For about the last week, I've noticed Mozilla has been lagging/hanging up and system resources have been ramping up at random intervals for no apparent reason (with fan running heavily frequently). I've run scans with Spybot, Malware AB, and Norton, but none of them have identified anything, so I'm not sure what the deal is. As requested, I'm attaching the aswMBR and DDS logs here. Thank you.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by User at 15:43:53 on 2014-03-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.2352 [GMT -4:00]
.
AV: Ad-Aware Antivirus *Disabled/Outdated* {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Ad-Aware Antivirus *Disabled/Outdated* {631A84A5-349B-D564-3A83-A0F22C2DF32B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: Ad-Aware Firewall *Disabled* {E040E464-58CE-DBB2-2B6C-32B5A979FEED}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files (x86)\12Ghosts\12wash.exe
C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\KeyScrambler\x64\KeyScrambler.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.duckduckgo.com/
mWinlogon: Userinit = C:\Windows\SysWOW64\Userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Maxtor\MaxBlast\TimounterMonitor.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [KeyScrambler] C:\Program Files (x86)\KeyScrambler\keyscrambler.exe /a
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\12GHOS~1.LNK - C:\Program Files (x86)\12Ghosts\12wash.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50} : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\144545330313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\34573747F6D656270275962756C6563737022374 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\34C6566756270516E64616D27657563747 : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.33.1
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\66C61647C616E64637 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\D657666696E6 : DHCPNameServer = 192.168.2.1 65.175.128.46 65.175.128.47
TCP: Interfaces\{6BEFED51-423F-411E-8B26-163F69EEAA50}\E4544574541425 : DHCPNameServer = 10.0.0.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages = msv1_0 relog_ap
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1gpsjt9q.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.duckduckgo.com (http://www.duckduckgo.com)
FF - prefs.js: keyword.enabled - false
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6\components\coFFPlgn.dll
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1gpsjt9q.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\User\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1gpsjt9q.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
FF - user.js: browser.sessionstore.resume_session_once - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-2 55280]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1404000.028\symds64.sys [2013-6-12 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1404000.028\symefa64.sys [2013-6-12 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [2014-2-18 1526488]
R1 ccSet_N360;Norton 360 Settings Manager;C:\Windows\System32\drivers\N360x64\1404000.028\ccsetx64.sys [2013-6-12 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-10 91864]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140314.001\IDSviA64.sys [2014-3-15 524504]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1404000.028\ironx64.sys [2013-6-12 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-6-12 433752]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 LavasoftAdAwareService11;Ad-Aware Service 11;C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [2014-1-23 702744]
R2 MaxSch2Svc;Maxtor Scheduler2 Service;C:\Program Files (x86)\Common Files\Maxtor\Schedule2\schedul2.exe [2008-6-27 605976]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-8-21 517632]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe [2013-6-12 144368]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-14 1153368]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-6-7 478712]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-2-2 172704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-25 137648]
R3 KeyScrambler;KeyScrambler;C:\Windows\System32\drivers\keyscrambler.sys [2010-2-18 221720]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-6-20 22600]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-2-2 215552]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 12Ghosts 12-Z;12Ghosts 12-Z;C:\Program Files (x86)\12Ghosts\12kernel.sys [2012-1-17 8224]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-9-9 107432]
S3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [2013-6-27 585728]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-27 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
.
=============== Created Last 30 ================
.
2014-03-15 07:39:44 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-13 01:54:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-13 01:54:59 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-13 01:54:58 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-13 01:54:58 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-03-13 01:54:58 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-13 01:54:57 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-13 01:54:57 293080 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2014-03-13 01:42:40 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 01:42:38 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 01:42:38 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-03-13 01:42:34 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-03-13 01:37:21 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-03-13 01:37:21 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-03-13 01:37:20 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-03-13 01:37:19 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-03-13 00:38:55 388096 ----a-r- C:\Users\User\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-03-13 00:38:54 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-03-10 21:39:00 -------- d-----w- C:\Users\User\AppData\Roaming\LavasoftStatistics
2014-03-10 20:48:42 -------- d-----w- C:\Program Files\Lavasoft
2014-02-25 08:02:47 -------- d-----w- C:\Windows\Migration
2014-02-25 08:00:54 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-21 02:53:38 5777288 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2014-03-12 00:54:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-12 00:54:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 15:51:39.76 ===============






aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-17 16:02:35
-----------------------------
16:02:35.954 OS Version: Windows x64 6.1.7601 Service Pack 1
16:02:35.954 Number of processors: 2 586 0x170A
16:02:35.957 ComputerName: USER-PC UserName: User
16:02:37.440 Initialize success
16:09:49.587 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:09:49.597 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
16:09:49.707 Disk 0 MBR read successfully
16:09:49.707 Disk 0 MBR scan
16:09:49.717 Disk 0 Windows 7 default MBR code
16:09:49.717 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
16:09:49.737 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 8618 MB offset 145408
16:09:49.757 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 296555 MB offset 17795072
16:09:49.787 Disk 0 scanning C:\Windows\system32\drivers
16:10:00.634 Service scanning
16:10:03.946 Service BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\BASHDefs\20140214.001\BHDrvx64.sys **LOCKED** 5
16:10:04.856 Service ccSet_N360 C:\Windows\system32\drivers\N360x64\1404000.028\ccSetx64.sys **LOCKED** 5
16:10:07.036 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
16:10:07.446 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
16:10:10.356 Service IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\IPSDefs\20140314.001\IDSvia64.sys **LOCKED** 5
16:10:14.420 Service NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140317.004\ENG64.SYS **LOCKED** 5
16:10:14.540 Service NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.3.1.22\Definitions\VirusDefs\20140317.004\EX64.SYS **LOCKED** 5
16:10:20.032 Service SRTSPX C:\Windows\system32\drivers\N360x64\1404000.028\SRTSPX64.SYS **LOCKED** 5
16:10:20.682 Service SymDS C:\Windows\system32\drivers\N360x64\1404000.028\SYMDS64.SYS **LOCKED** 5
16:10:20.812 Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
16:10:20.902 Service SymIRON C:\Windows\system32\drivers\N360x64\1404000.028\Ironx64.SYS **LOCKED** 5
16:10:20.972 Service SymNetS C:\Windows\System32\Drivers\N360x64\1404000.028\SYMNETS.SYS **LOCKED** 5
16:10:26.724 Modules scanning
16:10:26.734 Disk 0 trace - called modules:
16:10:26.794 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
16:10:26.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004448060]
16:10:26.824 3 CLASSPNP.SYS[fffff88001d5843f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040c2050]
16:10:26.834 Scan finished successfully
16:11:03.899 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
16:11:03.910 The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Attaching the zipped DDS log.

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR


Looking at two Antivirus programs running, Norton 360 and Ad Aware Antivirus, your call but you only need one, more than one is over kill and can hamper system performance, you need to uninstall the one you dont want.


Also looking at Duckduckgo, this has taken over your Firefox browser and may be the part of the problem



-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.




Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.










http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Thanks, Ken. I added Ad-aware only in the last several days (after the problem began) just to use it for an additional scan. I don't believe it is actually active in any active protective capacity (i.e., it's subordinate to Norton for active protection); I can certainly remove it if you think it might help. With regards to Duckduckgo--I thought this was just the current homepage (it's a search engine) set for Firefox. Is there something in the logs that leads you to believe it could be an issue?


The logs you requested follow:


# AdwCleaner v3.022 - Report created 18/03/2014 at 19:32:14
# Updated 13/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\AI_RecycleBin
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1gpsjt9q.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\videosaver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\1gpsjt9q.default\prefs.js ]

Line Deleted : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394004026657");

*************************

AdwCleaner[R0].txt - [3004 octets] - [18/03/2014 19:30:15]
AdwCleaner[S0].txt - [2841 octets] - [18/03/2014 19:32:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2901 octets] ##########







~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on Tue 03/18/2014 at 19:43:01.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\strongvaultapp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}



~~~ Files



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{31F30A6D-063A-4664-8F00-913EF40AC5FC}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{BE1F2412-A931-4539-B2B3-4858505A9EA9}
Successfully deleted: [Empty Folder] C:\Users\User\appdata\local\{ECF196BF-D675-4592-BC30-7BFB2C9C7A7F}



~~~ FireFox

Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\1gpsjt9q.default\minidumps [252 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/18/2014 at 19:54:21.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




Thanks again!

Morning,

The last two tools did remove a bit of garbage, as far as duckduckgo , its not malicious but does alter your FF settings, you may want to uninstall or disable it to see if it makes a difference , you can surf incognito with FF
https://support.mozilla.org/en-US/kb/private-browsing-browse-web-without-saving-info

Lets see if Malwarebytes finds anything

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Gotcha. I shifted the FF homepage back to the default. I also ran the quick scan in Malwarebytes, but no malicious items were found so no report was generated. The general lagging/hanging-up problem seems to be less consistent now, so perhaps something related to the issue got removed in one of the last two scans?

:bigthumb:

If push come to shove you can always reset FF back to default setting like when you first installed it

https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems


I will leave this thread open for you for a few days, post back in a few and let me know how its going, if you still have problems we can look further