This program [Avast] is blocked by group policy. For more information contact..

[TwinHeadedEagle]

Do you have MCShield running on this PC?

[REDACTED]

Yes:  you (reply #14) and Michael (reply #12) told me to install it at the bottom of p1 of this thread.

[TwinHeadedEagle]

Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Make sure that Addition option is checked.
  
• Press Scan button and wait.
  
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
  

Please include their content into your next reply.

[REDACTED]

Thanks for the reply, TwinHeadedEagle.

Attached, you should find the two files you requested.

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
  
• Press the Fix button just once and wait.
  
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.
  

Please attach it to your reply.

[REDACTED]

Thanks, once again, TwinHeadedEagle.  Attached, you should find fixlog.txt, as requested.  Let me know what I should do next.  I tried copying some files onto my external hard drive last night.  It transferred the files rather slowly (~1Mb per sec), but did not disappear or become inaccessible...

[TwinHeadedEagle]

Good. Keep me updated, PC is clean.

[REDACTED]

Hi, TwinHeadedEagle,
This is an attempt to keep you updated.

I’m glad to say that my computer appears to have stopped filling up external drives with spurious links and shortcuts.
However, it’s slow, sometimes very slow.  It speeds up briefly, after cleaning, but it’s as if there’s something that quickly clogs up the memory.

Might it be something to do with the following?
•   C:\Windows\SysWOW64\wpcmig.dll
•   C:\Windows\SysWOW64\wpcumi.dll
They always appear as ‘Broken CLSIDs’ when I clean the Registry.

Svchost.exe is often the process taking up the largest part of the memory (from time to time – when things are bad) and the relevant Services Group is usually ‘netsvcs’ or ‘LocalSystemNetworkRestricted’.

Anyway, I attach two files, the results of scanning with Farbar Recovery Scan Tool. 

Avast is running as is MCShield:  neither has sent any warning signals.

Best wishes, and thanks for your help.

[TwinHeadedEagle]

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

[REDACTED]

Thanks TwinHeadedEagle.
The link you provided didn't work.  I have therefore downloaded Combofix from here:

http://www.bleepingcomputer.com/download/combofix/dl/12/

Let me know if this is a bad idea, or it's OK, I'll run Combofix in the way you suggest.

[Pondus]

Bleepingcomputer is OK   

[REDACTED]

Well, TwinHeadedEagle, attached, you should find the file from Combofix - combofix.txt.

I hope that it gives you the information you need!

Incidentally, the links in your message about how to disable AntiSpyware and Antivirus don't work (at least, not for me)...

[TwinHeadedEagle]

Your PC is clean.

[Michael (alan1998)]

Thanks TwinHeadedEagle.
The link you provided didn't work.  I have therefore downloaded Combofix from here:

http://www.bleepingcomputer.com/download/combofix/dl/12/

Let me know if this is a bad idea, or it's OK, I'll run Combofix in the way you suggest.

the DL is the same actually. Twins links didn't work because there were two (')'s at the end (and beginning)