Results 1 to 7 of 7

Thread: 100% CPU Usage and ielowutil.exe

  1. #1
    Junior Member
    Join Date
    Nov 2012

    Default 100% CPU Usage and ielowutil.exe

    Recently my computer has been running very slowly due to 100% cpu usage the majority of the time. Also I have noticed coupled with this a process named ielowutil.exe, which is replicated several times, keeps popping up.

    Below are my DDS and aswMBR logs

    Thanks in advance for your help.

    DDS (Ver_2012-11-05.02) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_31
    Run by STEVE at 21:19:11 on 2012-11-06
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3003.811 [GMT 0:00]
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
    C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
    C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
    C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://
    mStart Page = hxxp://
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: IE5BarLauncherBHO Class: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\ plugin\BarLcher.dll
    BHO: EndNote Web: {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\ plugin\BarLcher.dll
    TB: VShareToolBar: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\ plugin\BarLcher.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Virgin Media Security Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} -
    TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    TB: EndNote Web: {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [Google Update] "C:\Users\STEVE\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    StartupFolder: C:\Users\STEVE\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\STEVE\AppData\Roaming\Dropbox\bin\Dropbox.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: EnableShellExecuteHooks = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: HideFastUserSwitching = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\STEVE\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
    IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://
    TCP: NameServer =
    TCP: Interfaces\{6CF43E3D-1F03-446F-A01C-BC6C92C2BF9B} : DHCPNameServer =
    TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0} : DHCPNameServer =
    TCP: Interfaces\{B7A4F2C4-3B41-49E5-A6FF-DE26F20C73A0}\2656C6B696E6534376 : DHCPNameServer =
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} -
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
    x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
    x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
    x64-DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} -
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} -
    x64-Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    ================= FIREFOX ===================
    FF - ProfilePath - C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\qmbso5rn.default\
    FF - prefs.js: browser.startup.homepage - hxxp://
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\Chem3D\npChem3DPlugin.dll
    FF - plugin: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDraw\NPCDP32.DLL
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\STEVE\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\STEVE\AppData\Local\Google\Update\\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
    FF - ExtSQL: !HIDDEN! 2011-01-22 17:36;; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    ============= SERVICES / DRIVERS ===============
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-5-13 69376]
    R0 RapportKE64;RapportKE64;C:\Windows\System32\drivers\RapportKE64.sys [2010-12-31 63760]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-12-4 591192]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-12-4 304472]
    R1 RapportCerberus_34302;RapportCerberus_34302;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-15 397520]
    R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-4-17 55056]
    R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-4-17 61712]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-12-4 24408]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-12-4 66904]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-5-13 17152]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-17 347680]
    R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-8-17 1093152]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    =============== Created Last 30 ================
    2012-11-06 19:32:27 -------- d-----w- C:\Users\STEVE\AppData\Local\{9DD3E688-8237-4ACF-8956-1CD0A5C57D02}
    2012-11-06 07:32:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{8B47AA18-64F1-4740-AE9F-23984EB5520D}
    2012-11-05 07:31:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{5001A22F-BFDD-400A-83A8-19EDE8861C35}
    2012-11-04 19:30:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{EAC05CFA-F87E-45C0-BC4F-0567018BBA2A}
    2012-11-04 07:30:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{7361CCD6-07A5-4692-BCC4-8ECFA9FD0F33}
    2012-11-03 19:29:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{27EB3C8E-6DD7-446A-ACCF-E699FA320355}
    2012-11-03 07:29:21 -------- d-----w- C:\Users\STEVE\AppData\Local\{D345D098-86CC-4FF4-B208-30F6708AACED}
    2012-11-02 19:28:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{17B8C783-A458-44CC-9C84-9B661BFA9581}
    2012-11-02 07:28:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{63909B04-0612-4EB4-BED7-32A6572D337D}
    2012-11-01 19:26:34 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2231FCB-1A68-4FD0-8A8F-63C9996CADC4}
    2012-11-01 07:20:56 -------- d-----w- C:\Users\STEVE\AppData\Local\{5296EEB6-2869-48D5-90C9-0F4F2366031E}
    2012-10-31 15:55:22 -------- d-----w- C:\ProgramData\Advanced Chemistry Development
    2012-10-31 15:54:25 -------- d-----w- C:\ACDFREE12
    2012-10-31 15:53:40 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Advanced Chemistry Development
    2012-10-31 07:20:08 -------- d-----w- C:\Users\STEVE\AppData\Local\{1AAAF1E9-AD58-412D-8F5E-6E33F656C596}
    2012-10-30 19:19:45 -------- d-----w- C:\Users\STEVE\AppData\Local\{19425FD7-5659-4DCB-9A8F-C0AD60B555A1}
    2012-10-30 07:19:22 -------- d-----w- C:\Users\STEVE\AppData\Local\{BCD1B558-D4C6-4ABE-9EDD-D0848A48817B}
    2012-10-29 19:18:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{86AF8BAE-ECA2-4E49-BE39-40BCD3A7A60B}
    2012-10-29 07:18:35 -------- d-----w- C:\Users\STEVE\AppData\Local\{CB663E70-82CF-4E95-B1B8-4E8D1369D3DF}
    2012-10-28 19:18:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{4BB5A9D1-BC93-400A-8FBA-E8C43F1BF19E}
    2012-10-28 07:17:31 -------- d-----w- C:\Users\STEVE\AppData\Local\{9507F3FD-4041-4048-88F7-D091271D0A3B}
    2012-10-27 19:17:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB9ED222-7B94-4DA3-A2CA-42EB69D1A08D}
    2012-10-27 11:29:48 -------- d-----w- C:\Users\STEVE\AppData\Local\Geckofx
    2012-10-27 11:27:48 -------- d-----w- C:\Users\STEVE\AppData\Roaming\Firefly Studios
    2012-10-27 11:19:20 -------- d-----w- C:\ProgramData\Firefly Studios
    2012-10-27 11:05:41 -------- d-----w- C:\Program Files (x86)\Firefly Studios
    2012-10-27 07:16:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{FB76D38C-0494-4867-B362-84152134D277}
    2012-10-26 19:17:40 -------- d-----w- C:\Users\STEVE\AppData\Local\{67C788D0-5A2E-487C-BA27-B31317227240}
    2012-10-26 07:17:12 -------- d-----w- C:\Users\STEVE\AppData\Local\{A3DC9D33-2220-4C1E-9789-CBDEC1192476}
    2012-10-25 19:17:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{EACC18EF-E07A-4F08-B475-5336CD94A075}
    2012-10-25 07:16:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D6E909A-DBC4-4A8F-9D18-AB521316FAEB}
    2012-10-24 19:15:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{71EA150D-BEB9-416B-B66A-5EC9761494A5}
    2012-10-24 07:15:17 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8518AEB-1C1A-44EB-9789-4CB965384289}
    2012-10-23 19:14:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{78CE1522-561D-4056-A92E-27816E65FE7E}
    2012-10-23 07:14:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{BF838F9E-B1BD-485F-B3CA-518998805754}
    2012-10-22 06:55:07 -------- d-----w- C:\Users\STEVE\AppData\Local\{166AC418-F9B2-4E39-84EF-AFE1568E6503}
    2012-10-21 08:26:44 -------- d-----w- C:\Users\STEVE\AppData\Local\{21DB345C-1E90-46D6-AD50-6ED0A0C2B150}
    2012-10-20 20:26:16 -------- d-----w- C:\Users\STEVE\AppData\Local\{2C5C1EAD-AE0B-4F5E-BBBC-B2BDF210F7F5}
    2012-10-20 08:25:47 -------- d-----w- C:\Users\STEVE\AppData\Local\{C58807E4-9352-4377-A4A0-45BB1353CDF3}
    2012-10-19 20:25:24 -------- d-----w- C:\Users\STEVE\AppData\Local\{17174FA1-520C-401E-9E26-47F7DE9EF9C4}
    2012-10-19 08:25:00 -------- d-----w- C:\Users\STEVE\AppData\Local\{B3882861-0079-4D03-8984-BBADE57BF0EE}
    2012-10-18 20:24:36 -------- d-----w- C:\Users\STEVE\AppData\Local\{BBE411A1-3BF7-40DD-AC74-527518FF39DD}
    2012-10-18 08:24:13 -------- d-----w- C:\Users\STEVE\AppData\Local\{612666D1-29F7-48A3-9795-9F097FA610FD}
    2012-10-17 20:23:49 -------- d-----w- C:\Users\STEVE\AppData\Local\{BB7F702C-0C16-4BB0-89F3-FDEC1E6A278B}
    2012-10-17 08:23:26 -------- d-----w- C:\Users\STEVE\AppData\Local\{9CE88A6C-B601-47A3-A978-56145FC54703}
    2012-10-16 20:23:02 -------- d-----w- C:\Users\STEVE\AppData\Local\{45E1F823-4FDE-46A9-BE07-F3BFF4AF0BBF}
    2012-10-16 08:22:39 -------- d-----w- C:\Users\STEVE\AppData\Local\{726D0FA8-B1B9-4434-95A6-7A26709EBE60}
    2012-10-15 20:22:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{240F8919-990F-46A6-9DF4-EC2CC348244B}
    2012-10-15 08:21:32 -------- d-----w- C:\Users\STEVE\AppData\Local\{D54ECE3A-8AED-4950-8DCA-EEC4F7382A7E}
    2012-10-13 20:18:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{EA4E5729-9DD3-433D-84A4-640EC021EEAB}
    2012-10-13 08:18:05 -------- d-----w- C:\Users\STEVE\AppData\Local\{FE16ACD0-0733-4912-A510-77550D769AFE}
    2012-10-12 20:17:41 -------- d-----w- C:\Users\STEVE\AppData\Local\{059985F5-247A-41D2-BAE7-9F3DE45D03FE}
    2012-10-12 15:28:30 8 ----a-w- C:\Windows\SysWow64\EXPSEE.SYS
    2012-10-12 15:28:30 8 ----a-w- C:\Windows\DESPXF.DLL
    2012-10-12 15:00:35 -------- d-----w- C:\Users\STEVE\AppData\Roaming\CCDC
    2012-10-12 14:52:05 -------- d-----w- C:\Program Files (x86)\CCDC
    2012-10-12 14:26:57 -------- d-----w- C:\Program Files (x86)\POV-Ray for Windows v3.6
    2012-10-12 14:25:40 -------- d-----w- C:\X-Seed
    2012-10-12 08:17:18 -------- d-----w- C:\Users\STEVE\AppData\Local\{F2B9C32E-2C0B-4103-A24D-B947F642054F}
    2012-10-11 20:16:54 -------- d-----w- C:\Users\STEVE\AppData\Local\{0D74D7FA-D622-4C24-ACD7-07F3D569FDFF}
    2012-10-10 20:16:11 -------- d-----w- C:\Users\STEVE\AppData\Local\{57BBE729-F6BF-4C2B-98D5-BE5C513BB65C}
    2012-10-10 14:18:59 6144 ---ha-w- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-10 14:17:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-10-10 14:17:37 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-10-10 14:17:14 714752 ----a-w- C:\Windows\System32\kerberos.dll
    2012-10-10 14:17:14 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-10-10 14:16:27 1462784 ----a-w- C:\Windows\System32\crypt32.dll
    2012-10-10 14:16:25 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-10-10 14:16:24 182272 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-10-10 14:16:23 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-10-10 14:16:22 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-10-10 14:16:20 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-10-10 07:40:58 -------- d-----w- C:\Users\STEVE\AppData\Local\{1F726697-0A63-4B9D-94CA-4F6808B6AD8D}
    2012-10-09 19:40:29 -------- d-----w- C:\Users\STEVE\AppData\Local\{CC9270DC-4B90-411C-9D11-A1D330DDFBC8}
    2012-10-09 07:39:53 -------- d-----w- C:\Users\STEVE\AppData\Local\{1E70E6CE-4417-4D98-8A31-893362E9E761}
    2012-10-08 19:39:25 -------- d-----w- C:\Users\STEVE\AppData\Local\{7AB57F07-6B50-473E-B094-EA8DC5EC229C}
    2012-10-08 07:41:14 -------- d-----w- C:\Users\STEVE\AppData\Local\{A8078DF3-0B6B-4097-A7F1-9B14A61BECF8}
    ==================== Find3M ====================
    2012-10-09 13:49:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 13:49:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:58:10 501248 ----a-w- C:\Users\STEVE\FacebookVideoCallSetup_v1.2.205.0.exe
    2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-21 12:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2012-08-21 12:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2012-08-21 12:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-13 18:42:19 2296840 ----a-w- C:\Users\STEVE\AmazonMP3DownloaderInstall.exe
    ============= FINISH: 21:22:55.48 ===============

    aswMBR version Copyright(c) 2011 AVAST Software
    Run date: 2012-11-06 21:39:45
    21:39:45.522 OS Version: Windows x64 6.1.7600
    21:39:45.522 Number of processors: 1 586 0x170A
    21:39:45.524 ComputerName: STEVE-HP UserName: STEVE
    21:39:48.398 Initialize success
    21:39:49.938 AVAST engine defs: 12110601
    21:39:56.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    21:39:56.529 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    21:39:56.553 Disk 0 MBR read successfully
    21:39:56.557 Disk 0 MBR scan
    21:39:56.562 Disk 0 unknown MBR code
    21:39:56.577 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    21:39:56.595 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 222511 MB offset 409600
    21:39:56.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15660 MB offset 456112128
    21:39:56.652 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
    21:39:56.697 Disk 0 scanning C:\Windows\system32\drivers
    21:40:14.305 Service scanning
    21:40:54.816 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
    21:41:04.989 Modules scanning
    21:41:05.332 Disk 0 trace - called modules:
    21:41:05.361 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys sptd.sys
    21:41:05.368 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80033564b0]
    21:41:05.374 3 CLASSPNP.SYS[fffff88001c6f43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800320c050]
    21:41:06.510 AVAST engine scan C:\Windows
    21:41:09.508 AVAST engine scan C:\Windows\system32
    21:45:02.203 AVAST engine scan C:\Windows\system32\drivers
    21:45:15.460 AVAST engine scan C:\Users\STEVE
    21:59:47.913 AVAST engine scan C:\ProgramData
    22:15:57.553 Scan finished successfully
    22:17:44.913 Disk 0 MBR has been saved successfully to "C:\Users\STEVE\Desktop\MBR.dat"
    22:17:44.920 The log file has been saved successfully to "C:\Users\STEVE\Desktop\aswMBR.txt"

  2. #2
    Security Expert- Visiting Fellow Satchfan's Avatar
    Join Date
    Feb 2009
    Exeter, UK


    Hello steve18 and welcome to the Safer Networking Forum.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:
    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!


    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    I am looking at your logs now and will reply with instructions shortly.


  3. #3
    Security Expert- Visiting Fellow Satchfan's Avatar
    Join Date
    Feb 2009
    Exeter, UK


    Hello again Steve18

    I see no obvious evidence of malware but there are some issues that need to be addressed.

    You have some dodgy programs/toolbars and some programs that are out-of-date and therefore a security vulnerability.

    Running multiple antivirus programs

    You can not run two real-time antiviruses at the same time. Although many have different methods of searching for and recognising threats, they will all be 'fighting' in memory to kick each other out, rendering them all ineffective.

    Uninstall Ad-Aware
    • click on Start, Control Panel
    • click Programs and Features
    • scroll down the list click on AdAware and then on Remove.


    P2P - I see you have P2P software, (uTorrent), installed on your machine.

    We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

    Please see this topic for more information:

    Perils of P2P File Sharing.

    I would strongly recommend that you uninstall it now. You can do so via [b]Control Panel, Programs, and then Programs and Features.

    Should you decide to keep it, please don’t use it until we have finished up here.


    Re ielowutil.exe

    ielowutil.exe is harmless. See here


    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.
    • run AdwCleaner and select Delete
    • when it has finished it will ask to reboot - allow the reboot
    • on reboot a log will be produced; please attach the content of the log to your next reply


    Download Malwarebytes-Anti-Malware

    Click here.
    • double-click mbam-setup.exe and follow the prompts to install the program.
    • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
    • if an update is found, it will download and install the latest version.
    • once the program has loaded, select Perform quick scan, then click Scan.
    • when the scan is complete, click OK, then Show Results to view the results.
    • be sure that everything is checked, and click Remove Selected.
    • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • copy and paste the contents of that report in your next reply and exit MBAM.

    NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    Logs to include with the next post:

    AdwCleaner log
    Last edited by Satchfan; 2012-11-09 at 13:34.

  4. #4
    Junior Member
    Join Date
    Nov 2012


    Hi Satchfan,

    Thanks for the reply.

    I have done as you said and removed adaware. Also I've run the two programs. Please find the logs attached.


  5. #5
    Security Expert- Visiting Fellow Satchfan's Avatar
    Join Date
    Feb 2009
    Exeter, UK


    You seem to be pretty much ok here but a couple more scans should make sure.

    Run Security Check

    Download Security Check by screen317 from here or here.
    • save it to your Desktop.
    • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • a Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Run ESET Online Scan

    IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan
    • 1. Click the Eset online Scanner button.
      2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the Eset installer icon on your desktop.
      3. Check Yes, I accept the Terms of Use
      4. Click the Start button.
      5. Accept any security warnings from your browser.
      6. Check Scan archives
      7. Push the Start button.
      8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      9. When the scan completes, push List of found threats
      10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - if ESET doesn't find any threats, no report will be created.
      11. Push the back button.
      12. Push Finish

    If a log has been produced post it in your next reply.


  6. #6
    Junior Member
    Join Date
    Nov 2012


    I ran both the programs that you requested.

    ESET found nothing so there is no log to attach.

    Here is the log for Security Check:

    Results of screen317's Security Check version 0.99.54
    Windows 7 x64 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version
    Java(TM) 6 Update 31
    Java version out of Date!
    Adobe Flash Player 11.4.402.287
    Mozilla Firefox 12.0 Firefox out of Date!
    Google Chrome 21.0.1180.83
    Google Chrome 21.0.1180.89
    Google Chrome 22.0.1229.79
    Google Chrome 22.0.1229.92
    Google Chrome 22.0.1229.94
    Google Chrome 23.0.1271.64
    ````````Process Check: objlist.exe by Laurent````````
    Spybot Teatimer.exe is disabled!
    AVAST Software Avast AvastSvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````


  7. #7
    Security Expert- Visiting Fellow Satchfan's Avatar
    Join Date
    Feb 2009
    Exeter, UK


    It's good that Eset also found nothing. I’d say that apart from a lot of junk that was removed,, you had no real malware.

    As long as your computer seems to be running well, please follow these steps to tidy up you computer and decrease the likelihood of getting infected again:

    Uninstall AdwCleaner
    • double click on adwcleaner.exe to run the tool
    • click on Uninstall
    • confirm with Yes.
    You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.


    Create a Restore Point
    • click on Start > Control Panel (All Control Panel Items)
    • click on System > System Protection
    • check that you have System Protection turned on for the drive that you want to create a restore point for, (usually C:
    • click Create
    • type in a description for the restore point to help recognize it when doing a System Restore, and click on the Create button.

    Remove old restore points
    • open Disk Cleanup by clicking Start. In the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
    • if prompted, select the drive that you want to clean up, and then click OK.
    • in the Disk Cleanup for (drive letter) dialog box, click "Clean up system files". If you're prompted for an administrator password or confirmation, type the password or provide confirmation
    • if prompted, select the drive that you want to clean up, and then click OK
    • click the More Options tab, then under System Restore and Shadow Copies, click Clean up
    • in the Disk Cleanup dialog box, click Delete
    • click Delete Files, and then click OK.


    Windows updates

    I notice that Windows updates are waiting to be installed and you do not have Service Pack 1 installed.. Click here for information on how to get the latest Windows updates or your computer will be at risk of infection.


    Update Java

    You have an old version on your computer which are also vulnerable to infections.
    • from the Start menu, select Control Panel.
    • in Large or Small icon view, click Programs and Features. If you're using Category view, under "Programs", click Uninstall a program.
    • select any versions of Java then click Uninstall.
    Install the latest version:


    NOTE – when you install Java, before clicking on Install, be sure to Uncheck “Install the Ask Toolbar and make Ask my default search provider”


    Recommended programs

    Spybot’s TeaTimer

    This program is disabled and should be enabled or you will not have real-time protection.
    • open Spybot Search & Destroy
    • go to the Mode menu and make sureAdvanced Mode is selected.
    • choose Yes at the Warning prompt
    • expand the “Tools” menu
    • click Resident
    • check the Resident TeaTimer (Protection of overall system settings) active. box
    • in the File menu click Exit to exit Spybot Search & Destroy.
    • if Teatimer gives you a warning that changes were made, click Allow Change when prompted.
      exit Spybot S&D.

    Remember to scan your computer with the program on a regular basis as you would with your anti-virus software.


    Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.


    It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

    FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.


    MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to which is your local computer, meaning it will be difficult to infect yourself in the future.


    I also recommend that you read the following:

    How to prevent malware by miekiemoes

    If I hear nothing for 24 hours I shall assume all is well and close the topic.

    Safe computing


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts