Win 7 malware infection. Extremely slow & unresponsive

[bob_lagoni]

I have a Windows 7 Home machine that seems to be infected (it's been away at college). Machine is very unresponsive, when starting programs and freezes often. I've never seen one this bad. Tried to run malwarebytes but it took over 3 days, so finally cancelled. I was able to run Hijackthis, but it took several tries. I have read other posts, so I have not run any other software to try to resolve this. Would like guidance on the proper steps to restore health of this machine and remove dangerous content/apps. Here is the HJT Log ...

==========Logfile of Trend Micro HijackThis v2.0.5

Scan saved at 9:13:36 PM, on 5/28/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16576)

CHROME: 27.0.1453.94

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe

C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe

C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE

C:\Users\The Joe\Desktop\Virus Fighting Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130312210033.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\The Joe\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\The Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [EPSON NX230 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\THEJOE~1\AppData\Local\Temp\E_S89E.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON NX230 Series (Copy 1)] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\THEJOE~1\AppData\Local\Temp\E_S6CA.tmp" /EF "HKCU"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - Global Startup: McAfee Security Scan Plus.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe

O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 16727 bytes

[Maniac]

Hello bob_lagoni and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Please follow the instructions here and post your log files:

http://forums.malwarebytes.org/index.php?showtopic=9573

[bob_lagoni]

Maniac - sorry for the long delay. Due to some travel and the slow response of the laptop, it took a long while. I followed the instructions in the links for getting started, and was able to run Malwarebytes (using Chameleon) and SuperAntiSpyWare. I do not think any major threats were found. Just cookies and PUP files. I have to run in safe mode with networking, otherwise performance is awful. I ran dds and the log files are below....

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by The Joe at 8:39:37 on 2013-06-04

.

============== Running Processes ================

.

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: {00000000-6E41-4FD3-8538-502F5495E5FC} -

mWinlogon: Userinit = userinit.exe,

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

uRun: [EPSON NX230 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIHLA.EXE /FU "C:\Users\THEJOE~1\AppData\Local\Temp\E_S89E.tmp" /EF "HKCU"

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{05847E50-7288-45C3-8010-079ACF5403B4} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1589A128-701B-4D74-ABF0-2AC25E7C0235} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{1589A128-701B-4D74-ABF0-2AC25E7C0235}\2375942554636363 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck -

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -

x64-SSODL: WebCheck -

.

============= SERVICES / DRIVERS ===============

.

R? AESTFilters;Andrea ST Filters Service

R? AMD External Events Utility;AMD External Events Utility

R? AMD FUEL Service;AMD FUEL Service

R? AtiHDAudioService;AMD Function Driver for HD Audio Service

R? BBSvc;Bing Bar Update Service

R? BBUpdate;BBUpdate

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64

R? CtClsFlt;Creative Camera Class Upper Filter Driver

R? EPSON_EB_RPCV4_04;EPSON V5 Service4(04)

R? EPSON_PM_RPCV4_04;EPSON V3 Service4(04)

R? GamesAppService;GamesAppService

R? MBAMProtector;MBAMProtector

R? MBAMScheduler;MBAMScheduler

R? MBAMService;MBAMService

R? McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service

R? McAfeeFramework;McAfee Framework Service

R? McShield;McAfee McShield

R? McTaskManager;McAfee Task Manager

R? mfeavfk;McAfee Inc. mfeavfk

R? mferkdet;McAfee Inc. mferkdet

R? NAUpdate;Nero Update

R? NOBU;Dell DataSafe Online

R? PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver

R? RoxMediaDB12OEM;RoxMediaDB12OEM

R? RoxWatch12;Roxio Hard Drive Watcher 12

R? RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader

R? SASDIFSV;SASDIFSV

R? SASKUTIL;SASKUTIL

R? SftService;SoftThinks Agent Service

R? Skype C2C Service;Skype C2C Service

R? SkypeUpdate;Skype Updater

R? TsUsbFlt;TsUsbFlt

R? TsUsbGD;Remote Desktop Generic USB Device

R? USBAAPL64;Apple Mobile USB Driver

R? WatAdminSvc;Windows Activation Technologies Service

R? wlcrasvc;Windows Live Mesh remote connections service

S? !SASCORE;SAS Core Service

S? amd_sata;amd_sata

S? amd_xata;amd_xata

S? amdiox64;AMD IO Driver

S? avgtp;avgtp

S? mfehidk;McAfee Inc. mfehidk

S? mfevtp;McAfee Validation Trust Protection Service

S? mfewfpk;McAfee Inc. mfewfpk

S? PxHlpa64;PxHlpa64

S? RTL8167;Realtek 8167 NT Driver

S? usbfilter;AMD USB Filter Driver

.

=============== Created Last 30 ================

.

2013-06-04 10:47:54 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FF6AB11-BAE8-4728-8DD7-14A33B6AC6F2}\offreg.dll

2013-06-04 09:31:37 8199504 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-06-04 09:31:31 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9FF6AB11-BAE8-4728-8DD7-14A33B6AC6F2}\mpengine.dll

2013-06-04 03:13:34 -------- d-----w- C:\Users\The Joe\AppData\Roaming\SUPERAntiSpyware.com

2013-06-04 03:13:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-06-04 03:13:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-06-04 02:34:55 -------- d-----w- C:\QUARANTINE

2013-06-04 01:35:56 -------- d-----w- C:\Program Files\CCleaner

2013-05-27 16:09:51 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-05-27 16:09:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-21 17:14:59 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2013-05-21 17:11:48 -------- d-----w- C:\Program Files\My Dell

2013-05-21 02:15:14 -------- d-----w- C:\Users\The Joe\AppData\Roaming\Malwarebytes

2013-05-21 02:15:03 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-21 02:14:30 -------- d-----w- C:\Users\The Joe\AppData\Local\Programs

2013-05-15 16:58:50 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-05-15 16:58:49 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-05-15 16:58:49 144384 ----a-w- C:\windows\System32\cdd.dll

2013-05-15 16:58:33 1930752 ----a-w- C:\windows\System32\authui.dll

2013-05-15 16:58:31 111448 ----a-w- C:\windows\System32\consent.exe

2013-05-15 16:58:30 1796096 ----a-w- C:\windows\SysWow64\authui.dll

2013-05-15 16:58:29 70144 ----a-w- C:\windows\System32\appinfo.dll

2013-05-15 16:57:39 48640 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-05-15 16:57:39 230400 ----a-w- C:\windows\System32\wwansvc.dll

2013-05-15 16:57:35 78680 ----a-w- C:\windows\System32\mcupdate_AuthenticAMD.dll

2013-05-15 16:57:33 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-05-13 02:18:52 -------- d-sh--w- C:\found.003

.

==================== Find3M ====================

.

2013-05-21 01:07:27 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2013-05-03 01:50:13 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-03 01:50:02 866720 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-05-03 01:50:02 788896 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-05-02 08:13:18 1054720 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe

2013-05-02 08:13:09 226304 ----a-w- C:\windows\System32\elshyph.dll

2013-05-02 08:13:09 185344 ----a-w- C:\windows\SysWow64\elshyph.dll

2013-05-02 08:13:07 158720 ----a-w- C:\windows\SysWow64\msls31.dll

2013-05-02 08:13:05 719360 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll

2013-05-02 08:13:04 150528 ----a-w- C:\windows\SysWow64\iexpress.exe

2013-05-02 08:13:04 138752 ----a-w- C:\windows\SysWow64\wextract.exe

2013-05-02 08:13:03 523264 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-05-02 08:13:01 137216 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-05-02 08:13:00 38400 ----a-w- C:\windows\SysWow64\imgutil.dll

2013-05-02 08:13:00 12800 ----a-w- C:\windows\SysWow64\mshta.exe

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-03-25 18:05:55 77212 ----a-w- C:\Users\The Joe\Uninstall.exe

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

2013-03-07 23:47:12 1189888 ----a-w- C:\Users\The Joe\npAmazonMP3DownloaderPlugin101799.dll

2013-03-07 22:19:40 5743616 ----a-w- C:\Users\The Joe\AmazonMP3Downloader.exe

.

============= FINISH: 9:25:21.55 ===============

.

==== Installed Programs ======================

.

Accidental Damage Services Agreement

Adobe AIR

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Aleks 3.18

Amazon MP3 Downloader 1.0.17

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Ask Toolbar

ATI AVIVO64 Codecs

Banctec Service Agreement

Bejeweled 2 Deluxe

Bing Bar

Blackhawk Striker 2

Blio

Bonjour

Bounce Symphony

Build-a-lot 2

Cake Mania

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Chuzzle Deluxe

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

Cozi

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell MusicStage

Dell PhotoStage

Dell Product Registration

Dell Stage

Dell Stage Remote

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dell Wireless Driver Installation

Diner Dash 2 Restaurant Rescue

DirectX 9 Runtime

Dora's World Adventure

eBay

EPSON NX230 Series Printer Uninstall

Escape Whisper Valley

Facebook Video Calling 1.2.0.287

Farm Frenzy

FATE

Final Drive Fury

Final Drive Nitro

Google Chrome

Google Earth

Google Update Helper

IDT Audio

iTunes

Java 7 Update 21

Java Auto Updater

Java 7 Update 1 (64-bit)

Jewel Quest

Jewel Quest Solitaire 2

Junk Mail filter update

Luxor

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee Agent

McAfee SiteAdvisor Enterprise

McAfee VirusScan Enterprise

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

My Dell

Namco All-Stars PAC-MAN

Nero 10 Movie ThemePack Basic

Nero Blu-ray Player

Nero Control Center 10

Nero ControlCenter 10 Help (CHM)

Nero Core Components 10

Nero Update

Penguins!

PhotoShowExpress

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Premium Service Agreement

QualxServ Service Agreement

Quickset64

RBVirtualFolder64Inst

Realtek Ethernet Controller Driver

Realtek USB 2.0 Card Reader

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Samantha Swift

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 5.10

Sonic CinePlayer Decoder Pack

SUPERAntiSpyware

SyncUP

Trader's Little Helper 2.7.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Virtual Villagers 4 - The Tree of Life

Visual Studio 2008 x64 Redistributables

Wedding Dash - Ready, Aim, Love!

WildTangent Games

WildTangent Games App (Dell Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zinio Reader 4

Zuma Deluxe

.

==== End Of File ===========================

[Maniac]

Step 1

Please uninstall this application: Ask Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 3

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

Step 4

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• AdwCleaner log
  
• RogueKiller log

[bob_lagoni]

Maniac - thanks. I could not uninstall Ask Toolbar. It gives me Error 2738. Could not access VBScript run time for custom action.

I assume I should get started on the other actions?

[Maniac]

Yes, please proceed.

[bob_lagoni]

when I start JRT it opens a DOS window and appears as a process in Task Manager, but then it drops from Task Manager and there is no sign that it is running

[Maniac]

Okay, please proceed with step 3.

[bob_lagoni]

My fault - I had to run as administrator. Thanks for your help on this problem -

Here are the logs....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by The Joe on Wed 06/05/2013 at 8:56:32.37

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\igearsettings

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] "hkey_current_user\software\apn"

Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ask"

Successfully deleted: [Folder] "C:\Users\The Joe\appdata\locallow\asktoolbar"

Successfully deleted: [Folder] "C:\windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 06/05/2013 at 9:06:44.91

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v2.301 - Logfile created 06/05/2013 at 09:16:10

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : The Joe - THE_JOE

# Boot Mode : Normal

# Running from : C:\Users\The Joe\Desktop\Virus Fighting Tools\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\The Joe\Uninstall.exe

Folder Deleted : C:\Users\The Joe\AppData\Local\APN

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\The Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3027 octets] - [05/06/2013 09:16:10]

########## EOF - C:\AdwCleaner[s1].txt - [3087 octets] ##########

[Maniac]

Good!

Please post your log from step 4.

[bob_lagoni]

Maniac - I tried several times to run RogueKiller (64 and regular versions) It would run, but not complete. I was not connected to the internet, since virus protections are off. Each time I ran it it gave a message "Checking (or searching?) for RUN..." I let it run overnight, and the text in the RK user interface switched to some unrecognizable characters. It may have completed, but I did not see any results and could not tell what buttons to push next. Please advise on next step or what I am doing wrong. Also, Windows now says I have an invalid copy. Overall, machine is more responsive, but still boots very slowly and often hangs.

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[bob_lagoni]

Maniac,

Thanks. I was able to run ComboFix. Computer is still very slow to boot up and often very slow to open File Explorer or other simple programs (I am only opening what is absolutely necessary. I did find that IE no longer works. It starts and goes to my Google homepage, but then it will not open any other page i have tried (malwarebytes, yahoo, cnn, etc.) I am now using Chrome, which seems ok and seems to be responsive/normal.

Here is the ComboFix log file.

ComboFix 13-06-08.01 - The Joe 06/08/2013 11:49:56.1.2 - x64

Running from: c:\users\The Joe\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll

c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll

c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll

c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll

c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll

c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll

c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))

.

.

2013-06-08 17:12 . 2013-06-08 17:12 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-08 16:49 . 2013-06-08 16:49 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA67435-2ED3-4F46-8455-AA7B585554B7}\offreg.dll

2013-06-08 16:33 . 2013-05-14 06:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EA67435-2ED3-4F46-8455-AA7B585554B7}\mpengine.dll

2013-06-05 13:56 . 2013-06-05 13:56 -------- d-----w- c:\windows\ERUNT

2013-06-05 11:27 . 2013-06-05 13:56 -------- d-----w- C:\JRT

2013-06-04 03:13 . 2013-06-04 03:13 -------- d-----w- c:\users\The Joe\AppData\Roaming\SUPERAntiSpyware.com

2013-06-04 03:13 . 2013-06-04 03:13 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-06-04 03:13 . 2013-06-04 03:13 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-06-04 02:34 . 2013-06-04 02:34 -------- d-----w- C:\QUARANTINE

2013-06-04 01:35 . 2013-06-04 01:35 -------- d-----w- c:\program files\CCleaner

2013-05-27 16:09 . 2013-05-27 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-27 16:09 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-21 17:14 . 2013-05-21 17:14 -------- d-----w- c:\programdata\PC-Doctor for Windows

2013-05-21 17:11 . 2013-05-21 17:15 -------- d-----w- c:\program files\My Dell

2013-05-21 02:15 . 2013-05-21 02:15 -------- d-----w- c:\users\The Joe\AppData\Roaming\Malwarebytes

2013-05-21 02:15 . 2013-05-21 02:15 -------- d-----w- c:\programdata\Malwarebytes

2013-05-21 02:14 . 2013-05-21 02:14 -------- d-----w- c:\users\The Joe\AppData\Local\Programs

2013-05-15 16:58 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 16:58 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 16:58 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 16:58 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 16:58 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 16:58 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 16:58 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 16:58 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 16:58 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 16:57 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 16:57 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 16:57 . 2013-04-01 06:03 78680 ----a-w- c:\windows\system32\mcupdate_AuthenticAMD.dll

2013-05-15 16:57 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-13 02:18 . 2013-05-13 02:18 -------- d-----w- C:\found.003

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-21 01:07 . 2012-09-04 08:27 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-14 00:16 . 2010-06-24 17:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-03 01:50 . 2013-05-03 01:50 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-03 01:50 . 2012-09-03 07:40 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-05-03 01:50 . 2012-03-07 11:20 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-02 08:13 . 2013-05-02 08:13 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-05-02 08:13 . 2013-05-02 08:13 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-05-02 08:13 . 2013-05-02 08:13 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-05-02 08:13 . 2013-05-02 08:13 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-05-02 08:13 . 2013-05-02 08:13 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-05-02 08:13 . 2013-05-02 08:13 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-05-02 08:13 . 2013-05-02 08:13 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-05-02 08:13 . 2013-05-02 08:13 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-05-02 08:13 . 2013-05-02 08:13 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-05-02 08:13 . 2013-05-02 08:13 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-05-02 08:13 . 2013-05-02 08:13 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-05-02 08:12 . 2013-05-02 08:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-05-02 08:12 . 2013-05-02 08:12 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-05-02 08:12 . 2013-05-02 08:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-05-02 08:12 . 2013-05-02 08:12 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-05-02 08:12 . 2013-05-02 08:12 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-05-02 08:12 . 2013-05-02 08:12 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-05-02 08:12 . 2013-05-02 08:12 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-05-02 08:12 . 2013-05-02 08:12 197120 ----a-w- c:\windows\system32\msrating.dll

2013-05-02 08:12 . 2013-05-02 08:12 216064 ----a-w- c:\windows\system32\msls31.dll

2013-05-02 08:12 . 2013-05-02 08:12 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-05-02 08:12 . 2013-05-02 08:12 441856 ----a-w- c:\windows\system32\html.iec

2013-05-02 08:12 . 2013-05-02 08:12 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-05-02 08:12 . 2013-05-02 08:12 81408 ----a-w- c:\windows\system32\icardie.dll

2013-05-02 08:12 . 2013-05-02 08:12 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-05-02 08:12 . 2013-05-02 08:12 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-05-02 08:12 . 2013-05-02 08:12 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-05-02 08:12 . 2013-05-02 08:12 235008 ----a-w- c:\windows\system32\url.dll

2013-05-02 08:12 . 2013-05-02 08:12 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-05-02 08:12 . 2013-05-02 08:12 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-05-02 08:12 . 2013-05-02 08:12 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-05-02 08:12 . 2013-05-02 08:12 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-02 08:12 . 2013-05-02 08:12 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-05-02 08:12 . 2013-05-02 08:12 102912 ----a-w- c:\windows\system32\inseng.dll

2013-05-02 08:12 . 2013-05-02 08:12 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-05-02 08:12 . 2013-05-02 08:12 144896 ----a-w- c:\windows\system32\wextract.exe

2013-05-02 08:12 . 2013-05-02 08:12 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-05-02 08:12 . 2013-05-02 08:12 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-02 08:12 . 2013-05-02 08:12 149504 ----a-w- c:\windows\system32\occache.dll

2013-05-02 08:12 . 2013-05-02 08:12 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-05-02 08:12 . 2013-05-02 08:12 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-05-02 08:12 . 2013-05-02 08:12 13824 ----a-w- c:\windows\system32\mshta.exe

2013-05-02 08:12 . 2013-05-02 08:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-05-02 08:12 . 2013-05-02 08:12 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-05-02 08:12 . 2013-05-02 08:12 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-05-02 08:12 . 2013-05-02 08:12 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-05-02 08:12 . 2013-05-02 08:12 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-05-02 08:12 . 2013-05-02 08:12 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-05-02 08:12 . 2013-05-02 08:12 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 16:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 16:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 16:58 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 16:58 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 16:58 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 16:58 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-23 22:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-19 06:04 . 2013-04-10 18:27 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 18:27 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 18:27 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 18:27 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 18:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 18:27 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-06 336384]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2011-08-04 4165440]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-06-08 15:14 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-06-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883224033-3639652784-97388144-1001Core.job

- c:\users\The Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-17 06:01]

.

2013-06-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883224033-3639652784-97388144-1001UA.job

- c:\users\The Joe\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-11-17 06:01]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 18:02]

.

2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 18:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]

"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-Amazon MP3 Downloader - c:\users\The Joe\Uninstall.exe

AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]

"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-08 12:20:38

ComboFix-quarantined-files.txt 2013-06-08 17:20

.

Pre-Run: 342,209,478,656 bytes free

Post-Run: 342,057,521,152 bytes free

.

- - End Of File - - 4333E1D522155DE2FAB8F885319072C1

I appreciate the help. Regards!

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[bob_lagoni]

<p>Maniac - apologies - ESET took 2 days to run.  Log file is below.  Also, i remained connected to the internet during the scan, because i was not sure if i could disconnect.  I am NOT sure if I have antivirus working or installed at this point,  Please let me know if i should be doing something to install AV software or anything else while connected to the internet.  It is obviously a concern.  Thanks again....</p>

<p> </p>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bk1<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/HiddenStart.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Users\The Joe\Downloads\ARO2013_tbt.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask.C application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Users\The Joe\Downloads\GraboidVideoSetup-3.31.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Graboid application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Users\The Joe\Downloads\movie_player.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallIQ application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div>C:\Users\The Joe\Downloads\VaudiX.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/InstalleRex.C application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>

<div> </div>

[Maniac]

How are thigns now?

[bob_lagoni]

I have not restarted the machine, as i am now traveling. I will be back very late tonight and will check. I do not think I have an anti-virus installed. Should i install the McAfee AntiVirus software that i have? I have the clean software to reinstall. I think it may already be uninstalled. Wil you please give me direction on this? i am concerned that the machine is not protected when it is connected to the internet.

[Maniac]

You are free to choose any antivirus solution. Take a look here:

http://users.telenet.be/bluepatchy/miekiemoes/Links.html#AntiVirus%20Scanners

Install, update and perform a full system scan. Let me know.

[bob_lagoni]

Maniac, I rebooted the machine and it is still very slow. It takes 3-5 minutes for Explorer to open. Booting takes a very long time after the desktop first appears. i installed the McAfee Virus Scan provided by University of Illinois while my son was a college. it installed, but then cannot be "enabled". The option to enable is grayed out in Windows Action Center. I believe i may still have the "infection", since McAfee will not run. So i am running Malwarebytes again to see if it finds anything - however it took 2 days when i ran it last. Please let me know what you recommend.

[Maniac]

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

[bob_lagoni]

Maniac, I ran MBAR - and no threats were found. I ran it twice and restarted each time. I have included the BOTH SETS of logs in this message.

A couple of other updates to system status....

• I installed McAfee and figured out how to "Enable" it. Seems to be "Enabled", although i still wonder if McAfee is "healthy", because it took 2-3 tries to update it and it seems to be the last thing to start when i reboot the machine.
  
• Windows IE does NOT respond. When i type a URL in the address bar, nothing happens. (Maybe because i have so many add-ons disabled?)
  
• Chrome still seems to work fine.
  
• Reboot time still is several minutes, and machine is better, but still slow opening Explorer, Task Mgr, etc. Also slow when right-clicking on a file to rename or copy it.
  

Thanks again for your help. Will make donation.

FIRST SET OF LOGS

.

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.15.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16618

The Joe :: THE_JOE [administrator]

6/15/2013 7:49:47 PM

mbar-log-2013-06-15 (19-49-47).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 241988

Time elapsed: 8 hour(s), 15 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.646000 GHz

Memory total: 3871363072, free: 2900635648

Initializing...

------------ Kernel report ------------

06/15/2013 19:49:38

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amdsata.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\DRIVERS\amd_sata.sys

\SystemRoot\system32\DRIVERS\amd_xata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\windows\system32\drivers\mbam.sys

\SystemRoot\system32\drivers\mfeapfk.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\WINDOWS\System32\ntdll.dll

\WINDOWS\System32\smss.exe

\WINDOWS\System32\apisetschema.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa800421e590

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa800407c3e0

Lower Device Driver Name: \Driver\amd_sata\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa800421e590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800421f040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800421e590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004080ac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa800407c3e0, DeviceName: \Device\0000007e\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EA8C260F

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 206848 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30926848 Numsec = 945844272

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_206848_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

=================================

SECOND SET OF LOGS (from mbar)

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.15.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

The Joe :: THE_JOE [administrator]

6/15/2013 9:04:01 AM

mbar-log-2013-06-15 (09-04-01).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 241774

Time elapsed: 6 hour(s), 12 minute(s), 10 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.646000 GHz

Memory total: 3871363072, free: 2777817088

Downloaded database version: v2013.06.15.03

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

06/15/2013 09:03:51

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\compbatt.sys

\SystemRoot\system32\drivers\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\amdsata.sys

\SystemRoot\system32\drivers\storport.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\DRIVERS\amd_sata.sys

\SystemRoot\system32\DRIVERS\amd_xata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\drivers\mfehidk.sys

\SystemRoot\System32\Drivers\PxHlpa64.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\mfewfpk.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbfilter.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\athrx.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\amdppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\AtihdW76.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\stwrt64.sys

\SystemRoot\system32\drivers\mfeavfk.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amd_sata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\Device\mfehidk01.sys

\Device\mfeavfk01.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\WINDOWS\System32\ntdll.dll

\WINDOWS\System32\smss.exe

\WINDOWS\System32\apisetschema.dll

\WINDOWS\System32\autochk.exe

\WINDOWS\System32\nsi.dll

\WINDOWS\System32\kernel32.dll

\WINDOWS\System32\sechost.dll

\WINDOWS\System32\user32.dll

\WINDOWS\System32\oleaut32.dll

\WINDOWS\System32\comdlg32.dll

\WINDOWS\System32\urlmon.dll

\WINDOWS\System32\msctf.dll

\WINDOWS\System32\lpk.dll

\WINDOWS\System32\wininet.dll

\WINDOWS\System32\Wldap32.dll

\WINDOWS\System32\difxapi.dll

\WINDOWS\System32\msvcrt.dll

\WINDOWS\System32\ole32.dll

\WINDOWS\System32\ws2_32.dll

\WINDOWS\System32\usp10.dll

\WINDOWS\System32\rpcrt4.dll

\WINDOWS\System32\shlwapi.dll

\WINDOWS\System32\psapi.dll

\WINDOWS\System32\shell32.dll

\WINDOWS\System32\gdi32.dll

\WINDOWS\System32\iertutil.dll

\WINDOWS\System32\imagehlp.dll

\WINDOWS\System32\advapi32.dll

\WINDOWS\System32\setupapi.dll

\WINDOWS\System32\normaliz.dll

\WINDOWS\System32\clbcatq.dll

\WINDOWS\System32\imm32.dll

\WINDOWS\System32\KernelBase.dll

\WINDOWS\System32\devobj.dll

\WINDOWS\System32\api-ms-win-downlevel-version-l1-1-0.dll

\WINDOWS\System32\crypt32.dll

\WINDOWS\System32\comctl32.dll

\WINDOWS\System32\cfgmgr32.dll

\WINDOWS\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\WINDOWS\System32\wintrust.dll

\WINDOWS\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\WINDOWS\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\WINDOWS\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\WINDOWS\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\WINDOWS\System32\msasn1.dll

\WINDOWS\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80045de060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007e\

Lower Device Object: 0xfffffa800411d060

Lower Device Driver Name: \Driver\amd_sata\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80045de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80045dd110, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80045de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004121040, DeviceName: Unknown, DriverName: \Driver\amd_xata\

DevicePointer: 0xfffffa800411d060, DeviceName: \Device\0000007e\, DriverName: \Driver\amd_sata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: EA8C260F

Partition information:

Partition 0 type is Other (0xde)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 206848 Numsec = 30720000

Partition file system is NTFS

Partition is bootable

Partition 2 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 30926848 Numsec = 945844272

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_206848_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

.

[Maniac]

Now you should run the fixdamage.exe application, located in the same MBAR directory as mbar.exe. Clicking on fixdamage.exe will open the console application and request confirmation to apply any fixes to the operating system. Input “Y” to being the fix. After the fix is complete, it will request you to restart the system again.

Next, reset your Internet Explorer settings and let me know.

http://support.microsoft.com/kb/923737

[bob_lagoni]

^{Machine is taking more than 10 minutes to boot. Not sure why - perhaps due to changes or repairs? In any case, when resetting IE to Default Settings, it consistently failed (only a red x in the dialog box. there was a quick flash of what looked like a DOS box that appeared and then closed. Could not ready it - as it was too fast. I rebooted. Again took a very long time. Now message at bottom of Desktop says "Windows 7 Build 7601 This copy of Windows is not Genuine." It feels like performance is better in many ways, but still don't think I am quite there.}

[Maniac]

"Windows 7 Build 7601 This copy of Windows is not Genuine."

Please activate your Windows 7 before we proceed further.

[bob_lagoni]

Windows is Activated.   Shut down and re-started.  Still seems slow to reboot.  Gets the desktop open within about 1 minute, but then takes 4 minutes or more to load Dell Touchpad, Dell Stage Remote, and McAfee.  After that, took over 1 minute to start Task Manager (looked like it was busy doing something else, perhap related to McAfee, as the icon appeared in system tray.  I tried to start Windows Explorer, and it did not start.  As i wait, if the mouse is in the taskbar, then it shows a "working" symbol (the little blue ring). I waited 10 minutes and Windows Explorer finally started. Performance seems much more nomal now...  I tried to reset Internet Explorer again.  It successfully executes the first 2 steps (checkmarks), but the same "DOS window flashes up and then the IE Advanced Settings/Reset dialog box shows a red X by "Default Settings" and then executes the last step (checkmark).  I don't know if that's what i should expect there or not.