100% CPU Usage and ielowutil.exe

[steve18]

Recently my computer has been running very slowly due to 100% cpu usage the majority of the time. Also I have noticed coupled with this a process named ielowutil.exe, which is replicated several times, keeps popping up.

Below are my DDS and aswMBR logs

Thanks in advance for your help.

DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
Run by STEVE at 21:19:11 on 2012-11-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.811 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://startsear.ch/?aff=1
mStart Page = hxxp://startsear.ch/?aff=1
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Virgin Media Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} -
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\STEVE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
StartupFolder: C:\Users\STEVE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\STEVE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1 194.168.4.100 194.168.8.100
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\qmbso5rn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\STEVE\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - ExtSQL: !HIDDEN! 2011-01-22 17:36; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-13 69376]
R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-31 63760]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-4 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-4 304472]
R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-4 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-4 66904]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2012-11-06 19:32:27 -------- d-----w- C:\Users\STEVE\AppData\Local\{9DD3E688-8237-4ACF-8956-1CD0A5C57D02}
2012-11-06 07:32:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{8B47AA18-64F1-4740-AE9F-23984EB5520D}
2012-11-05 07:31:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{5001A22F-BFDD-400A-83A8-19EDE8861C35}
2012-11-04 19:30:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{EAC05CFA-F87E-45C0-BC4F-0567018BBA2A}
2012-11-04 07:30:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{7361CCD6-07A5-4692-BCC4-8ECFA9FD0F33}
2012-11-03 19:29:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{27EB3C8E-6DD7-446A-ACCF-E699FA320355}
2012-11-03 07:29:21 -------- d-----w- C:\Users\STEVE\AppData\Local\{D345D098-86CC-4FF4-B208-30F6708AACED}
2012-11-02 19:28:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{17B8C783-A458-44CC-9C84-9B661BFA9581}
2012-11-02 07:28:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{63909B04-0612-4EB4-BED7-32A6572D337D}
2012-11-01 19:26:34 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2231FCB-1A68-4FD0-8A8F-63C9996CADC4}
2012-11-01 07:20:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{5296EEB6-2869-48D5-90C9-0F4F2366031E}
2012-10-31 15:55:22 -------- d-----w- C:\ProgramData\Advanced Chemistry Development
2012-10-31 15:54:25 -------- d-----w- C:\ACDFREE12
2012-10-31 15:53:40 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Advanced Chemistry Development
2012-10-31 07:20:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{1AAAF1E9-AD58-412D-8F5E-6E33F656C596}
2012-10-30 19:19:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{19425FD7-5659-4DCB-9A8F-C0AD60B555A1}
2012-10-30 07:19:22 -------- d-----w- C:\Users\STEVE\AppData\Local\{BCD1B558-D4C6-4ABE-9EDD-D0848A48817B}
2012-10-29 19:18:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{86AF8BAE-ECA2-4E49-BE39-40BCD3A7A60B}
2012-10-29 07:18:35 -------- d-----w- C:\Users\STEVE\AppData\Local\{CB663E70-82CF-4E95-B1B8-4E8D1369D3DF}
2012-10-28 19:18:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{4BB5A9D1-BC93-400A-8FBA-E8C43F1BF19E}
2012-10-28 07:17:31 -------- d-----w- C:\Users\STEVE\AppData\Local\{9507F3FD-4041-4048-88F7-D091271D0A3B}
2012-10-27 19:17:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB9ED222-7B94-4DA3-A2CA-42EB69D1A08D}
2012-10-27 11:29:48 -------- d-----w- C:\Users\STEVE\AppData\Local\Geckofx
2012-10-27 11:27:48 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Firefly Studios
2012-10-27 11:19:20 -------- d-----w- C:\ProgramData\Firefly Studios
2012-10-27 11:05:41 -------- d-----w- C:\Program Files (x86)\Firefly Studios
2012-10-27 07:16:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{FB76D38C-0494-4867-B362-84152134D277}
2012-10-26 19:17:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{67C788D0-5A2E-487C-BA27-B31317227240}
2012-10-26 07:17:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{A3DC9D33-2220-4C1E-9789-CBDEC1192476}
2012-10-25 19:17:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{EACC18EF-E07A-4F08-B475-5336CD94A075}
2012-10-25 07:16:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D6E909A-DBC4-4A8F-9D18-AB521316FAEB}
2012-10-24 19:15:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{71EA150D-BEB9-416B-B66A-5EC9761494A5}
2012-10-24 07:15:17 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8518AEB-1C1A-44EB-9789-4CB965384289}
2012-10-23 19:14:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{78CE1522-561D-4056-A92E-27816E65FE7E}
2012-10-23 07:14:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{BF838F9E-B1BD-485F-B3CA-518998805754}
2012-10-22 06:55:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{166AC418-F9B2-4E39-84EF-AFE1568E6503}
2012-10-21 08:26:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{21DB345C-1E90-46D6-AD50-6ED0A0C2B150}
2012-10-20 20:26:16 -------- d-----w- C:\Users\STEVE\AppData\Local\{2C5C1EAD-AE0B-4F5E-BBBC-B2BDF210F7F5}
2012-10-20 08:25:47 -------- d-----w- C:\Users\STEVE\AppData\Local\{C58807E4-9352-4377-A4A0-45BB1353CDF3}
2012-10-19 20:25:24 -------- d-----w- C:\Users\STEVE\AppData\Local\{17174FA1-520C-401E-9E26-47F7DE9EF9C4}
2012-10-19 08:25:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{B3882861-0079-4D03-8984-BBADE57BF0EE}
2012-10-18 20:24:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{BBE411A1-3BF7-40DD-AC74-527518FF39DD}
2012-10-18 08:24:13 -------- d-----w- C:\Users\STEVE\AppData\Local\{612666D1-29F7-48A3-9795-9F097FA610FD}
2012-10-17 20:23:49 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB7F702C-0C16-4BB0-89F3-FDEC1E6A278B}
2012-10-17 08:23:26 -------- d-----w- C:\Users\STEVE\AppData\Local\{9CE88A6C-B601-47A3-A978-56145FC54703}
2012-10-16 20:23:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{45E1F823-4FDE-46A9-BE07-F3BFF4AF0BBF}
2012-10-16 08:22:39 -------- d-----w- C:\Users\STEVE\AppData\Local\{726D0FA8-B1B9-4434-95A6-7A26709EBE60}
2012-10-15 20:22:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{240F8919-990F-46A6-9DF4-EC2CC348244B}
2012-10-15 08:21:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{D54ECE3A-8AED-4950-8DCA-EEC4F7382A7E}
2012-10-13 20:18:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{EA4E5729-9DD3-433D-84A4-640EC021EEAB}
2012-10-13 08:18:05 -------- d-----w- C:\Users\STEVE\AppData\Local\{FE16ACD0-0733-4912-A510-77550D769AFE}
2012-10-12 20:17:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{059985F5-247A-41D2-BAE7-9F3DE45D03FE}
2012-10-12 15:28:30 8 ----a-w- C:\Windows\SysWow64\EXPSEE.SYS
2012-10-12 15:28:30 8 ----a-w- C:\Windows\DESPXF.DLL
2012-10-12 15:00:35 -------- d-----w- C:\Users\STEVE\AppData\Roaming\CCDC
2012-10-12 14:52:05 -------- d-----w- C:\Program Files (x86)\CCDC
2012-10-12 14:26:57 -------- d-----w- C:\Program Files (x86)\POV-Ray for Windows v3.6
2012-10-12 14:25:40 -------- d-----w- C:\X-Seed
2012-10-12 08:17:18 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2B9C32E-2C0B-4103-A24D-B947F642054F}
2012-10-11 20:16:54 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D74D7FA-D622-4C24-ACD7-07F3D569FDFF}
2012-10-10 20:16:11 -------- d-----w- C:\Users\STEVE\AppData\Local\{57BBE729-F6BF-4C2B-98D5-BE5C513BB65C}
2012-10-10 14:18:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 14:17:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-10 14:17:14 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-10-10 14:17:14 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-10-10 14:16:27 1462784 ----a-w- C:\Windows\System32\crypt32.dll
2012-10-10 14:16:25 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-10-10 14:16:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-10-10 14:16:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-10-10 14:16:22 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-10-10 14:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-10-10 07:40:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{1F726697-0A63-4B9D-94CA-4F6808B6AD8D}
2012-10-09 19:40:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{CC9270DC-4B90-411C-9D11-A1D330DDFBC8}
2012-10-09 07:39:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{1E70E6CE-4417-4D98-8A31-893362E9E761}
2012-10-08 19:39:25 -------- d-----w- C:\Users\STEVE\AppData\Local\{7AB57F07-6B50-473E-B094-EA8DC5EC229C}
2012-10-08 07:41:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8078DF3-0B6B-4097-A7F1-9B14A61BECF8}
.
==================== Find3M ====================
.
2012-10-09 13:49:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 13:49:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:58:10 501248 ----a-w- C:\Users\STEVE\FacebookVideoCallSetup_v1.2.205.0.exe
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-13 18:42:19 2296840 ----a-w- C:\Users\STEVE\AmazonMP3DownloaderInstall.exe
.
============= FINISH: 21:22:55.48 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-11-06 21:39:45
-----------------------------
21:39:45.522 OS Version: Windows x64 6.1.7600
21:39:45.522 Number of processors: 1 586 0x170A
21:39:45.524 ComputerName: STEVE-HP UserName: STEVE
21:39:48.398 Initialize success
21:39:49.938 AVAST engine defs: 12110601
21:39:56.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:39:56.529 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
21:39:56.553 Disk 0 MBR read successfully
21:39:56.557 Disk 0 MBR scan
21:39:56.562 Disk 0 unknown MBR code
21:39:56.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:39:56.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 222511 MB offset 409600
21:39:56.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15660 MB offset 456112128
21:39:56.652 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
21:39:56.697 Disk 0 scanning C:\Windows\system32\drivers
21:40:14.305 Service scanning
21:40:54.816 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:41:04.989 Modules scanning
21:41:05.332 Disk 0 trace - called modules:
21:41:05.361 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
21:41:05.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033564b0]
21:41:05.374 3 CLASSPNP.SYS[fffff88001c6f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800320c050]
21:41:06.510 AVAST engine scan C:\Windows
21:41:09.508 AVAST engine scan C:\Windows\system32
21:45:02.203 AVAST engine scan C:\Windows\system32\drivers
21:45:15.460 AVAST engine scan C:\Users\STEVE
21:59:47.913 AVAST engine scan C:\ProgramData
22:15:57.553 Scan finished successfully
22:17:44.913 Disk 0 MBR has been saved successfully to "C:\Users\STEVE\Desktop\MBR.dat"
22:17:44.920 The log file has been saved successfully to "C:\Users\STEVE\Desktop\aswMBR.txt"

[Satchfan]

Hello steve18 and welcome to the Safer Networking Forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

• please follow all instructions in the order posted
• please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
• all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
• if you don't understand something, please don't hesitate to ask for clarification before proceeding
• the fixes are specific to your problem and should only be used for this issue on this machine.
• please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

I am looking at your logs now and will reply with instructions shortly.

Satchfan

[Satchfan]

Hello again Steve18

I see no obvious evidence of malware but there are some issues that need to be addressed.

You have some dodgy programs/toolbars and some programs that are out-of-date and therefore a security vulnerability.

Running multiple antivirus programs

You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

Uninstall Ad-Aware

• click on Start, Control Panel
• click Programs and Features
• scroll down the list click on AdAware and then on Remove.

===================================================

P2P - I see you have P2P software, (uTorrent), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall it now. You can do so via [b]Control Panel, Programs, and then Programs and Features.

Should you decide to keep it, please don’t use it until we have finished up here.

===================================================

Re ielowutil.exe

ielowutil.exe is harmless. See here

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

• run AdwCleaner and select Delete
• when it has finished it will ask to reboot - allow the reboot
• on reboot a log will be produced; please attach the content of the log to your next reply

===================================================

Download Malwarebytes-Anti-Malware

Click here.

• double-click mbam-setup.exe and follow the prompts to install the program.
• at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
• if an update is found, it will download and install the latest version.
• once the program has loaded, select Perform quick scan, then click Scan.
• when the scan is complete, click OK, then Show Results to view the results.
• be sure that everything is checked, and click Remove Selected.
• when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
• the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include with the next post:

AdwCleaner log
Mbam.txt

[steve18]

Hi Satchfan,

Thanks for the reply.

I have done as you said and removed adaware. Also I've run the two programs. Please find the logs attached.

Cheers
Steve

[Satchfan]

You seem to be pretty much ok here but a couple more scans should make sure.

Run Security Check

Download Security Check by screen317 from here or here.

• save it to your Desktop.
• double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• a Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

• 1. Click the Eset online Scanner button.
  2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Eset installer icon on your desktop.
  3. Check Yes, I accept the Terms of Use
  4. Click the Start button.
  5. Accept any security warnings from your browser.
  6. Check Scan archives
  7. Push the Start button.
  8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  9. When the scan completes, push List of found threats
  10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  Note - if ESET doesn't find any threats, no report will be created.
  11. Push the back button.
  12. Push Finish

If a log has been produced post it in your next reply.

Satchfan

[steve18]

I ran both the programs that you requested.

ESET found nothing so there is no log to attach.

Here is the log for Security Check:

Results of screen317's Security Check version 0.99.54
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 31
Java version out of Date!
Adobe Flash Player 11.4.402.287
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Spybot Teatimer.exe is disabled!
AVAST Software Avast AvastSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Steve