Running Slow; Spyware? My Logs

[The Sandman]

Hello,

My computer is running very slowly. E-mail hangs. Youtube hangs. I figured I would see if it is malware/spyware.

Could someone please look at my logs and advise? Files attached

Edit: Placing log contents directly in post. Sorry.

AdwCleaner Log:

# AdwCleaner v3.018 - Report created 15/02/2014 at 14:46:16
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Tace - IAHOME
# Running from : C:\Users\Tace\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
File Deleted : C:\Windows\system32\ImhxxpComm.dll

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskPIP_FF__RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\performersoft llc
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKLM\Software\SimplyGen
Key Deleted : HKLM\Software\YourFileDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\ian\AppData\Roaming\Mozilla\Firefox\Profiles\y3dcq5hn.default\prefs.js ]


[ File : C:\Users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.installDate", "2012110421");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.partnerId", "^XP^xdm345^S03635^us");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.partnerSubId", "38885");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.installation.toolbarId", "C37F6D35-C341-43C8-91A7-E4CB4F8F9DD6");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.lastActivePing", "1352111842541");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members _.weather.location", "30301");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstal led", "[email protected]");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsLi st", "PageRage,PageRageGlobal,Buzzdock,BuzzdockTease,SanitySwitch,PageRage,PageRageGlobal,");
Line Deleted : user_pref("extentions.y2layers.installId", "1faadb86-a2f3-43d0-bf95-9b915f9f9d04");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 371111);

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4562 octets] - [15/02/2014 14:30:30]
AdwCleaner[R1].txt - [4622 octets] - [15/02/2014 14:40:02]
AdwCleaner[S0].txt - [4631 octets] - [15/02/2014 14:46:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4691 octets] ##########



mbam log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.15.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Tace :: IAHOME [administrator]

2/15/2014 3:25:37 PM
mbam-log-2014-02-15 (15-25-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253032
Time elapsed: 1 hour(s), 27 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Checkup Log:

 Results of screen317's Security Check version 0.99.79 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````[/u]
 Windows Security Center service is not running! This report may not be accurate!
GFI Software VIPRE   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````[/u]
 SpywareBlaster 5.0   
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner     
 Java 7 Update 45 
 Java version out of Date!
 Adobe Flash Player    11.9.900.170 
 Adobe Reader XI 
 Mozilla Firefox (27.0.1)
 Google Chrome 32.0.1700.102 
 Google Chrome 32.0.1700.107 
 Google Chrome 32.0.1700.76 
````````Process Check: objlist.exe by Laurent````````[/u] 
 Malwarebytes Anti-Malware mbam.exe 
`````````````````System Health check`````````````````[/u]
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````[/u]

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Did it just start running slowly or was it always slow? Have you made an changes to your computer before this happened?

Please download Junkware Removal Tool to your desktop.

•Warning! Once the scan is complete JRT will shut down your browser with NO warning.

•Shut down your protection software now to avoid potential conflicts.

•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete depending on your system's specifications.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Copy and Paste the JRT.txt log into your next message.
*****************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

• Be sure to print out and follow the instructions provided on that same page for performing a scan.
• Caution: This is a beta version so also read the disclaimer and back up all your data before using.
  
• When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
  
• Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
• Copy and paste the contents of these two log files in your next reply.

[The Sandman]

Hello Dave,

You asked, "Did it just start running slowly or was it always slow? Have you made an changes to your computer before this happened?"

My computer has not always run this slowly. As for changes, I have put programs on and such. I don't change the registry excepting if I run an anti-virus program and it effects the registry. Any changes I make I would consider non techy type changes.

Here are the requested logs:

Junk Removal Tool:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Starter x86
Ran by Tace on Mon 02/17/2014 at 18:57:46.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 02/17/2014 at 19:09:59.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Mbar:

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2013.10.02.12

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Tace :: IAHOME [administrator]

3/5/2014 10:50:57 AM
mbar-log-2014-03-05 (10-50-57).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 225699
Time elapsed: 35 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[SuperDave]

When you mention running slowly do you mean slowly overall or is the one aspect that is slow?

Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[The Sandman]

Dave,

by slow, I mean that videos don't want to load or buffer quickly if at all. My mail loads slowly, and I now have to run t in an older HTML mode.

Please review my ComboFix log below:

ComboFix 14-03-05.01 - Tace 03/08/2014  18:16:18.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.1.1033.18.1012.246 [GMT -5:00]
Running from: c:\users\Tace\Desktop\ComboFix.exe
AV: GFI Software VIPRE *Disabled/Outdated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
FW: GFI Software VIPRE *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
SP: GFI Software VIPRE *Disabled/Outdated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ian\31415927.bat
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-09 to 2014-03-09  )))))))))))))))))))))))))))))))
.
.
2014-03-08 23:48 . 2014-03-08 23:48   --------   d-----w-   c:\users\Public\AppData\Local\temp
2014-03-08 23:48 . 2014-03-08 23:48   --------   d-----w-   c:\users\ian\AppData\Local\temp
2014-03-08 23:48 . 2014-03-08 23:48   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-02-23 20:13 . 2014-03-05 16:43   --------   d-----w-   c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-23 20:13 . 2014-03-05 15:50   107224   ----a-w-   c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-23 19:54 . 2014-03-05 15:49   75480   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2014-02-22 17:02 . 2014-02-22 17:02   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2014-02-22 17:01 . 2014-02-22 17:01   --------   d-----w-   c:\program files\Java
2014-02-16 17:27 . 2014-02-16 17:27   --------   d-----w-   c:\windows\ERUNT
2014-02-15 19:29 . 2014-02-15 19:49   --------   d-----w-   C:\AdwCleaner
2014-02-15 19:00 . 2014-02-15 19:00   --------   d-----w-   c:\program files\CCleaner
2014-02-14 23:26 . 2013-12-06 02:02   2048   ----a-w-   c:\windows\system32\msxml3r.dll
2014-02-14 23:26 . 2013-12-06 02:02   1237504   ----a-w-   c:\windows\system32\msxml3.dll
2014-02-14 23:08 . 2014-02-06 09:23   469504   ----a-w-   c:\program files\Internet Explorer\ieinstal.exe
2014-02-14 23:08 . 2014-02-06 22:24   808152   ----a-w-   c:\program files\Internet Explorer\iexplore.exe
2014-02-14 23:08 . 2014-02-06 09:09   1964032   ----a-w-   c:\windows\system32\inetcpl.cpl
2014-02-14 23:08 . 2014-02-06 09:25   4244480   ----a-w-   c:\windows\system32\jscript9.dll
2014-02-14 22:42 . 2013-12-24 23:09   1987584   ----a-w-   c:\windows\system32\d3d10warp.dll
2014-02-14 22:42 . 2013-11-26 08:16   3419136   ----a-w-   c:\windows\system32\d2d1.dll
2014-02-14 22:42 . 2013-12-04 02:03   428032   ----a-w-   c:\windows\system32\secproc.dll
2014-02-14 22:42 . 2013-12-04 01:54   572416   ----a-w-   c:\windows\system32\RMActivate.exe
2014-02-14 22:42 . 2013-12-04 02:03   87040   ----a-w-   c:\windows\system32\secproc_ssp.dll
2014-02-14 22:42 . 2013-12-04 01:54   510976   ----a-w-   c:\windows\system32\RMActivate_ssp.exe
2014-02-14 22:41 . 2013-12-04 02:03   423936   ----a-w-   c:\windows\system32\secproc_isv.dll
2014-02-14 22:41 . 2013-12-04 01:54   594944   ----a-w-   c:\windows\system32\RMActivate_isv.exe
2014-02-14 22:41 . 2013-12-04 02:03   87040   ----a-w-   c:\windows\system32\secproc_ssp_isv.dll
2014-02-14 22:41 . 2013-12-04 01:54   508928   ----a-w-   c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-14 22:41 . 2013-12-04 02:02   390144   ----a-w-   c:\windows\system32\msdrm.dll
2014-02-14 22:40 . 2013-12-21 08:56   454656   ----a-w-   c:\windows\system32\vbscript.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-23 01:01 . 2012-05-07 21:39   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2014-02-23 01:01 . 2011-09-03 21:38   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54   131248   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54   131248   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54   131248   ----a-w-   c:\users\Tace\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-21 20549280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-11 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-02-23 715368]
"SBAMTray"="c:\program files\GFI Software\VIPRE\SBAMTray.exe" [2011-12-19 3050352]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-01-02 295072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tace\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
HP SimpleSave Monitor.lnk - c:\users\Tace\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [2012-10-9 477080]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2011-3-24 704104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tace^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PersonalBrain.lnk]
path=c:\users\Tace\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PersonalBrain.lnk
backup=c:\windows\pss\PersonalBrain.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57   959904   ----a-w-   c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2010-09-17 23:10   407920   ----a-w-   c:\program files\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2010-09-17 23:10   201584   ----a-w-   c:\program files\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-27 02:49   136176   ----atw-   c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2010-11-06 06:54   283160   ----a-w-   c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2011-03-14 11:44   1081424   ----a-w-   c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2011-02-11 06:06   10025576   ------w-   c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-10-21 20:27   20549280   ----a-r-   c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-09-28 02:00   340336   ----a-w-   c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 14:16   254336   ----a-w-   c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-02 19:17   295072   ----a-w-   c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 BackupService;BackupService;c:\users\Tace\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [2010-07-01 83512]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-21 227904]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-02-06 108032]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [2011-09-29 94584]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2011-12-19 93816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-03-24 19304]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-03-24 16744]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-03-24 62048]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2011-12-19 223864]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-10-26 101112]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-01-03 1363616]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-01-03 1748640]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-02-23 739944]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-01-13 1751656]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SBAMSvc;VIPRE Internet Security;c:\program files\GFI Software\VIPRE\SBAMSvc.exe [2011-12-19 3289032]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [2011-11-29 77816]
S2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\VIPRE\SBPIMSvc.exe [2011-12-19 173424]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 250984]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-12-28 327784]
S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [2011-09-29 94584]
S3 sbwtis;sbwtis;c:\windows\system32\DRIVERS\sbwtis.sys [2011-12-19 72312]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 583848]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 197800]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 24232]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 20136]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-05 15:25   1150280   ----a-w-   c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 01:01]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 18:03]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-15 18:03]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000Core.job
- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1000UA.job
- c:\users\ian\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 03:19]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001Core.job
- c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2157684311-2705143710-353330419-1001UA.job
- c:\users\Tace\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-27 02:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Tace\AppData\Roaming\Mozilla\Firefox\Profiles\wrvm8laa.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-08  19:08:00
ComboFix-quarantined-files.txt  2014-03-09 00:07
ComboFix2.txt  2012-12-26 23:00
.
Pre-Run: 181,847,261,184 bytes free
Post-Run: 182,575,480,832 bytes free
.
- - End Of File - - 260B439EA9FFFFEA6749E9C16DE8CB7B
A36C5E4F47E84449FF07ED3517B43A31

Thank you

[SuperDave]

Let's check your internet speed.

Please download MiniToolBox to Desktop and run it.



Checkmark the following boxes:

• Flush DNS
• Report IE Proxy Settings
• Reset IE Proxy Settings
• List content of Hosts
• List IP Configuration
• Lst Last 10 Event Viewer Errors
• List Users, Partitions and Memory Size
[/b]

Click Go and copy/paste the log (Result.txt) into your next post.
*****************************************
The log shows that your AV is out-of-date. If it has expired you will need to renew it or download a free one from the list below.

Remember to only install one antivirus!
 
1) Avast! Home Edition
2) AVG Free Edition
3) Avira AntiVir Personal
4) MicroSoft Security Essentials   All versions and all languages.
5) Comodo Antivirus (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" if you choose this one)
6) PC Tools AntiVirus Free Edition

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.
*****************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[The Sandman]

Dave,

I use Viper as an AV program. Do you know anything about it? Once purchased I get updates for life. I'm currently having trouble updating it though. I'll work on that.

Here is my log from MiniToolbox:

MiniToolBox by Farbar  Version: 23-01-2014
Ran by Tace (administrator) on 10-03-2014 at 20:02:20
Running from "C:\Users\Tace\Desktop"
Microsoft Windows 7 Starter  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

Broadcom 802.11n Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : iahome
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Broadcast
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Broadcom 802.11n Network Adapter
   Physical Address. . . . . . . . . : C0-F8-DA-85-49-E1
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b924:d24c:e5a2:2c9a%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.69(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, March 10, 2014 5:52:18 PM
   Lease Expires . . . . . . . . . . : Tuesday, March 11, 2014 5:52:20 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 432077018
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-64-C0-A0-E8-9A-8F-31-AA-27
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : E8-9A-8F-31-AA-27
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{1A4B8940-89F6-490C-BCE0-24B7D1A3C79D}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.gateway.2wire.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : gateway.2wire.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2431:1388:3f57:feba(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2431:1388:3f57:feba%19(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 503316480
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-64-C0-A0-E8-9A-8F-31-AA-27
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  homeportal
Address:  192.168.1.254

Name:    google.com
Addresses:  2607:f8b0:4002:c07::66
     74.125.196.100
     74.125.196.138
     74.125.196.113
     74.125.196.101
     74.125.196.139
     74.125.196.102


Pinging google.com [74.125.196.113] with 32 bytes of data:
Reply from 74.125.196.113: bytes=32 time=864ms TTL=41
Reply from 74.125.196.113: bytes=32 time=1106ms TTL=41

Ping statistics for 74.125.196.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 864ms, Maximum = 1106ms, Average = 985ms
Server:  homeportal
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.139.183.24
     206.190.36.45
     98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=1130ms TTL=45
Reply from 206.190.36.45: bytes=32 time=1335ms TTL=45

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1130ms, Maximum = 1335ms, Average = 1232ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...c0 f8 da 85 49 e1 ......Broadcom 802.11n Network Adapter
 11...e8 9a 8f 31 aa 27 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.69     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.69    281
     192.168.1.69  255.255.255.255         On-link      192.168.1.69    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.69    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.69    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.69    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 19     58 2001::/32                On-link
 19    306 2001:0:9d38:6abd:2431:1388:3f57:feba/128
                                    On-link
 13    281 fe80::/64                On-link
 19    306 fe80::/64                On-link
 19    306 fe80::2431:1388:3f57:feba/128
                                    On-link
 13    281 fe80::b924:d24c:e5a2:2c9a/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    306 ff00::/8                 On-link
 13    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/10/2014 00:59:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 00:28:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'.  hr = 0x80070005, Access is denied.
.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/09/2014 01:45:41 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'.  hr = 0x80070005, Access is denied.
.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/09/2014 01:02:20 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2014 07:09:58 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = ComboFix created restore point; Error = 0x800706be).

Error: (03/08/2014 06:43:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2014 02:49:13 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'.  hr = 0x80070005, Access is denied.
.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/08/2014 01:48:04 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The connection with the server was terminated abnormally

Error: (03/08/2014 01:37:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 00:35:47 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'.  hr = 0x80070005, Access is denied.
.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator


System errors:
=============
Error: (03/10/2014 00:58:12 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (03/10/2014 00:24:31 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/10/2014 00:24:28 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/10/2014 00:01:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.

Error: (03/10/2014 00:01:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

Error: (03/09/2014 01:45:47 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/09/2014 01:45:45 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/09/2014 01:42:20 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/09/2014 01:42:18 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (03/09/2014 01:42:15 PM) (Source: Disk) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Microsoft Office Sessions:
=========================
Error: (03/10/2014 00:59:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/10/2014 00:28:37 PM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'0x80070005, Access is denied.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/09/2014 01:45:41 PM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'0x80070005, Access is denied.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/09/2014 01:02:20 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2014 07:09:58 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be

Error: (03/08/2014 06:43:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/08/2014 02:49:13 PM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'0x80070005, Access is denied.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator

Error: (03/08/2014 01:48:04 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The connection with the server was terminated abnormally

Error: (03/08/2014 01:37:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/05/2014 00:35:47 PM) (Source: VSS)(User: )
Description: Error calling CreateFile on volume '\\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\'0x80070005, Access is denied.


Operation:
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{3664a119-d045-11e0-acbf-e89a8f31aa27}\
   Execution Context: Coordinator


========================= Memory info: ===================================

Percentage of memory in use: 82%
Total physical RAM: 1011.87 MB
Available physical RAM: 176.98 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 817.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.23 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:173.69 GB) NTFS

========================= Users: ========================================

User accounts for \\IAHOME

Administrator            Guest                    ian                     
Tace                     


**** End of log ****

I downloaded ESET, and following your instructions, I didn't get the expected results. I never got the "List found threats" option, or the "export to text file" option. I took the possible location you provided for the text file, put it in my address bar, and found something, so I will paste it here:

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=28e4f355e49855448580eb1c4a0cf69c
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 03:20:43
# local_time=2012-12-29 10:20:43 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 43742481 108339234 0 0
# scanned=28623
# found=0
# cleaned=0
# scan_time=37549
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=28e4f355e49855448580eb1c4a0cf69c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-29 06:15:06
# local_time=2012-12-29 01:15:06 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 43752944 108349697 0 0
# scanned=102331
# found=0
# cleaned=0
# scan_time=10201
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=28e4f355e49855448580eb1c4a0cf69c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-30 12:08:41
# local_time=2012-12-29 07:08:41 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 43774159 108370912 0 0
# scanned=102346
# found=2
# cleaned=2
# scan_time=16235
C:\Users\Tace\AppData\Local\Google\Chrome\User Data\Temp\scoped_dir_10238\YontooLayers.crx   Win32/Adware.Yontoo.C application (deleted - quarantined)   987E2C71ECD9C9CC159E87F4A4BC9C9D147E2A5 F   C
C:\Users\Tace\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\252635f6-27a0fb15   a variant of Java/Exploit.CVE-2011-3544.AW trojan (deleted - quarantined)   8E944C4948FA9844D7039C7BA58D8A987DCFEB4 9   C
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=28e4f355e49855448580eb1c4a0cf69c
# engine=12807
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-11 07:38:43
# local_time=2014-03-11 03:38:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 19820140 146111514 0 0
# scanned=126362
# found=0
# cleaned=0
# scan_time=10929
ESETSmartInstaller@High as downloader log:
Can not read file from internet.

Is this what you were asking for, or something else entirely?

Thank you

[SuperDave]

Is it still running slowly? Is it slow while just on the internet or is it slow all the time?

[The Sandman]

Dave,

My system is still running slowly. It seems to be just the web. Nothing really wants to load. Once I was entering in a text field such as this and my text wouldn't show up until I clicked in the text field again. Then my letters would slowly print as I had already typed them. I would type again and nothing would show up until I clicked in the text field, then the letters would print out.

Now, everything just loads really slowly.

Thanks

[SuperDave]

What browser are you using?

[The Sandman]

Firefox 27.0.1

[SuperDave]

Firefox 27.0.1

Have you tried Internet Explorer?

[The Sandman]

Hello,

We got a different internet service. Things seems to be running better now. A netbook is junk anyway, but my wife seems to be happy, so I'm happy.

I want to thank you for the time you spent with me!

[SuperDave]

You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.