Browser Crashing and Unknown Processes

I'm currently trying to resurrect a friend's system that is a 2007 Dell desktop 3rd generation ahnd-me down...bottom-line: who knows where it's been or who's been using it. My friend would like to get it cleaned up and use it for word processing, emails and siple video games. When he first contacted me about cleanin git up...he said it "barely lets him do anything". Once I configued various software packages from auto-updating, it stablized enough for me to install Avast, WinPatrol and SpyBot.

During this time, that's when I noticed a few processes running all the time that seemed suspicious and I've stopped a handful of those until you folks at TSF could see what's really going on.

Symptons include:
- MS IExplorer crashes a lot, doesn't seem to matter what web page.
- Unknown processes (like XDoley...) running.
- very sluggish and excessive drive activity when nothing is running.

Pasted below is the DDS.txt report (ATTACH and ARK files attached):

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526
Run by Dell at 13:08:24 on 2014-01-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1152 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071205
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1071205
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_ActiveX.exe -update activex
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [MSConfig] "c:\windows\system32\msconfig.exe" /auto
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.226
TCP: Interfaces\{6C1F25AA-CE6F-4B00-992C-DB62B4330A95} : DHCPNameServer = 192.168.0.1 205.171.2.226
Notify: SDWinLogon - SDWinLogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-1-6 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-1-6 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-1-6 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-1-6 410528]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-1-6 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-1-6 50344]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-24 21504]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-8-17 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-8-17 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-8-17 171416]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\drivers\null.sys [2012-4-24 4608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2014-01-11 17:19:08 -------- d-----w- c:\users\dell\appdata\roaming\Privacy Guardian
2014-01-11 17:16:42 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2014-01-11 17:16:42 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2014-01-11 17:16:41 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2014-01-11 17:16:41 512512 ----a-w- c:\windows\system32\msxml.dll
2014-01-11 17:16:41 -------- d-----w- c:\program files\common files\PC Tools
2014-01-11 17:16:40 -------- d-----w- c:\program files\PC Tools
2014-01-11 16:35:31 -------- d-----w- c:\users\dell\appdata\roaming\Product_FR
2014-01-11 16:35:31 -------- d-----w- c:\programdata\PC Tools
2014-01-11 16:12:32 -------- d-----w- c:\windows\Migration
2014-01-11 15:52:59 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2014-01-11 15:52:59 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2014-01-11 15:52:58 798208 ----a-w- c:\windows\system32\FntCache.dll
2014-01-11 15:52:58 683008 ----a-w- c:\windows\system32\d2d1.dll
2014-01-11 15:52:58 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-01-11 15:52:58 189952 ----a-w- c:\windows\system32\d3d10core.dll
2014-01-11 15:52:58 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2014-01-11 15:52:58 1069056 ----a-w- c:\windows\system32\DWrite.dll
2014-01-11 15:52:58 1029120 ----a-w- c:\windows\system32\d3d10.dll
2014-01-11 15:52:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2014-01-11 03:25:09 -------- d-----w- c:\program files\Windows Portable Devices
2014-01-11 02:55:32 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2014-01-11 02:55:30 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2014-01-11 02:55:30 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2014-01-11 02:42:37 161792 ----a-w- c:\windows\system32\msls31.dll
2014-01-11 02:40:13 98816 ----a-w- c:\windows\system32\mfps.dll
2014-01-11 02:39:46 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2014-01-11 02:39:46 252928 ----a-w- c:\windows\system32\dxdiag.exe
2014-01-11 02:39:46 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2014-01-11 02:39:45 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-01-11 02:39:45 519680 ----a-w- c:\windows\system32\d3d11.dll
2014-01-11 02:39:45 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2014-01-11 02:39:45 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-01-11 02:28:47 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-01-11 02:28:41 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-01-11 02:28:41 16896 ----a-w- c:\windows\system32\winusb.dll
2014-01-11 02:28:41 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-01-11 02:28:40 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-01-11 02:28:40 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-01-11 02:28:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-01-11 02:28:37 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-01-11 02:28:36 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-01-11 02:28:36 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-01-11 02:22:28 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-01-11 02:19:58 98304 ----a-w- c:\windows\system32\cryptnet.dll
2014-01-11 02:19:58 172544 ----a-w- c:\windows\system32\wintrust.dll
2014-01-11 02:19:58 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2014-01-11 02:19:42 377344 ----a-w- c:\windows\system32\winhttp.dll
2014-01-11 02:19:41 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-01-11 02:19:34 2048 ----a-w- c:\windows\system32\tzres.dll
2014-01-11 02:19:16 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-01-11 02:17:59 36864 ----a-w- c:\windows\system32\wshcon.dll
2014-01-11 02:16:25 376320 ----a-w- c:\windows\system32\winsrv.dll
2014-01-11 02:12:39 429056 ----a-w- c:\windows\system32\EncDec.dll
2014-01-11 02:12:38 204288 ----a-w- c:\windows\system32\ncrypt.dll
2014-01-11 01:52:47 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-01-11 01:52:30 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-01-11 01:52:26 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-01-11 01:52:26 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-01-11 01:35:19 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2014-01-11 01:18:19 -------- d-----w- c:\windows\system32\vi-VN
2014-01-11 01:18:19 -------- d-----w- c:\windows\system32\eu-ES
2014-01-11 01:18:19 -------- d-----w- c:\windows\system32\ca-ES
2014-01-11 01:02:09 -------- d-----w- c:\windows\system32\EventProviders
2014-01-11 00:33:00 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2014-01-11 00:31:59 524288 ----a-w- c:\windows\system32\sqlsrv32.dll
2014-01-11 00:30:59 136704 ----a-w- c:\windows\system32\drivers\exfat.sys
2014-01-11 00:23:11 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2014-01-11 00:00:20 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2014-01-11 00:00:20 49472 ----a-w- c:\windows\system32\netfxperf.dll
2014-01-11 00:00:20 297808 ----a-w- c:\windows\system32\mscoree.dll
2014-01-11 00:00:20 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2014-01-11 00:00:19 1130824 ----a-w- c:\windows\system32\dfshim.dll
2014-01-09 19:11:34 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2014-01-09 19:10:59 128000 ----a-w- c:\windows\system32\spoolsv.exe
2014-01-09 19:09:52 231424 ----a-w- c:\windows\system32\msshsq.dll
2014-01-09 19:09:50 867328 ----a-w- c:\windows\system32\wmpmde.dll
2014-01-09 19:09:48 322560 ----a-w- c:\windows\system32\sbe.dll
2014-01-09 19:09:48 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2014-01-09 19:09:48 153088 ----a-w- c:\windows\system32\sbeio.dll
2014-01-09 19:09:30 601600 ----a-w- c:\windows\system32\schedsvc.dll
2014-01-09 19:09:30 352768 ----a-w- c:\windows\system32\taskschd.dll
2014-01-09 19:09:30 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2014-01-09 19:09:29 270336 ----a-w- c:\windows\system32\taskcomp.dll
2014-01-09 19:09:29 171520 ----a-w- c:\windows\system32\taskeng.exe
2014-01-09 19:09:27 739328 ----a-w- c:\windows\system32\inetcomm.dll
2014-01-09 19:09:25 81920 ----a-w- c:\windows\system32\consent.exe
2014-01-09 19:08:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2014-01-09 19:08:39 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2014-01-09 18:58:43 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15fc72be-380e-4fa7-be30-0e4844833e55}\mpengine.dll
2014-01-09 18:54:01 650936 ----a-w- c:\programdata\microsoft\ehome\packages\sportstemplate\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
2014-01-07 03:31:11 -------- d-----w- C:\PerfLogs
2014-01-07 02:57:23 -------- d-----w- c:\windows\system32\MRT
2014-01-07 02:26:24 -------- d-----w- c:\users\dell\appdata\roaming\AVAST Software
2014-01-07 02:25:20 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-07 02:25:19 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-07 02:25:18 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-07 02:25:17 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-07 02:25:11 43152 ----a-w- c:\windows\avastSS.scr
2014-01-07 02:23:54 -------- d-----w- c:\program files\AVAST Software
2014-01-07 02:22:51 -------- d-----w- c:\programdata\AVAST Software
2014-01-06 23:53:18 -------- d-----w- c:\users\dell\appdata\roaming\WinPatrol
2014-01-06 23:53:14 -------- d-----w- c:\program files\BillP Studios
2014-01-06 23:53:13 -------- d-----w- c:\programdata\InstallMate
2014-01-06 23:52:40 -------- d--h--w- c:\programdata\Common Files
2014-01-06 23:52:40 -------- d-----w- c:\users\dell\appdata\local\MFAData
2014-01-06 23:52:40 -------- d-----w- c:\users\dell\appdata\local\Avg2014
2014-01-06 23:52:40 -------- d-----w- c:\programdata\MFAData
2014-01-06 23:50:22 -------- d-----w- c:\users\dell\Favorites Bkup
.
==================== Find3M ====================
.
2014-01-11 02:40:13 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2014-01-11 02:39:46 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2014-01-07 03:18:12 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2014-01-07 03:18:11 82432 ----a-w- c:\windows\system32\axaltocm.dll
2013-11-26 17:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 02:13:01 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12:54 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-10-30 01:43:04 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43:06 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-10-24 02:17:06 53760 ----a-w- c:\windows\apppatch\iebrshim.dll
2013-10-22 07:19:59 158208 ----a-w- c:\windows\system32\imagehlp.dll
.
============= FINISH: 13:09:22.24 ===============

Attached Files

	attach.zip (1.2 KB)
	ark.zip (1.5 KB)