Have had some slowing down issues with this laptop, a trusty Acer Aspire 5532. Had abandoned it for awhile when I was able to use a friend's laptop, but it's gotta get fixed. I live in an off-grid camping-type situation, but right now I'm house-sitting with a reliable Internet access for the next week, so the time is ripe to deal with it.
That is why the dates on the scans are a bit back in the past. I have only sporadically had the consistent, uninterrupted electricity to complete these scans. Nothing has happened on this computer since it has been misbehaving. Fortunately, I'd just done a backup of all files right before I got the virus (- except for video and sound files) because I needed them to use on the alternate computer while traveling - Murphy's law was in my favor this time! Also, I run Baidu alongside Avira because it says Baidu is compatible with Avira, (unlike most virus-scanning software) and offers real-time scanning of flash drives.
OK - So here is what gave me a heads up something was wrong...besides things going too slow, (which made me do that back up because I thought the computer was getting too full to work at speed...thus, the lucky break.) Downloaded a new version of Malwarebytes during a regular update.
When I went to reinstall MalwareBytes, here's what happened:
Internal error: Expression error 'Runtime Error (at 115:260):
MoveFileEx failed; code 5
Access is denied.'
Then extracting files stalled and would not work, until I closed the dialog box.
I ran a scan after the install. While watching, I noticed it was finding viruses, but at the end of the scan it said that nothing had happened?
So I updated Malwarebytes recently, got the same error, but this
So, in the last few days, tried it again. This time the new version installed after the same error message. I wasn't able to sit through the whole scan as I could do for the first round. Again, the result said nothing happened. The first result is from the latest scan, the second result is back in the past when I could spot viruses, but the scan came out "clean."
Anyway, I included the two MBAM files at the end; the most recent first.
# AdwCleaner v5.037 - Logfile created 05/03/2016 at 22:22:35
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1
(x64)
# Username : Franis - ACERTAIN
# Running from : C:\Users\Franis\Downloads\installs\Cleaners
\adwcleaner_5.037.exe
# Option : Clean
# Support :
http://toolslib.net/forum***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\yuna software
[-] Folder Deleted : C:\ProgramData\Partner
***** [ Files ] *****
[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome
\User Data\Default\Local Storage
\hxxp_websearch.about.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome
\User Data\Default\Local Storage
\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Local\Google\Chrome
\User Data\Default\Local Storage
\hxxp_www.dogpile.com_0.localstorage
[-] File Deleted : C:\Users\Franis\AppData\Roaming\Mozilla\Firefox
\Profiles\2c9a767w.default\extensions\jid0-
[email protected][-] File Deleted : C:\Windows\Downloaded Program Files
\popcaploader.inf
[-] File Deleted : C:\Windows\Reimage.ini
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-
FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8
-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface
\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib
\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-
73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows
\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-
73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows
\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-
73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows
\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-
EAD298611484}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID
\{0A93904A-BB1E-4A0C-9753-B57B9AE272CC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface
\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface
\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\yuna software
[-] Key Deleted : HKLM\SOFTWARE\yuna software
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-
CB62727F01CA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Installer\UserData\S-1-5-18\Components
\464AA55239C100F32AF2D438EDDC0F47
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Installer\UserData\S-1-5-18\Components
\5652BA3D5FB98AE31B337BF0AF939856
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows
\CurrentVersion\Installer\UserData\S-1-5-18\Components
\86EB95E1AFCBABE3DB9ECCC669B99494
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer
\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer
\Main [Start Page]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet
Explorer\Main [Start Page]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet
Explorer\Main [Start Page]
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet
Explorer\SearchScopes\{D9E82B08-C735-445D-80CC-
48AACEE16C1B}
***** [ Web browsers ] *****
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles
\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref
("browser.search.defaultenginename", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles
\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref
("browser.search.defaultenginename.US", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles
\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref
("browser.search.selectedEngine", "Ixquick hxxpS");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles
\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref
("browser.startup.homepage", "hxxps://ixquick.com/eng/");
[-] [C:\Users\Franis\AppData\Roaming\Mozilla\Firefox\Profiles
\2c9a767w.default\prefs.js] [Preference] Deleted : user_pref
("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Certainly\AppData\Roaming\Mozilla\Firefox\Profiles
\qgl4j35n.default\prefs.js] [Preference] Deleted : user_pref
("browser.startup.homepage", "hxxps://ixquick.com/eng/");
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data
\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data
\Default\Web Data] [Search Provider] Deleted : ask.com
- [C:\Users\Franis\AppData\Local\Google\Chrome\User Data
\Default\Web Data] [Search Provider] Not Deleted : ixquick.com
[-] [C:\Users\Franis\AppData\Local\Google\Chrome\User Data
\Default\Secure Preferences] [Extension] Deleted :
mcbkbpnkkkipelfledbfocopglifcfmi
[-] [C:\Users\Franis\AppData\Local\Comodo\Dragon\User Data
\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Franis\AppData\Local\Comodo\Dragon\User Data
\Default\Web Data] [Search Provider] Deleted : ask.com
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [5513 bytes] - [05/03/2016
22:22:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5446 bytes] - [05/03/2016
22:08:58]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5659
bytes] ##########
Security check:
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Security Center service is not running!
This report may not be accurate! Windows Firewall Enabled!
Avira Antivirus
Baidu Antivirus
Antivirus out of date! `````````Anti-malware/Other Utilities Check:`````````[/u]
Abexo Free Registry Cleaner
Java 8 Update 40
Java version out of Date! Adobe Reader 9
Adobe Reader out of Date!
Mozilla Firefox (42.0)
Google Chrome 47.0.2526.111
Google Chrome 48.0.2564.116
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````[/u]
Baidu Security Baidu Antivirus 5.4.3.122701.0 BavSvc.exe
Baidu Security Baidu Antivirus 5.4.3.122701.0 bavhm.exe
Baidu Security Baidu Antivirus 5.4.3.122701.0 BavTray.exe
Baidu Security Baidu Antivirus 5.4.3.122701.0 Bav.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````[/u]
Then...the most recent Malwarebytes:
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 5/31/2016
Scan Time: 4:06 PM
Logfile: MBAM an8el on5-31-16.txt
Administrator: Yes
Version: 2.2.1.1043
Malware Database: v2016.06.01.01
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Franis
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398419
Time Elapsed: 1 hr, 9 min, 39 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Now, the Malwarebytes scan where I spotted viruses, but the
result of the scan came out "clean."
Malwarebytes Anti-Malware
www.malwarebytes.orgScan Date: 3/2/2016
Scan Time: 9:23:43 AM
Logfile: 3-2-16-2016FranisAn8el.txt
Administrator: Yes
Version: 2.02.0.1024
Malware Database: v2016.03.02.04
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Franis
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 474410
Time Elapsed: 54 min, 24 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
thanks for your HELP with these mysteries!!!!
Frani