PDA

View Full Version : 100% CPU Usage and ielowutil.exe



steve18
2012-11-07, 00:19
Recently my computer has been running very slowly due to 100% cpu usage the majority of the time. Also I have noticed coupled with this a process named ielowutil.exe, which is replicated several times, keeps popping up.

Below are my DDS and aswMBR logs

Thanks in advance for your help.

DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by STEVE at 21:19:11 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.811 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Virgin Media Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\STEVE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\STEVE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\STEVE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\qmbso5rn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: !HIDDEN! 2011-01-22 17:36; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-13 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-31 63760]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-4 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-4 304472]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-4 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-4 66904]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-06 19:32:27 -------- d-----w- C:\Users\STEVE\AppData\Local\{9DD3E688-8237-4ACF-8956-1CD0A5C57D02}
2012-11-06 07:32:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{8B47AA18-64F1-4740-AE9F-23984EB5520D}
2012-11-05 07:31:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{5001A22F-BFDD-400A-83A8-19EDE8861C35}
2012-11-04 19:30:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{EAC05CFA-F87E-45C0-BC4F-0567018BBA2A}
2012-11-04 07:30:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{7361CCD6-07A5-4692-BCC4-8ECFA9FD0F33}
2012-11-03 19:29:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{27EB3C8E-6DD7-446A-ACCF-E699FA320355}
2012-11-03 07:29:21 -------- d-----w- C:\Users\STEVE\AppData\Local\{D345D098-86CC-4FF4-B208-30F6708AACED}
2012-11-02 19:28:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{17B8C783-A458-44CC-9C84-9B661BFA9581}
2012-11-02 07:28:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{63909B04-0612-4EB4-BED7-32A6572D337D}
2012-11-01 19:26:34 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2231FCB-1A68-4FD0-8A8F-63C9996CADC4}
2012-11-01 07:20:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{5296EEB6-2869-48D5-90C9-0F4F2366031E}
2012-10-31 15:55:22 -------- d-----w- C:\ProgramData\Advanced Chemistry Development
2012-10-31 15:54:25 -------- d-----w- C:\ACDFREE12
2012-10-31 15:53:40 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Advanced Chemistry Development
2012-10-31 07:20:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{1AAAF1E9-AD58-412D-8F5E-6E33F656C596}
2012-10-30 19:19:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{19425FD7-5659-4DCB-9A8F-C0AD60B555A1}
2012-10-30 07:19:22 -------- d-----w- C:\Users\STEVE\AppData\Local\{BCD1B558-D4C6-4ABE-9EDD-D0848A48817B}
2012-10-29 19:18:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{86AF8BAE-ECA2-4E49-BE39-40BCD3A7A60B}
2012-10-29 07:18:35 -------- d-----w- C:\Users\STEVE\AppData\Local\{CB663E70-82CF-4E95-B1B8-4E8D1369D3DF}
2012-10-28 19:18:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{4BB5A9D1-BC93-400A-8FBA-E8C43F1BF19E}
2012-10-28 07:17:31 -------- d-----w- C:\Users\STEVE\AppData\Local\{9507F3FD-4041-4048-88F7-D091271D0A3B}
2012-10-27 19:17:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB9ED222-7B94-4DA3-A2CA-42EB69D1A08D}
2012-10-27 11:29:48 -------- d-----w- C:\Users\STEVE\AppData\Local\Geckofx
2012-10-27 11:27:48 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Firefly Studios
2012-10-27 11:19:20 -------- d-----w- C:\ProgramData\Firefly Studios
2012-10-27 11:05:41 -------- d-----w- C:\Program Files (x86)\Firefly Studios
2012-10-27 07:16:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{FB76D38C-0494-4867-B362-84152134D277}
2012-10-26 19:17:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{67C788D0-5A2E-487C-BA27-B31317227240}
2012-10-26 07:17:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{A3DC9D33-2220-4C1E-9789-CBDEC1192476}
2012-10-25 19:17:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{EACC18EF-E07A-4F08-B475-5336CD94A075}
2012-10-25 07:16:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D6E909A-DBC4-4A8F-9D18-AB521316FAEB}
2012-10-24 19:15:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{71EA150D-BEB9-416B-B66A-5EC9761494A5}
2012-10-24 07:15:17 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8518AEB-1C1A-44EB-9789-4CB965384289}
2012-10-23 19:14:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{78CE1522-561D-4056-A92E-27816E65FE7E}
2012-10-23 07:14:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{BF838F9E-B1BD-485F-B3CA-518998805754}
2012-10-22 06:55:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{166AC418-F9B2-4E39-84EF-AFE1568E6503}
2012-10-21 08:26:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{21DB345C-1E90-46D6-AD50-6ED0A0C2B150}
2012-10-20 20:26:16 -------- d-----w- C:\Users\STEVE\AppData\Local\{2C5C1EAD-AE0B-4F5E-BBBC-B2BDF210F7F5}
2012-10-20 08:25:47 -------- d-----w- C:\Users\STEVE\AppData\Local\{C58807E4-9352-4377-A4A0-45BB1353CDF3}
2012-10-19 20:25:24 -------- d-----w- C:\Users\STEVE\AppData\Local\{17174FA1-520C-401E-9E26-47F7DE9EF9C4}
2012-10-19 08:25:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{B3882861-0079-4D03-8984-BBADE57BF0EE}
2012-10-18 20:24:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{BBE411A1-3BF7-40DD-AC74-527518FF39DD}
2012-10-18 08:24:13 -------- d-----w- C:\Users\STEVE\AppData\Local\{612666D1-29F7-48A3-9795-9F097FA610FD}
2012-10-17 20:23:49 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB7F702C-0C16-4BB0-89F3-FDEC1E6A278B}
2012-10-17 08:23:26 -------- d-----w- C:\Users\STEVE\AppData\Local\{9CE88A6C-B601-47A3-A978-56145FC54703}
2012-10-16 20:23:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{45E1F823-4FDE-46A9-BE07-F3BFF4AF0BBF}
2012-10-16 08:22:39 -------- d-----w- C:\Users\STEVE\AppData\Local\{726D0FA8-B1B9-4434-95A6-7A26709EBE60}
2012-10-15 20:22:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{240F8919-990F-46A6-9DF4-EC2CC348244B}
2012-10-15 08:21:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{D54ECE3A-8AED-4950-8DCA-EEC4F7382A7E}
2012-10-13 20:18:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{EA4E5729-9DD3-433D-84A4-640EC021EEAB}
2012-10-13 08:18:05 -------- d-----w- C:\Users\STEVE\AppData\Local\{FE16ACD0-0733-4912-A510-77550D769AFE}
2012-10-12 20:17:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{059985F5-247A-41D2-BAE7-9F3DE45D03FE}
2012-10-12 15:28:30 8 ----a-w- C:\Windows\SysWow64\EXPSEE.SYS
2012-10-12 15:28:30 8 ----a-w- C:\Windows\DESPXF.DLL
2012-10-12 15:00:35 -------- d-----w- C:\Users\STEVE\AppData\Roaming\CCDC
2012-10-12 14:52:05 -------- d-----w- C:\Program Files (x86)\CCDC
2012-10-12 14:26:57 -------- d-----w- C:\Program Files (x86)\POV-Ray for Windows v3.6
2012-10-12 14:25:40 -------- d-----w- C:\X-Seed
2012-10-12 08:17:18 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2B9C32E-2C0B-4103-A24D-B947F642054F}
2012-10-11 20:16:54 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D74D7FA-D622-4C24-ACD7-07F3D569FDFF}
2012-10-10 20:16:11 -------- d-----w- C:\Users\STEVE\AppData\Local\{57BBE729-F6BF-4C2B-98D5-BE5C513BB65C}
2012-10-10 14:18:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 14:17:14 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 14:17:14 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 14:16:27 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 14:16:25 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:16:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 14:16:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 14:16:22 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:40:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{1F726697-0A63-4B9D-94CA-4F6808B6AD8D}
2012-10-09 19:40:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{CC9270DC-4B90-411C-9D11-A1D330DDFBC8}
2012-10-09 07:39:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{1E70E6CE-4417-4D98-8A31-893362E9E761}
2012-10-08 19:39:25 -------- d-----w- C:\Users\STEVE\AppData\Local\{7AB57F07-6B50-473E-B094-EA8DC5EC229C}
2012-10-08 07:41:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8078DF3-0B6B-4097-A7F1-9B14A61BECF8}
.
==================== Find3M ====================
.
2012-10-09 13:49:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:49:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:58:10 501248 ----a-w- C:\Users\STEVE\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 18:42:19 2296840 ----a-w- C:\Users\STEVE\AmazonMP3DownloaderInstall.exe
.
============= FINISH: 21:22:55.48 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 21:39:45
-----------------------------
21:39:45.522 OS Version: Windows x64 6.1.7600
21:39:45.522 Number of processors: 1 586 0x170A
21:39:45.524 ComputerName: STEVE-HP UserName: STEVE
21:39:48.398 Initialize success
21:39:49.938 AVAST engine defs: 12110601
21:39:56.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:56.529 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:39:56.553 Disk 0 MBR read successfully
21:39:56.557 Disk 0 MBR scan
21:39:56.562 Disk 0 unknown MBR code
21:39:56.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:39:56.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 222511 MB offset 409600
21:39:56.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15660 MB offset 456112128
21:39:56.652 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:39:56.697 Disk 0 scanning C:\Windows\system32\drivers
21:40:14.305 Service scanning
21:40:54.816 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:04.989 Modules scanning
21:41:05.332 Disk 0 trace - called modules:
21:41:05.361 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
21:41:05.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033564b0]
21:41:05.374 3 CLASSPNP.SYS[fffff88001c6f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800320c050]
21:41:06.510 AVAST engine scan C:\Windows
21:41:09.508 AVAST engine scan C:\Windows\system32
21:45:02.203 AVAST engine scan C:\Windows\system32\drivers
21:45:15.460 AVAST engine scan C:\Users\STEVE
21:59:47.913 AVAST engine scan C:\ProgramData
22:15:57.553 Scan finished successfully
22:17:44.913 Disk 0 MBR has been saved successfully to "C:\Users\STEVE\Desktop\MBR.dat"
22:17:44.920 The log file has been saved successfully to "C:\Users\STEVE\Desktop\aswMBR.txt"

Satchfan
2012-11-09, 12:20
Hello steve18 and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

please follow all instructions in the order posted
please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
if you don't understand something, please don't hesitate to ask for clarification before proceeding
the fixes are specific to your problem and should only be used for this issue on this machine.
please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

Satchfan
2012-11-09, 13:50
Hello again Steve18

I see no obvious evidence of malware but there are some issues that need to be addressed.

You have some dodgy programs/toolbars and some programs that are out-of-date and therefore a security vulnerability.

Running multiple antivirus programs

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Uninstall Ad-Aware

click on Start, Control Panel
click Programs and Features
scroll down the list click on AdAware and then on Remove.

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/305923-perils-p2p-file-sharing.html).

I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

[b]Re ielowutil.exe

ielowutil.exe is harmless. See here (http://www.ielowutilexe.com/)

===================================================

Download and run AdwCleaner

Download AdwCleaner from here (http://api.viglink.com/api/click?format=go&key=bf4adfcbb328b51c165afd7f95bfc060&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F322162-avg-secure-search-and-google-sync%2F&v=1&libid=1348314395808&out=http%3A%2F%2Fgeneral-changelog-team.fr%2Fen%2Fdownloads%2Ffinish%2F20-outils-de-xplode%2F2-adwcleaner&ref=http%3A%2F%2Fwww.google.co.uk%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Ddownload%2520and%2520run%2520adwcleaner%26source%3Dweb%26cd%3D5%26sqi%3D2%26ved%3D0CEAQFjAE%26url%3Dhttp%253A%252F%252Fwww.geekstogo.com%252Fforum%252Ftopic%252F322162-avg-secure-search-and-google-sync%252F%26ei%3DDKVdULHtOo7P0AWZ6oDQBA%26usg%3DAFQjCNEzNnaWddR5PWyz-MxdM_0U0UVz1A&title=AVG%20Secure%20Search%20and%20Google%20sync%20-%20Geeks%20to%20Go%20Forums&txt=ADWCLEANER&jsonp=vglnk_jsonp_13483144033661) and save it to your desktop.

run AdwCleaner and select Delete
when it has finished it will ask to reboot - allow the reboot
on reboot a log will be produced; please attach the content of the log to your next reply

===================================================

Download Malwarebytes-Anti-Malware

Click here (http://www.filehippo.com/download_malwarebytes_anti_malware/).

double-click mbam-setup.exe and follow the prompts to install the program.
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

AdwCleaner log
Mbam.txt

steve18
2012-11-09, 23:57
Hi Satchfan,

Thanks for the reply.

I have done as you said and removed adaware. Also I've run the two programs. Please find the logs attached.

Cheers
Steve

Satchfan
2012-11-10, 01:56
You seem to be pretty much ok here but a couple more scans should make sure.

Run Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
save it to your Desktop. double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. a Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here (http://www.bleepingcomputer.com/forums/topic114351.html).

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan (http://www.eset.com/online-scanner)

1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish

If a log has been produced post it in your next reply.

Satchfan

steve18
2012-11-10, 15:17
I ran both the programs that you requested.

ESET found nothing so there is no log to attach.

Here is the log for Security Check:

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!! (http://windows.microsoft.com/en-US/windows7/install-windows-7-service-pack-1)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Steve

Satchfan
2012-11-10, 17:14
It's good that Eset also found nothing. I’d say that apart from a lot of junk that was removed,, you had no real malware.

As long as your computer seems to be running well, please follow these steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner
double click on adwcleaner.exe to run the tool
click on Uninstall
confirm with Yes. You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Create a Restore Point
click on Start > Control Panel (All Control Panel Items)
click on System > System Protection
check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C:
click Create
type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.
Remove old restore points
open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
if prompted, select the drive that you want to clean up, and then click OK.
in the Disk Cleanup for (drive letter) dialog box, click "Clean up system files". If you're prompted for an administrator password or confirmation, type the password or provide confirmation
if prompted, select the drive that you want to clean up, and then click OK
click the More Options tab, then under System Restore and Shadow Copies, click Clean up
in the Disk Cleanup dialog box, click Delete
click Delete Files, and then click OK.

===================================================

Windows updates

I notice that Windows updates are waiting to be installed and you do not have Service Pack 1 installed.. Click here (http://update.microsoft.com) for information on how to get the latest Windows updates or your computer will be at risk of infection.

===================================================

Update Java

You have an old version on your computer which are also vulnerable to infections.

from the Start menu, select Control Panel.
in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.
select any versions of Java then click Uninstall.
Install the latest version:

Java (http://www.java.com/en/download/manual.jsp)

NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”

http://i944.photobucket.com/albums/ad283/Ninamf/Java.gif

===================================================

Recommended programs

Spybot’s TeaTimer

This program is disabled and should be enabled or you will not have real-time protection.

open Spybot Search & Destroy
go to the Mode menu and make sureAdvanced Mode is selected.
choose Yes at the Warning prompt
expand the “Tools” menu
click Resident
check the Resident TeaTimer (Protection of overall system settings) active. box
in the File menu click Exit to exit Spybot Search & Destroy.
if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
exit Spybot S&D.

Remember to scan your computer with the program on a regular basis as you would with your anti-virus software.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker (http://www.filehippo.com/updatechecker/FHsetup.exe) is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts (http://winhelp2002.mvps.org/hosts.htm) file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware (http://miekiemoes.blogspot.com/2008/02/how-to-prevent-malware.html) by miekiemoes


If I hear nothing for 24 hours I shall assume all is well and close the topic.

Safe computing

Satchfan