Vista PC intermittently almost non-responsive

[McMelchior]

I've received very good help here a few years back, and I'd be grateful if anybody would help me with my new problem.

My PC is a Dell Inspiron 9400 laptop with 2MB RAM running Vista service pack 2 on a T5200 Core 2 Duo processor.

I'm very close to ditching the computer and getting a new one, not least due to it's old age (4.5 years) but I'm concerned about copying any infected files to a new PC and face the same issues I'm struggling with now.

I don't have a clear indication of virus/malware after scanning multiple times with Zonealarm, Malwarebytes, Trend Micro Housecall, and Superanitspyware, but ever so often the PC will start up and some process will hog all cpu resources and leave the computer close to unresponsive - and the only remedy is to restart, which usually stops the madness.

Frequently the HD seems very busy when there should be no reason for it, and I've not always been able to pin down what caused it (various versions and potentially faulty installations of Zonealarm ISS appear to be partly responsible).

A few weeks ago the un-responsiveness got so out of hand, that I chose to restore the system to the oldests available point, and surprisingly this cleared all symptoms for a day or two - then they slowly but surely returned.

Zonealarm did report finding an unspecified trojan in autorun.inf yesterday, but also claimed to have treated it. I use a usb drive to transfer data to outside computers semi-public computers (university based).

Here's my DDS.txt:

------------------
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Giraffe at 11:16:00 on 2011-07-22
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2046.826 [GMT -4:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\brsvc01a.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\brss01a.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\sttray.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TeamViewer\Version6\tv_w32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Giraffe\Downloads\dds.scr
C:\Windows\system32\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Deposit IE Toolbar: {6aa40521-14e7-4b1d-b1b4-98528c1388c9} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [Google Update] "c:\users\giraffe\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISW]
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
StartupFolder: c:\users\giraffe\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{53a01cc6-14b0-4512-a2e7-10d39bf83dc4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\poker\pokerstars\PokerStarsUpdate.exe
IE: {D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - c:\progra~1\deposi~1\dfmana~1\DEPOSI~1.DLL
Trusted Zone: cnchost.com\register
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} - hxxps://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-27 21504]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-5-30 27016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-3-15 809296]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-4-27 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 B-Service;B-Service;c:\users\giraffe\appdata\roaming\mikogo\B-Service.exe [2009-1-25 185640]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-6 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-27 21504]
S3 PTDUBus;PANTECH UM175 Composite Device Driver ;c:\windows\system32\drivers\PTDUBus.sys [2009-7-5 29824]
S3 PTDUMdm;PANTECH UM175 Drivers;c:\windows\system32\drivers\PTDUMdm.sys [2009-7-5 41344]
S3 PTDUVsp;PANTECH UM175 Diagnostic Port;c:\windows\system32\drivers\PTDUVsp.sys [2009-7-5 39936]
S3 PTDUWWAN;PANTECH UM175 WWAN Driver;c:\windows\system32\drivers\PTDUWWAN.sys [2009-7-5 59776]
S3 pwusbio;Pixelworks USB Driver;c:\windows\system32\drivers\pwusbio.sys [2007-2-17 20641]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-5-30 493184]
.
=============== Created Last 30 ================
.
2011-07-22 12:49:49 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{2fecd652-1317-4d11-87d7-44fcf30aad80}\mpengine.dll
2011-07-13 10:48:16 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-13 10:48:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 10:48:01 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-10 14:49:56 -------- d-----w- c:\users\giraffe\appdata\local\Sun
2011-07-09 17:04:00 388096 ----a-r- c:\users\giraffe\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-08 22:21:29 -------- d-----w- c:\users\giraffe\appdata\roaming\MailFrontier
2011-07-08 22:06:47 -------- d-----w- c:\windows\Internet Logs
2011-07-08 21:57:26 -------- d-----w- c:\users\giraffe\appdata\roaming\CheckPoint
2011-07-08 21:56:08 -------- d-----w- c:\program files\zonealarm_security_suite
2011-07-08 21:37:08 -------- d-----w- c:\program files\CheckPoint
2011-07-08 18:34:52 -------- d-----w- c:\programdata\Kaspersky SDK
2011-07-08 15:47:04 -------- d-----w- c:\programdata\AVG10
2011-07-08 15:38:32 -------- d-----w- c:\program files\AVG
2011-07-08 15:17:50 -------- d--h--w- c:\programdata\Common Files
2011-07-08 15:15:16 -------- d-----w- c:\programdata\MFAData
2011-07-08 15:11:34 -------- d-----w- c:\windows\Internet Logs(203)
2011-07-04 19:53:44 -------- d-----w- c:\program files\common files\Java(3)
2011-06-29 11:12:29 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-25 18:22:35 -------- d-----w- c:\program files\Amazon
2011-06-23 01:19:18 -------- d-----w- c:\program files\Veetle
.
==================== Find3M ====================
.
2011-07-10 14:42:00 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-20 03:07:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-07 21:51:26 451160 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:24:50 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:24:42 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-29 13:24:40 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 11:19:27.46 ===============


Thank you very much for any feedback and help!

Johan

[redcar92]

Hello McMelchior and welcome to the Safernetworking Forums .
I'm RedCar92 and my name is Bill, I'll be glad to help you with your computer problems.

• Please observe these rules while we work:

• Read the entire procedure
• It is important to perform ALL actions in sequence.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Stick with me till you're given the all clear. Malware removal can be stressful but we will clean it.
• Remember, absence of symptoms does not mean the infection is all gone.
• Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperative and could require a full reinstall of your OS, losing all your programs and data.

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")
Stay with this topic until I give you the all clean post.

[McMelchior]

Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advise, this will be a team effort.
This may cause a delay, but I will do my best to keep it as short as possible.

Please bear with me, I will post back to you as soon as I can.

Thank you very much to both you!

I'm standby until I see more instructions from you.

[redcar92]

Greetings McMelchior,

First

• Please download aswMBR ( 511KB ) to your desktop.
• Double click the aswMBR.exe icon to run it
• Click the Scan button to start the scan
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Next
You mentioned that you used a flash memory extensively. These can be great virus carriers. I would recommend this.
Download Flash_Disinfector.exe by sUBs[/b] from HERE and save it to your desktop.

• Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
• The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
• Wait until it has finished scanning and then exit the program.
• Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Or
If you use a flash drive it is recommended that you download and run Panda USB Vaccine from here . Panda USB Vaccine makes sure no viruses embed themselves in the autorun file on your USB drive, so you won't be infected by an autorun virus.

[McMelchior]

Thank you, Bill.

The log is posted at the end of this post.

Download Flash_Disinfector.exe by sUBs[/b] from HERE [...]

Or
[...] download and run Panda USB Vaccine from here

I did run the flash_disinfector with no alerts showing up; I assume since you wrote "OR" that the second suggestion is not needed then?

Again, than you very much for helping me out!

Best,

Johan

aswMBR log:

--------------

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-24 14:49:18
-----------------------------
14:49:18.650 OS Version: Windows 6.0.6002 Service Pack 2
14:49:18.650 Number of processors: 2 586 0xF06
14:49:18.652 ComputerName: GIRAFFE-PC UserName: Giraffe
14:49:31.207 Initialize success
14:51:41.254 AVAST engine defs: 11072401
14:51:56.729 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:51:56.733 Disk 0 Vendor: Hitachi_HTS541616J9SA00 SB4OC74P Size: 152627MB BusType: 3
14:51:56.777 Disk 0 MBR read successfully
14:51:56.782 Disk 0 MBR scan
14:52:01.275 Disk 0 Windows VISTA default MBR code
14:52:01.322 Disk 0 scanning sectors +312578048
14:52:02.142 Disk 0 scanning C:\Windows\system32\drivers
14:52:30.329 Service scanning
14:52:34.648 Modules scanning
14:52:57.463 Disk 0 trace - called modules:
14:52:57.530 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
14:52:57.537 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x88c3b558]
14:52:57.543 3 CLASSPNP.SYS[8b3608b3] -> nt!IofCallDriver -> [0x87dd7bc8]
14:52:57.565 5 acpi.sys[84e976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8707ab98]
14:52:58.912 AVAST engine scan C:\Windows
14:53:08.845 AVAST engine scan C:\Windows\system32
14:56:37.176 AVAST engine scan C:\Windows\system32\drivers
14:56:54.415 AVAST engine scan C:\Users\Giraffe
16:39:32.210 AVAST engine scan C:\ProgramData
16:50:35.585 Scan finished successfully
16:56:58.566 Disk 0 MBR has been saved successfully to "C:\Users\Giraffe\Desktop\MBR.dat"
16:56:58.607 The log file has been saved successfully to "C:\Users\Giraffe\Desktop\aswMBR.txt"


---------------------------------------------------------

[redcar92]

Greetings McMelchior,

I see in your logs that you have Malwarebytes installed on your system.

• Double click on MalwareBytes, mbam.exe to run it.
• If Malwarebytes asks to update click on yes, if you are not asked.
• Click on the Update tab then click on Check for updates.
• After updates finish, click on the Scanner tab. Select Perform quick scan.
• Click on Scan button.
• When finished copy/paste the contents of mbam.txt into your next post please.

Next
Please use Internet Explorer to download and run the following scan: Eset Online Scanner

• Place a check mark in the box YES, I accept the Terms Of Use
• Click the Start button.
• Now click the Install button.
• Click Start. The scanner engine will initialize and update.
• Do Not place a check mark in the box beside Remove found threats.
• Click the Scan button. The scan will now run, please be patient.
• When the scan finishes if there are any infections you will see a List of found threats.
• Click Export to text file
• Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
• If no threats are found there will be no list, this is good, just tell me that no threats were found.

Logs to post:

• mbam.txt
• ESET report if available.