TxAggie09

Virus / Malware Infection

Recommended Posts

Hello,

 

About a week ago I was trying to download an online radio streaming program. I wasn't paying attention or being careful and clicked on a "Download Now" button which turned out to be an advertisement on the page. When I installed it, several programs activated. I've tried cleaning this up on my own but I realize I don't know what I'm doing. I have been making changes and trying a bunch of malware programs I came across while doing quick online searches, only later to read that I shouldn't be making these changes or running some of these programs (like ComboFix). I was hoping someone here would be able to help me remove or confirm that I have removed the virus / malware infection before I do any (more) damage..

 

The malware I downloaded claimed to be a Zip extractor program, but also included Jotzey and a lot of other stuff. Here are my dds.txt and attach.txt logs I have from following the instructions on the "I'm infected - What do I do now?" page.

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Dflanary at 16:57:31 on 2014-03-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.1560 [GMT -6:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\My Dell\imstrayicon.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110615210943.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - <no file>
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - <no file>
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5DBA78BE-CA15-4FEB-AFC2-AA06B5DE8604} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5DBA78BE-CA15-4FEB-AFC2-AA06B5DE8604}\2656C6B696E6E233932663 : DHCPNameServer = 192.168.2.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>

x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20110527142719.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [AdAwareTray] "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe"



x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\Users\Dflanary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
---- FIREFOX POLICIES ----
user_pref(extensions.autoDisableScopes,14);
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-23 207904]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 529128]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-10-13 283360]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-27 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-28 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-28 421704]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2010-10-13 75032]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-27 89600]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-28 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-23 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-27 13336]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-19 701512]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-5-27 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-5-27 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-5-27 149032]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-27 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-27 2655768]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-10-13 62800]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-27 175168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-27 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25928]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-10-13 190136]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-10-13 441328]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 14:26:57;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-23 80184]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-5-27 220528]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-10-13 94864]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2008-7-7 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2008-5-9 213120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-16 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-27 250984]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-23 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-3-10 355440]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-01 04:29:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-02-28 04:06:08    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-02-28 04:06:08    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-02-28 03:58:13    --------    d-----w-    C:\Program Files\Lavasoft
2014-02-24 04:32:38    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\LavasoftStatistics
2014-02-24 04:07:17    --------    d-----w-    C:\ProgramData\Search Protection
2014-02-24 04:07:15    --------    d-----w-    C:\ProgramData\blekko toolbars
2014-02-24 04:07:14    --------    d-----w-    C:\Users\Dflanary\AppData\Local\adawarebp
2014-02-24 04:07:12    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2014-02-24 04:07:05    --------    d-----w-    C:\Program Files (x86)\Toolbar Cleaner
2014-02-24 04:07:01    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\SecureSearch
2014-02-24 04:06:47    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2014-02-24 03:59:12    --------    d-----w-    C:\Program Files\Common Files\Lavasoft
2014-02-24 03:15:51    --------    d-----w-    C:\Windows\Migration
2014-02-24 03:13:54    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-02-24 03:13:54    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-02-24 03:11:20    --------    d-----w-    C:\ProgramData\Oracle
2014-02-24 03:11:04    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-24 01:53:40    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\AVAST Software
2014-02-24 01:47:36    80184    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-02-23 08:26:43    290304    ----a-w-    C:\Windows\SysWow64\subinacl.exe
2014-02-23 08:26:41    --------    d-----w-    C:\Program Files\Common Files\Microsoft
2014-02-23 08:26:41    --------    d-----w-    C:\Program Files\AdwareRemovalToolv3.7
2014-02-23 07:55:13    98816    ----a-w-    C:\Windows\sed.exe
2014-02-23 07:55:13    256000    ----a-w-    C:\Windows\PEV.exe
2014-02-23 07:55:13    208896    ----a-w-    C:\Windows\MBR.exe
2014-02-23 07:27:12    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-02-23 06:44:43    --------    d-----w-    C:\FRST
2014-02-23 00:48:30    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\DigitalSites
2014-02-18 03:47:24    --------    d-----w-    C:\Program Files\McAfee Security Scan
2014-02-15 02:33:19    75376    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-02-15 02:33:19    272496    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-02-15 02:33:19    20080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-02-12 13:03:48    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-06 19:41:04    --------    d-----w-    C:\Users\Dflanary\AppData\Local\Thunderbird
.
==================== Find3M  ====================
.
2014-02-24 01:47:33    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-02-24 01:47:33    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-02-24 01:47:33    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-02-24 01:47:32    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-02-24 01:47:32    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-24 01:47:32    43152    ----a-w-    C:\Windows\avastSS.scr
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33    485888    ----a-w-    C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33    123392    ----a-w-    C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16    488448    ----a-w-    C:\Windows\System32\secproc.dll
2013-12-04 02:26:32    528384    ----a-w-    C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51    658432    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51    626176    ----a-w-    C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50    552960    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48    553984    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20    87040    ----a-w-    C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20    423936    ----a-w-    C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08    428032    ----a-w-    C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06    390144    ----a-w-    C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14    510976    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10    594944    ----a-w-    C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09    572416    ----a-w-    C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06    508928    ----a-w-    C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH: 16:58:05.73 ===============

 

 

attach.txt:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/3/2011 9:49:30 PM
System Uptime: 3/2/2014 1:16:00 AM (15 hours ago)
.
Motherboard: Dell Inc. |  | 034W60
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 226.905 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP91: 2/23/2014 1:27:54 AM - Revo Uninstaller's restore point - Zip Extractor Packages
RP92: 2/23/2014 1:31:33 AM - Revo Uninstaller's restore point - Zip Extractor Packages
RP93: 2/23/2014 1:35:23 AM - Revo Uninstaller's restore point - Search Protect
RP94: 2/23/2014 7:38:17 PM - avast! antivirus system restore point
RP95: 2/23/2014 9:09:36 PM - Installed Java 7 Update 51
RP96: 2/23/2014 9:14:00 PM - Windows Update
RP97: 2/23/2014 9:42:23 PM - AA11
RP98: 2/25/2014 3:00:17 AM - Windows Update
RP99: 2/27/2014 9:52:47 PM - AA11
RP100: 2/28/2014 3:00:12 AM - Windows Update
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Security Add-on
AdAwareInstaller
AdAwareUpdater
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
AntimalwareEngine
Ask Toolbar
Ask Toolbar Updater
avast! Free Antivirus
Consumer In-Home Service Agreement
Cozi
CyberLink PowerDVD 9.6
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell Perks Webslice IE8
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
IDT Audio
Install LoJack for Laptops
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
Internet Explorer
Java 7 Update 51
Java Auto Updater
Java 6 Update 24 (64-bit)
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee SecurityCenter
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Broadband Generic Drivers
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.95
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Toolbars
Skype™ 5.10
Sonic CinePlayer Decoder Pack
TrustedID
Unity Web Player
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/1/2014 6:09:39 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
2/28/2014 9:39:21 PM, Error: Application Popup [1060]  - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
2/28/2014 9:20:03 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
2/28/2014 10:26:40 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
2/28/2014 10:19:19 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.
2/28/2014 10:17:25 PM, Error: Service Control Manager [7034]  - The Bluetooth OBEX Service service terminated unexpectedly.  It has done this 1 time(s).
2/28/2014 10:17:25 PM, Error: Service Control Manager [7034]  - The Bluetooth Media Service service terminated unexpectedly.  It has done this 1 time(s).
2/23/2014 7:05:25 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
2/23/2014 5:43:25 PM, Error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{5DBA78BE-CA15-4FEB-AFC2-AA06B5DE8604} because another computer on the network has the same name.  The server could not start.
2/23/2014 5:43:03 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
2/23/2014 2:32:24 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
2/23/2014 11:11:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
2/23/2014 11:11:28 AM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/23/2014 11:11:28 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/23/2014 11:10:11 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.
2/23/2014 11:09:00 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 87
2/23/2014 10:32:53 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Util Jotzey service to connect.
2/23/2014 10:32:53 AM, Error: Service Control Manager [7000]  - The Util Jotzey service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/23/2014 10:32:22 AM, Error: Service Control Manager [7000]  - The Update Jotzey service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
2/23/2014 10:32:18 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Update Jotzey service to connect.
.
==== End Of File ===========================
 

 

I appreciate any help you can give me, thank you for your time!

Share this post


Link to post
Share on other sites

Hello and welcome to the Malwarebytes Forum,

There are still signs of adware on the machine.

Did you run ComboFix/

If so please post the log, it will be located at C:\ComboFix.txt

NEXT

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Share this post


Link to post
Share on other sites

Thank you!

 

When I ran ComboFix, I acciddentally still had McAfee running in the background and it popped up at Stage 3 or 4 during the scan. I know it should have been off, my mistake. Here is the message it came up with:

 

"McAfee detected and automatically quarantined an infected file on your PC. No further action is required. Quarantine is a secure area where suspect items are unable to harm your PC. You can delete, restore, or send them to McAfee for analysis. About This Virus: Detected: EICAR test file (Virus) Quarantined from C:\Users\Dflanary\AppData\Local\Temp\Av-test.txt"

 

 

Here is the text from the ComboFix:

 

ComboFix 14-02-24.02 - Dflanary 03/02/2014  19:48:17.8.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.1746 [GMT -6:00]
Running from: c:\users\Dflanary\Desktop\ComboFix.exe
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\46f8f9b8-a6d9-4ac9-a82f-2c79e2a75546.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c39bb99-9a2d-442b-9a53-fc7bd3d32368.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c91892f-68c1-49f2-9c84-27a2e4701c64.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9d9bdb2-283c-48d2-b6ea-df9f6bc83b04.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ade7fb72-009e-483b-8dbb-a94667c9efee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdf86821-bbfe-4586-8cae-bf998bb8d498.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\fdae1379-f1f4-49e3-a1cc-0a3d1c8ae2a5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-03 to 2014-03-03  )))))))))))))))))))))))))))))))
.
.
2014-03-03 02:26 . 2014-03-03 02:26    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-02-28 04:39 . 2014-02-28 04:39    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\Lavasoft
2014-02-28 04:06 . 2014-01-09 02:22    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-02-28 04:06 . 2014-01-03 22:44    6574592    ----a-w-    c:\windows\system32\mstscax.dll
2014-02-28 03:58 . 2014-02-28 03:58    --------    d-----w-    c:\program files\Lavasoft
2014-02-24 04:07 . 2014-02-25 00:34    --------    d-----w-    c:\programdata\Search Protection
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\programdata\blekko toolbars
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\users\Dflanary\AppData\Local\adawarebp
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\program files (x86)\Toolbar Cleaner
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\SecureSearch
2014-02-24 04:06 . 2014-02-24 04:06    --------    d-----w-    c:\program files (x86)\Lavasoft
2014-02-24 03:59 . 2014-02-24 03:59    --------    d-----w-    c:\program files\Common Files\Lavasoft
2014-02-24 03:42 . 2014-02-24 03:42    --------    d-----w-    c:\programdata\Lavasoft
2014-02-24 03:15 . 2014-02-24 03:15    --------    d-----w-    c:\windows\Migration
2014-02-24 03:13 . 2013-09-25 02:23    1030144    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-02-24 03:13 . 2013-09-25 01:57    792576    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-02-24 03:11 . 2014-02-24 03:11    --------    d-----w-    c:\programdata\Oracle
2014-02-24 03:11 . 2014-02-24 03:11    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-02-24 03:11 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-24 01:53 . 2014-02-24 01:53    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\AVAST Software
2014-02-24 01:47 . 2014-02-24 01:47    80184    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-02-23 08:26 . 2014-02-23 08:26    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2014-02-23 08:26 . 2014-02-23 08:26    --------    d-----w-    c:\program files\AdwareRemovalToolv3.7
2014-02-23 08:26 . 2014-02-23 08:26    --------    d-----w-    c:\program files\Common Files\Microsoft
2014-02-23 07:27 . 2014-02-23 07:27    --------    d-----w-    c:\program files (x86)\VS Revo Group
2014-02-23 06:44 . 2014-02-23 06:47    --------    d-----w-    C:\FRST
2014-02-23 00:48 . 2014-02-23 05:20    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\DigitalSites
2014-02-18 03:47 . 2014-02-18 03:47    --------    d-----w-    c:\program files\McAfee Security Scan
2014-02-15 02:33 . 2014-02-09 04:07    75376    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-02-15 02:33 . 2014-02-09 04:07    272496    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-02-15 02:33 . 2014-02-09 04:07    20080    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-02-13 09:00 . 2014-02-06 10:47    1837056    ----a-w-    c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-02-12 13:03 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-06 19:41 . 2014-02-06 19:41    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\Thunderbird
2014-02-06 19:41 . 2014-02-06 19:41    --------    d-----w-    c:\users\Dflanary\AppData\Local\Thunderbird
2014-02-06 19:40 . 2014-02-06 19:40    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 01:47 . 2013-09-23 22:38    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-02-24 01:47 . 2013-09-23 22:38    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-02-24 01:47 . 2011-11-28 18:28    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-24 01:47 . 2013-09-23 22:38    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-02-24 01:47 . 2011-11-28 18:28    421704    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-02-24 01:47 . 2011-11-28 18:28    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-24 01:47 . 2011-11-28 18:28    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-24 01:47 . 2011-11-28 18:27    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-15 09:01 . 2013-05-20 18:58    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2011-11-28 18:28    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-12-10 09:02 . 2013-12-10 09:02    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 09:02 . 2013-12-10 09:02    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-10 09:02 . 2013-12-10 09:02    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 09:02 . 2013-12-10 09:02    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-10 09:02 . 2013-12-10 09:02    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-10 09:02 . 2013-12-10 09:02    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 09:02 . 2013-12-10 09:02    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-10 09:02 . 2013-12-10 09:02    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-10 09:02 . 2013-12-10 09:02    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-10 09:02 . 2013-12-10 09:02    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-10 09:02 . 2013-12-10 09:02    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-10 09:02 . 2013-12-10 09:02    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-10 09:02 . 2013-12-10 09:02    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 09:02 . 2013-12-10 09:02    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-10 09:02 . 2013-12-10 09:02    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 09:02 . 2013-12-10 09:02    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-10 09:02 . 2013-12-10 09:02    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 09:02 . 2013-12-10 09:02    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-10 09:02 . 2013-12-10 09:02    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-10 09:02 . 2013-12-10 09:02    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-10 09:02 . 2013-12-10 09:02    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-10 09:02 . 2013-12-10 09:02    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-10 09:02 . 2013-12-10 09:02    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 09:02 . 2013-12-10 09:02    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-10 09:02 . 2013-12-10 09:02    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 09:02 . 2013-12-10 09:02    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-10 09:02 . 2013-12-10 09:02    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-10 09:02 . 2013-12-10 09:02    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-10 09:02 . 2013-12-10 09:02    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-10 09:02 . 2013-12-10 09:02    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-10 09:02 . 2013-12-10 09:02    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-10 09:02 . 2013-12-10 09:02    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-10 09:02 . 2013-12-10 09:02    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 09:02 . 2013-12-10 09:02    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-10 09:02 . 2013-12-10 09:02    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-10 09:02 . 2013-12-10 09:02    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-10 09:02 . 2013-12-10 09:02    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-10 09:02 . 2013-12-10 09:02    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-10 09:02 . 2013-12-10 09:02    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-10 09:02 . 2013-12-10 09:02    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-10 09:02 . 2013-12-10 09:02    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-10 09:02 . 2013-12-10 09:02    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-10 09:02 . 2013-12-10 09:02    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-10 09:02 . 2013-12-10 09:02    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-10 09:02 . 2013-12-10 09:02    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-12-10 09:02 . 2013-12-10 09:02    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-10 09:02 . 2013-12-10 09:02    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-10 09:02 . 2013-12-10 09:02    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-10 09:02 . 2013-12-10 09:02    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-10 09:02 . 2013-12-10 09:02    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 09:02 . 2013-12-10 09:02    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-10 09:02 . 2013-12-10 09:02    101376    ----a-w-    c:\windows\system32\inseng.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-12-20 16:22    116248    ----a-w-    c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll" [2013-12-20 116248]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1484856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-24 3767096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 14:26;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys;c:\windows\SYSNATIVE\DRIVERS\mfenlfk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 LavasoftAdAwareService11;Ad-Aware Service 11;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe;c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - mfeavfk01
*Deregistered* - PCDSRVC{D3412D80-CF3B4A27-06020200}_0
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2013-12-20 16:22    132264    ----a-w-    c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx64.dll" [2013-12-20 132264]
.
[HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-24 01:47    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe" [2014-01-23 4114264]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm


TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
user_pref(extensions.autoDisableScopes,14);
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-02  20:29:03
ComboFix-quarantined-files.txt  2014-03-03 02:29
ComboFix2.txt  2014-03-01 04:35
ComboFix3.txt  2014-03-01 04:10
ComboFix4.txt  2014-03-01 03:49
ComboFix5.txt  2014-03-03 01:46
.
Pre-Run: 244,814,577,664 bytes free
Post-Run: 244,612,182,016 bytes free
.
- - End Of File - - 065A90CE17F9DA66673E7E64C35D5D12
 

 

I did make sure McAfee was closed when I ran JRT and AdwCleaner, here are the logs:

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dflanary on Sun 03/02/2014 at 20:36:38.86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\blekko toolbars"
Successfully deleted: [Folder] "C:\ProgramData\search protection"
Successfully deleted: [Folder] "C:\Users\Dflanary\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Dflanary\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\ProgramData\ask"
Successfully deleted: [Folder] "C:\Users\Dflanary\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\Users\Dflanary\AppData\Roaming\mozilla\firefox\profiles\sbymhqkp.default\user.js
Successfully deleted: [Folder] C:\Users\Dflanary\AppData\Roaming\mozilla\firefox\profiles\sbymhqkp.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Successfully deleted the following from C:\Users\Dflanary\AppData\Roaming\mozilla\firefox\profiles\sbymhqkp.default\prefs.js

user_pref("browser.search.defaultenginename", "SecureSearch");
user_pref("browser.search.selectedEngine", "SecureSearch");
Emptied folder: C:\Users\Dflanary\AppData\Roaming\mozilla\firefox\profiles\sbymhqkp.default\minidumps [23 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/02/2014 at 20:46:59.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwCleaner had two logs:

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 20:54:08
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dflanary - BANSHEE
# Running from : C:\Users\Dflanary\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Found : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\c50ifcvi.default\user.js
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\Users\Dflanary\AppData\LocalLow\adawaretb
Folder Found C:\Users\Dflanary\AppData\Roaming\DigitalSites
Folder Found C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\adawaretb

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\adawaretb
Key Found : HKCU\Software\caphyon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\WEDLMNGR
Key Found : [x64] HKCU\Software\caphyon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\WEDLMNGR
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518



-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4195 octets] - [02/03/2014 20:54:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4255 octets] ##########
 

 

And the second one:

 

# AdwCleaner v3.020 - Report created 02/03/2014 at 20:57:21
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dflanary - BANSHEE
# Running from : C:\Users\Dflanary\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Users\Dflanary\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Dflanary\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\adawaretb
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\adawaretb.xml
File Deleted : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\c50ifcvi.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\caphyon
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4383 octets] - [02/03/2014 20:54:08]
AdwCleaner[s0].txt - [3968 octets] - [02/03/2014 20:57:21]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4028 octets] ##########
 

Share this post


Link to post
Share on other sites

ok,

looks like a lot of junk was removed

this is an issue here:

AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

You should only have one antivirus and one firewall.

Having more than one can cause system slowdowns, conflicts and crashes.

Please decide which AV and which Firewall you want to keep, then totally uninstall the other ones.

Then please re-run ComboFix, allowing it to update if it asks to do so, disabling the AV while running.

Post the new log.

Share this post


Link to post
Share on other sites

I have uninstalled McAfee and Ad-Aware. After running ComboFix again, here is my log:

 

ComboFix 14-03-03.02 - Dflanary 03/03/2014  22:17:54.9.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.2499 [GMT -6:00]
Running from: c:\users\Dflanary\Documents\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6426\AddOnDownloaded\236515c7-c29a-41e6-873d-b9e2673e11c3.dll
c:\programdata\PCDr\6426\AddOnDownloaded\46f8f9b8-a6d9-4ac9-a82f-2c79e2a75546.dll
c:\programdata\PCDr\6426\AddOnDownloaded\4f436db1-def5-4137-a084-15125ef65010.dll
c:\programdata\PCDr\6426\AddOnDownloaded\5dc25d30-0116-4ea0-9e12-f329c60c603b.dll
c:\programdata\PCDr\6426\AddOnDownloaded\667e2f17-0031-40e7-a376-b390959abbb8.dll
c:\programdata\PCDr\6426\AddOnDownloaded\6ff7e11c-29c5-4891-bc9e-fae289e9c9fe.dll
c:\programdata\PCDr\6426\AddOnDownloaded\7bc69e73-3dda-484f-af68-bb19598a4b32.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9a23b885-84bf-4844-bc8c-e1f4c568d95a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c39bb99-9a2d-442b-9a53-fc7bd3d32368.dll
c:\programdata\PCDr\6426\AddOnDownloaded\9c91892f-68c1-49f2-9c84-27a2e4701c64.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a5fe6876-4636-4d79-8440-3ce56e4f4416.dll
c:\programdata\PCDr\6426\AddOnDownloaded\a9d9bdb2-283c-48d2-b6ea-df9f6bc83b04.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ade7fb72-009e-483b-8dbb-a94667c9efee.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b1cd2350-1a70-4fd2-9b75-98208aace99a.dll
c:\programdata\PCDr\6426\AddOnDownloaded\b7527ad4-1a04-4fbc-82f1-59c1cfcafceb.dll
c:\programdata\PCDr\6426\AddOnDownloaded\cdf86821-bbfe-4586-8cae-bf998bb8d498.dll
c:\programdata\PCDr\6426\AddOnDownloaded\e6166583-b575-4093-a3ca-d9c4587d4bb7.dll
c:\programdata\PCDr\6426\AddOnDownloaded\fdae1379-f1f4-49e3-a1cc-0a3d1c8ae2a5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\ffa288d5-37d2-4036-812e-1b7722ec86ed.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-04 to 2014-03-04  )))))))))))))))))))))))))))))))
.
.
2014-03-04 04:27 . 2014-03-04 04:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-04 04:02 . 2014-03-04 04:02    --------    d-----w-    c:\programdata\Creative
2014-03-04 03:57 . 2014-01-27 15:58    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-03 03:00 . 2014-03-03 03:00    --------    d-----w-    c:\users\Dflanary\AppData\Local\adawarebp
2014-03-03 02:53 . 2014-03-03 02:57    --------    d-----w-    C:\AdwCleaner
2014-03-03 02:36 . 2014-03-03 02:36    --------    d-----w-    c:\windows\ERUNT
2014-02-28 04:06 . 2014-01-09 02:22    5694464    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-02-28 04:06 . 2014-01-03 22:44    6574592    ----a-w-    c:\windows\system32\mstscax.dll
2014-02-24 04:32 . 2014-02-28 04:38    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\LavasoftStatistics
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\programdata\Ad-Aware Browsing Protection
2014-02-24 04:07 . 2014-02-24 04:07    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\SecureSearch
2014-02-24 04:06 . 2014-02-24 04:06    --------    d-----w-    c:\program files (x86)\Lavasoft
2014-02-24 03:42 . 2014-02-24 03:42    --------    d-----w-    c:\programdata\Lavasoft
2014-02-24 03:15 . 2014-02-24 03:15    --------    d-----w-    c:\windows\Migration
2014-02-24 03:13 . 2013-09-25 02:23    1030144    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-02-24 03:13 . 2013-09-25 01:57    792576    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-02-24 03:11 . 2014-02-24 03:11    --------    d-----w-    c:\programdata\Oracle
2014-02-24 03:11 . 2014-02-24 03:11    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-02-24 03:11 . 2013-12-19 03:09    96168    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-24 01:53 . 2014-02-24 01:53    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\AVAST Software
2014-02-24 01:47 . 2014-02-24 01:47    80184    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-02-23 08:26 . 2014-02-23 08:26    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2014-02-23 08:26 . 2014-02-23 08:26    --------    d-----w-    c:\program files\AdwareRemovalToolv3.7
2014-02-23 08:26 . 2014-02-23 08:26    --------    d-----w-    c:\program files\Common Files\Microsoft
2014-02-23 07:27 . 2014-02-23 07:27    --------    d-----w-    c:\program files (x86)\VS Revo Group
2014-02-23 06:44 . 2014-02-23 06:47    --------    d-----w-    C:\FRST
2014-02-15 02:33 . 2014-02-09 04:07    75376    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-02-15 02:33 . 2014-02-09 04:07    272496    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-02-15 02:33 . 2014-02-09 04:07    20080    ----a-w-    c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-02-13 09:00 . 2014-02-06 10:47    1837056    ----a-w-    c:\program files\Internet Explorer\MemoryAnalyzer.dll
2014-02-12 13:03 . 2013-12-06 02:30    1882112    ----a-w-    c:\windows\system32\msxml3.dll
2014-02-06 19:41 . 2014-02-06 19:41    --------    d-----w-    c:\users\Dflanary\AppData\Roaming\Thunderbird
2014-02-06 19:41 . 2014-02-06 19:41    --------    d-----w-    c:\users\Dflanary\AppData\Local\Thunderbird
2014-02-06 19:40 . 2014-02-06 19:40    --------    d-----w-    c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-24 01:47 . 2013-09-23 22:38    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-02-24 01:47 . 2013-09-23 22:38    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-02-24 01:47 . 2011-11-28 18:28    1038072    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-02-24 01:47 . 2013-09-23 22:38    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-02-24 01:47 . 2011-11-28 18:28    421704    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-02-24 01:47 . 2011-11-28 18:28    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-02-24 01:47 . 2011-11-28 18:28    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-02-24 01:47 . 2011-11-28 18:27    43152    ----a-w-    c:\windows\avastSS.scr
2014-02-15 09:01 . 2013-05-20 18:58    88567024    ----a-w-    c:\windows\system32\MRT.exe
2014-01-22 14:52 . 2011-11-28 18:28    64288    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2014-01-16 00:42 . 2014-01-16 00:42    608032    ----a-w-    C:\SecurityScanner.dll
2013-12-10 09:02 . 2013-12-10 09:02    940032    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-10 09:02 . 2013-12-10 09:02    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2013-12-10 09:02 . 2013-12-10 09:02    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-10 09:02 . 2013-12-10 09:02    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2013-12-10 09:02 . 2013-12-10 09:02    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2013-12-10 09:02 . 2013-12-10 09:02    34816    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-10 09:02 . 2013-12-10 09:02    337408    ----a-w-    c:\windows\SysWow64\html.iec
2013-12-10 09:02 . 2013-12-10 09:02    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2013-12-10 09:02 . 2013-12-10 09:02    235008    ----a-w-    c:\windows\system32\elshyph.dll
2013-12-10 09:02 . 2013-12-10 09:02    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2013-12-10 09:02 . 2013-12-10 09:02    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2013-12-10 09:02 . 2013-12-10 09:02    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2013-12-10 09:02 . 2013-12-10 09:02    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2013-12-10 09:02 . 2013-12-10 09:02    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2013-12-10 09:02 . 2013-12-10 09:02    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2013-12-10 09:02 . 2013-12-10 09:02    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-12-10 09:02 . 2013-12-10 09:02    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-12-10 09:02 . 2013-12-10 09:02    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2013-12-10 09:02 . 2013-12-10 09:02    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2013-12-10 09:02 . 2013-12-10 09:02    81408    ----a-w-    c:\windows\system32\icardie.dll
2013-12-10 09:02 . 2013-12-10 09:02    774144    ----a-w-    c:\windows\system32\jscript.dll
2013-12-10 09:02 . 2013-12-10 09:02    77312    ----a-w-    c:\windows\system32\tdc.ocx
2013-12-10 09:02 . 2013-12-10 09:02    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-10 09:02 . 2013-12-10 09:02    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2013-12-10 09:02 . 2013-12-10 09:02    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2013-12-10 09:02 . 2013-12-10 09:02    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2013-12-10 09:02 . 2013-12-10 09:02    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2013-12-10 09:02 . 2013-12-10 09:02    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2013-12-10 09:02 . 2013-12-10 09:02    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2013-12-10 09:02 . 2013-12-10 09:02    48128    ----a-w-    c:\windows\system32\imgutil.dll
2013-12-10 09:02 . 2013-12-10 09:02    453120    ----a-w-    c:\windows\system32\dxtmsft.dll
2013-12-10 09:02 . 2013-12-10 09:02    413696    ----a-w-    c:\windows\system32\html.iec
2013-12-10 09:02 . 2013-12-10 09:02    40448    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-10 09:02 . 2013-12-10 09:02    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2013-12-10 09:02 . 2013-12-10 09:02    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2013-12-10 09:02 . 2013-12-10 09:02    296960    ----a-w-    c:\windows\system32\dxtrans.dll
2013-12-10 09:02 . 2013-12-10 09:02    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2013-12-10 09:02 . 2013-12-10 09:02    247808    ----a-w-    c:\windows\system32\msls31.dll
2013-12-10 09:02 . 2013-12-10 09:02    243200    ----a-w-    c:\windows\system32\webcheck.dll
2013-12-10 09:02 . 2013-12-10 09:02    235520    ----a-w-    c:\windows\system32\url.dll
2013-12-10 09:02 . 2013-12-10 09:02    167424    ----a-w-    c:\windows\system32\iexpress.exe
2013-12-10 09:02 . 2013-12-10 09:02    147968    ----a-w-    c:\windows\system32\occache.dll
2013-12-10 09:02 . 2013-12-10 09:02    143872    ----a-w-    c:\windows\system32\wextract.exe
2013-12-10 09:02 . 2013-12-10 09:02    13824    ----a-w-    c:\windows\system32\mshta.exe
2013-12-10 09:02 . 2013-12-10 09:02    135680    ----a-w-    c:\windows\system32\iepeers.dll
2013-12-10 09:02 . 2013-12-10 09:02    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2013-12-10 09:02 . 2013-12-10 09:02    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2013-12-10 09:02 . 2013-12-10 09:02    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2013-12-10 09:02 . 2013-12-10 09:02    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2013-12-10 09:02 . 2013-12-10 09:02    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2013-12-10 09:02 . 2013-12-10 09:02    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2013-12-10 09:02 . 2013-12-10 09:02    101376    ----a-w-    c:\windows\system32\inseng.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-29 75048]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-24 3767096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-09-27 559696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 14:26;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys;c:\windows\SYSNATIVE\DRIVERS\NwUsbCdFil64.sys [x]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwusbser2.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS;c:\progra~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-24 01:47    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
.
------- Supplementary Scan -------
.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm


TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-03  22:39:42
ComboFix-quarantined-files.txt  2014-03-04 04:39
ComboFix2.txt  2014-03-03 02:29
ComboFix3.txt  2014-03-01 04:35
ComboFix4.txt  2014-03-01 04:10
ComboFix5.txt  2014-03-04 04:17
.
Pre-Run: 245,218,312,192 bytes free
Post-Run: 244,789,530,624 bytes free
.
- - End Of File - - 8B0C674BAF149A2B3EC236043811C1F5

Share this post


Link to post
Share on other sites

looking better,

Please run the following:

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right-mouse click JRT.exe and select Run as administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message

NEXT

Download AdwCleaner from here and save it to your desktop.

  • Run AdwCleaner and select Scan
  • If items are found, please select the Clean button
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply

Share this post


Link to post
Share on other sites

Here is my new JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Dflanary on Tue 03/04/2014 at 17:54:48.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Dflanary\appdata\local\adawarebp"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/04/2014 at 18:02:37.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Here are the new AdwCleaner logs:

 

# AdwCleaner v3.020 - Report created 04/03/2014 at 18:08:51
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dflanary - BANSHEE
# Running from : C:\Users\Dflanary\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4383 octets] - [02/03/2014 20:54:08]
AdwCleaner[R1].txt - [977 octets] - [04/03/2014 18:05:39]
AdwCleaner[s0].txt - [4144 octets] - [02/03/2014 20:57:21]
AdwCleaner[s1].txt - [860 octets] - [04/03/2014 18:08:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [919 octets] ##########
 

 

And the second one:

 

# AdwCleaner v3.020 - Report created 04/03/2014 at 18:05:39
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dflanary - BANSHEE
# Running from : C:\Users\Dflanary\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\caphyon
Key Found : [x64] HKCU\Software\caphyon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4383 octets] - [02/03/2014 20:54:08]
AdwCleaner[R1].txt - [775 octets] - [04/03/2014 18:05:39]
AdwCleaner[s0].txt - [4144 octets] - [02/03/2014 20:57:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [894 octets] ##########

Share this post


Link to post
Share on other sites

very good,

let's do a sweep for any leftovers.

Please advise how the computer is running now and if there are any outstanding issues:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT

Go here to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, if it shows a screen that says "Threats found!", then click "List of found threats" button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Share this post


Link to post
Share on other sites

Here is the Malwarebytes log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.04.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Dflanary :: BANSHEE [administrator]

3/4/2014 7:30:06 PM
mbam-log-2014-03-04 (19-30-06).txt

Scan type: Full scan (C:\|Q:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365438
Time elapsed: 52 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

And the ESETSCAN Log:

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\c50ifcvi.default\extensions\{59981518-8b2b-431e-90db-17dacc8cfa86}.xpi    Win32/BrowseFox.B potentially unwanted application
C:\Users\Dflanary\Downloads\cbsidlm-cbsi183-Revo_Uninstaller-ORG-10687648.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
 

Share this post


Link to post
Share on other sites

The FireFox browser has a browser hijacker extension called Jotzey

see if you can remove it from within Firefox > open Firedox > tools > add-ons > extensions

if Jotsey is located there > remove it.

If not > navigate to the file and delete it

(you will need to show hidden files and folders)

C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\c50ifcvi.default\extensions\{59981518-8b2b-431e-90db-17dacc8cfa86}.xpi

The rest of the detections aren't threats, although you might not want the AdAware toolbar, so you can remove that one as well.

How is the computer running now, are there any outstanding issues?

Share this post


Link to post
Share on other sites

I have manually deleted the file "C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\c50ifcvi.default\extensions\{59981518-8b2b-431e-90db-17dacc8cfa86}.xpi"

 

I believe I deleted the last of the AdAware too, but not sure. The machine is running well, seems to be faster, especially when turning on and off. Is there any other scan I should do to make sure everything is gone?

Share this post


Link to post
Share on other sites

please run a fresh scan with DDS and post the new log.

I'll check it over for any leftovers but it should be clean now,

if all is OK, then we can clean up our tools.

Share this post


Link to post
Share on other sites

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Dflanary at 21:41:53 on 2014-03-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.1895 [GMT -6:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\My Dell\imstrayicon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.




BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{5DBA78BE-CA15-4FEB-AFC2-AA06B5DE8604} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{5DBA78BE-CA15-4FEB-AFC2-AA06B5DE8604}\2656C6B696E6E233932663 : DHCPNameServer = 192.168.2.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup



x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dflanary\AppData\Roaming\Mozilla\Firefox\Profiles\sbymhqkp.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Dflanary\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-23 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-9-23 207904]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-5-27 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-28 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-28 421704]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-27 89600]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-28 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-23 50344]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-27 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-19 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-19 701512]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-27 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-27 2655768]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-5-27 175168]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-27 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-27 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/05/27 14:26:57;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-29 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-2-23 80184]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NWUSBCDFIL64;Novatel Wireless Installation CD;C:\Windows\System32\drivers\NwUsbCdFil64.sys [2008-7-7 25600]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\System32\drivers\nwusbser2.sys [2008-5-9 213120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-16 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-5-27 250984]
S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-23 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-03-05 02:31:01    --------    d-----w-    C:\Program Files (x86)\ESET
2014-03-05 00:10:43    --------    d-----w-    C:\Users\Dflanary\AppData\Local\adawarebp
2014-03-04 04:40:28    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-03-04 03:57:03    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-03-03 02:53:51    --------    d-----w-    C:\AdwCleaner
2014-03-03 02:36:37    --------    d-----w-    C:\Windows\ERUNT
2014-02-28 04:06:08    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-02-28 04:06:08    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-02-24 04:32:38    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\LavasoftStatistics
2014-02-24 04:07:12    --------    d-----w-    C:\ProgramData\Ad-Aware Browsing Protection
2014-02-24 04:07:01    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\SecureSearch
2014-02-24 04:06:47    --------    d-----w-    C:\Program Files (x86)\Lavasoft
2014-02-24 03:15:51    --------    d-----w-    C:\Windows\Migration
2014-02-24 03:13:54    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-02-24 03:13:54    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-02-24 03:11:20    --------    d-----w-    C:\ProgramData\Oracle
2014-02-24 03:11:04    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-24 01:53:40    --------    d-----w-    C:\Users\Dflanary\AppData\Roaming\AVAST Software
2014-02-24 01:47:36    80184    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-02-23 08:26:43    290304    ----a-w-    C:\Windows\SysWow64\subinacl.exe
2014-02-23 08:26:41    --------    d-----w-    C:\Program Files\Common Files\Microsoft
2014-02-23 08:26:41    --------    d-----w-    C:\Program Files\AdwareRemovalToolv3.7
2014-02-23 07:55:13    98816    ----a-w-    C:\Windows\sed.exe
2014-02-23 07:55:13    256000    ----a-w-    C:\Windows\PEV.exe
2014-02-23 07:55:13    208896    ----a-w-    C:\Windows\MBR.exe
2014-02-23 07:27:12    --------    d-----w-    C:\Program Files (x86)\VS Revo Group
2014-02-23 06:44:43    --------    d-----w-    C:\FRST
2014-02-15 02:33:19    75376    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\breakpadinjector.dll
2014-02-15 02:33:19    272496    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll
2014-02-15 02:33:19    20080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll
2014-02-12 13:03:48    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2014-02-06 19:41:04    --------    d-----w-    C:\Users\Dflanary\AppData\Local\Thunderbird
.
==================== Find3M  ====================
.
2014-02-24 01:47:33    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-02-24 01:47:33    207904    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-02-24 01:47:33    1038072    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-02-24 01:47:32    92544    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-02-24 01:47:32    78648    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-24 01:47:32    43152    ----a-w-    C:\Windows\avastSS.scr
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-16 00:42:40    608032    ----a-w-    C:\SecurityScanner.dll
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 21:42:10.64 ===============
 

 

and the second log:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/3/2011 9:49:30 PM
System Uptime: 3/5/2014 1:49:44 PM (8 hours ago)
.
Motherboard: Dell Inc. |  | 034W60
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 229.124 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP98: 2/25/2014 3:00:17 AM - Windows Update
RP99: 2/27/2014 9:52:47 PM - AA11
RP100: 2/28/2014 3:00:12 AM - Windows Update
RP101: 3/2/2014 7:46:33 PM - ComboFix created restore point
RP102: 3/3/2014 9:36:34 PM - Revo Uninstaller's restore point - McAfee SecurityCenter
RP103: 3/3/2014 9:46:31 PM - AA11
RP104: 3/3/2014 9:56:39 PM - Windows Update
RP105: 3/4/2014 3:00:19 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
avast! Free Antivirus
Consumer In-Home Service Agreement
Cozi
CyberLink PowerDVD 9.6
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Edoc Viewer
Dell Getting Started Guide
Dell MusicStage
Dell Perks Webslice IE8
Dell PhotoStage
Dell Stage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
ESET Online Scanner v3
IDT Audio
Install LoJack for Laptops
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
Internet Explorer
Java 7 Update 51
Java Auto Updater
Java 6 Update 24 (64-bit)
JavaFX 2.1.0
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mobile Broadband Generic Drivers
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Revo Uninstaller 1.95
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Toolbars
Skype™ 6.11
Sonic CinePlayer Decoder Pack
TrustedID
Unity Web Player
VZAccess Manager
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 6:11:30 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The service did not respond to the start or control request in a timely fashion.
3/4/2014 6:10:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
3/4/2014 6:10:46 PM, Error: Service Control Manager [7000]  - The Application Virtualization Client service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 

Share this post


Link to post
Share on other sites

Looks good,

We just need to clean up the tools now, please do the following:

You can delete the DDS and JRT logs and programs from your desktop.

NEXT

Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Press the WinKey +R to open a run box
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.
Combofix_uninstall_image.jpg

NEXT

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
If there are any logs/tools remaining on your desktop > right click and delete them.

NEXT

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

  • Keep Windows updated by regularly checking their website at :

    http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome, Firefox and IE
  • AdblockPlus
    • AdblockPlus, Surf the web without annoying ads!
    • Blocks banners, pop-ups and video ads - even on Facebook and YouTube
    • Protects your online privacy
    • Two-click installation, It's free!
    • click the icon that corresponds to your browser and download.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    PC Safety and Security--What Do I Need?.

  • Simple and easy ways to keep your computer safe and secure on the Internet
Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Share this post


Link to post
Share on other sites

Thank you so much for your help, I really appreciate it!

 

I deleted the DDS and JRT logs and uninstalled ComboFix and AdwCleaner. I also downloaded and installed WOT and Adblock Plus.

 

I downloaded and ran the TFC program, however, when I ran it I got a blue screen. I'm not sure if this is normal or not or if I did it incorrectly. Please let me know if there is anything else I should do.

 

If not, thanks again!!

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.