exe.

[an8el]

OK, I uninstalled Avira. Had to re-start to do that.
Downloaded using your link and tried to install Micro Sec Essentials twice, because it appears that I am running into a snag.

It does say that "please uninstall other security programs before installing...blah blah blah...."  And of course I didn't do that because Avira and Baidu were both already gone.

But could it be that MSE doesn't play nicely with the fact Malwarebytes, Security Check and CCleaner, adwarecleaner, Glary Utilities, HiJack This, unhook my rootkit, WinMD5Sum, ...(think that's all of 'em) are installed???

What happens is the program MSE installs, then tries to do its update, and goes on forever while it's in the "searching..." phase of the downloading definitions. It's got itself turned off (the live monitoring) while its doing this.

Any ideas?

Also, I was able to scan the flash drives on the other computer using Avira and then Malwarebytes. Supposedly clean. Then, was also able to add files from the Acer and transfer them to the flash drive (and off to my working newer laptop) without a problem. But the first round of files that had disappeared did not return...and who knows what made them disappear. 

Once I get MSE installed, will try the alternate second solutions with the flash drive. But it's not really necessary to get the files off the flash drive because was able to re-transfer them from the Acer source. Now you have me curious though.

The Acer runs much faster now; only the issue with MSE that makes me think it's not entirely fixed yet and there could still be lurking a vulnerability that will become a problem.

[an8el]

It appeared that the download was faulty; when I re-did the whole process - this time I checked 'scan after updating' everything worked fine. MSD installed without a problem.
Not sure if you wanted me to scan the entire computer as part of the install of MSE, but you mentioned I should scan the flash drives with MSE, so I'm doing that.
Perhaps the glitch in the flash drives could have happened because of heat? They were in my car and it gets hot around here.

What else?
Shall I do a final scan to make sure I'm OK at this point?
Shall I do my Windows updates now?

Also wondering, is there a recommended size of having a full HD for it to begin to slow down? - what is that?
Wanted to know that in case I needed to offload some of the more bulky sound files that might make my HD slower at some point. 

[SuperDave]

Shall I do a final scan to make sure I'm OK at this point?
Shall I do my Windows updates now?

Yes to both questions.

Also wondering, is there a recommended size of having a full HD for it to begin to slow down? - what is that?
Wanted to know that in case I needed to offload some of the more bulky sound files that might make my HD slower at some point. 

You should have 15% free space in order for Windows to run efficiently. You can check this by right-clicking on your C: drive and selecting Properties.