I've been putting this off for a while which was probably not the best idea...But I cannot find the problem! One day, this laptop just got really slow. Chrome no longer was that fast and loading programs took what seemed like forever compared to what I was use to. At first I thought sure, its just an old computer everythings catching up to it...But now if I'm on the webcam, playing a game, or having Chrome up I can't do anything else at the same time. Otherwise I see no problems. I've cleaned and cleaned, defragged, ran scans like crazy and I never can find anything. The only thing that had changed before the slowness was Zedo pop ups appeared (Which are still present as I cannot find the files to get it off). My final guess is that my computer did a scheduled windows update, restarted and when I got back on it was slow...but thats only a guess. I'll really appreciate any help anyone can offer.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7548
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120
8/23/2011 10:43:19 PM
mbam-log-2011-08-23 (22-43-19).txt
Scan type: Quick scan
Objects scanned: 165831
Time elapsed: 15 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2008 5:05:14 AM
System Uptime: 8/23/2011 10:22:17 PM (1 hours ago)
.
Motherboard: Acer | | Acadia
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | uPGA-478 | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 28.687 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 50.277 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1072: 8/21/2011 12:00:09 AM - Scheduled Checkpoint
RP1073: 8/23/2011 5:20:47 PM - Windows Update
RP1074: 8/23/2011 9:50:54 PM - Manually Created
RP1075: 8/23/2011 9:52:20 PM - Created Manually
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade
Acer Assist
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AIM 7
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft PhotoImpression 6
Auslogics Disk Defrag
avast! Free Antivirus
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Berlitz Before You Know It Flash Cards
Berlitz Learning System - Japanese
Bonjour
CCleaner
Color Efex Pro 3.0 Wacom Edition 3
Corel Painter Essentials 4
Coupon Printer for Windows
D3DX10
Download Updater (AOL LLC)
ESET Online Scanner v3
Garmin Communicator Plugin
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
KitsuSaga
Launch Manager
LG USB Modem driver
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Zoo Tycoon
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
Orion
Pattern Maker for cross stitch - v4 (Std)
Picasa 3
QuickTime
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.4
Runescape Toolbar
SA3020 Device Manager
SA30xx Media Converter
SCAR Divi CDE 3.15b
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shockwave
Sibelius Scorch (ActiveX Only)
Skype Toolbars
Skype™ 5.3
Smart Diary Suite 4
Speccy
Spelling Dictionaries Support For Adobe Reader 8
System Requirements Lab for Intel
Theme Park World Fix
TomTom HOME
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/23/2011 8:23:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/23/2011 8:23:30 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2011 8:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/23/2011 3:32:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 001F3AA16A88 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/23/2011 10:24:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Viewpoint Manager Service service to connect.
8/23/2011 10:24:00 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2011 10:13:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/19/2011 10:51:45 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
8/16/2011 8:55:28 PM, Error: EventLog [6008] - The previous system shutdown at 6:38:27 PM on 8/15/2011 was unexpected.
.
==== End Of File ===========================
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Roots at 23:34:20 on 2011-08-23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.124 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Roots\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Roots\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
mURLSearchHooks: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {CB97CD92-0C46-4F47-330B-9299C1FFD4BB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\roots\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E8DEBD18-7B16-4314-9022-43BD03388EDD} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-11 28544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-5 294608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-21 51200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-5 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-5 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-5 40384]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-5-1 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-5-1 49152]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-5-1 247320]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-11-7 4497704]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-11-7 113448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-21 180736]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-11-7 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-16 24652]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-7 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-24 02:19:57 709968 ----a-w- c:\windows\isRS-000.tmp
2011-08-23 23:48:35 -------- d-----w- c:\program files\Speccy
2011-08-23 21:24:00 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f577876f-7bad-4e74-8fa9-813787f2e8d6}\mpengine.dll
2011-08-22 01:41:20 -------- d-----w- c:\users\roots\appdata\local\{D010E9B6-8DDC-4123-9D6A-163AD2FB5190}
2011-08-22 01:41:04 -------- d-----w- c:\users\roots\appdata\local\{497DCB6F-3926-469D-8516-28760AA7DA23}
2011-08-18 01:54:00 -------- d-----w- c:\program files\iPod
2011-08-18 01:53:44 -------- d-----w- c:\program files\iTunes
2011-08-18 01:45:26 -------- d-----w- c:\program files\Bonjour
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-18 01:31:40 -------- d-----w- c:\users\roots\appdata\local\{53E7839E-2722-4D45-8B81-F54A5D849E50}
2011-08-18 01:31:28 -------- d-----w- c:\users\roots\appdata\local\{7B6843D2-AAEF-46BC-A6AF-D115E3A8A562}
2011-08-17 03:41:54 -------- d-----w- c:\users\roots\appdata\local\{69CBEDFB-FC90-4622-98E1-51495586F9C5}
2011-08-17 03:41:38 -------- d-----w- c:\users\roots\appdata\local\{ACC7D549-E8F6-40E4-8F3F-A21C2E101737}
2011-08-17 01:35:17 -------- d-----w- c:\users\roots\appdata\local\{10FCD3C8-6551-4B0F-B504-604E6B07D3EF}
2011-08-17 01:35:06 -------- d-----w- c:\users\roots\appdata\local\{3F9F653B-CC41-486A-81AB-9CE2DD4F1DF5}
2011-08-17 01:08:55 -------- d-----w- c:\users\roots\appdata\roaming\SupportSoft
2011-08-17 01:08:10 -------- d-----w- C:\temp
2011-08-17 01:08:07 -------- d-----w- c:\users\roots\appdata\roaming\OpswatLogs
2011-08-17 01:07:41 -------- d-----w- c:\program files\common files\supportsoft
2011-08-14 02:11:33 -------- d-----w- c:\users\roots\appdata\local\{8B49B999-FFE5-45ED-B8C1-9B61A95B7C50}
2011-08-14 02:11:20 -------- d-----w- c:\users\roots\appdata\local\{A18D3923-1D38-4066-8AB0-C041C4BA7C26}
2011-08-10 09:39:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 09:39:53 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 09:39:20 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-06 01:51:29 -------- d-----w- c:\users\roots\appdata\local\{29C8014F-D492-4921-8B33-B5212BB39C02}
2011-08-06 01:51:12 -------- d-----w- c:\users\roots\appdata\local\{57A5FA38-B63F-4149-B0C1-4D4B57D38D46}
2011-08-05 04:06:30 -------- d-----w- c:\users\roots\appdata\local\{9E9D5277-C9C3-4685-80EC-CC52B1E29BA9}
2011-08-02 02:31:38 -------- d-----w- c:\users\roots\appdata\local\{F5DAA288-22A8-4B45-9CD6-F9F9E2876F84}
2011-08-01 03:51:07 -------- d-----w- c:\users\roots\appdata\local\{8BBFF5D5-653F-4302-8D54-5CEB333FBF2A}
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:36:07.81 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-23 23:25:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1646GSX rev.LB113J
Running: djk072vb.exe; Driver: C:\Users\Roots\AppData\Local\Temp\awdirkow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C48082E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8C480652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8C48078C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- User code sections - GMER 1.0.15 ----
(Gmer file continues next couple posts)
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7548
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120
8/23/2011 10:43:19 PM
mbam-log-2011-08-23 (22-43-19).txt
Scan type: Quick scan
Objects scanned: 165831
Time elapsed: 15 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 3/30/2008 5:05:14 AM
System Uptime: 8/23/2011 10:22:17 PM (1 hours ago)
.
Motherboard: Acer | | Acadia
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz | uPGA-478 | 1995/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 69 GiB total, 28.687 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 50.277 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1072: 8/21/2011 12:00:09 AM - Scheduled Checkpoint
RP1073: 8/23/2011 5:20:47 PM - Windows Update
RP1074: 8/23/2011 9:50:54 PM - Manually Created
RP1075: 8/23/2011 9:52:20 PM - Created Manually
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acer Arcade
Acer Assist
Acer Crystal Eye webcam
Acer Crystal Eye Webcam Video Class Camera
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Photoshop.com Inspiration Browser
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Agere Systems HDA Modem
AIM 7
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression
ArcSoft PhotoImpression 6
Auslogics Disk Defrag
avast! Free Antivirus
Bamboo
Bamboo Dock
Bamboo Dock 3.3
Belkin Setup and Router Monitor
Belkin USB Print and Storage Center
Berlitz Before You Know It Flash Cards
Berlitz Learning System - Japanese
Bonjour
CCleaner
Color Efex Pro 3.0 Wacom Edition 3
Corel Painter Essentials 4
Coupon Printer for Windows
D3DX10
Download Updater (AOL LLC)
ESET Online Scanner v3
Garmin Communicator Plugin
Garmin USB Drivers
GIMP 2.6.11
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
KitsuSaga
Launch Manager
LG USB Modem driver
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.1.1800
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft Zoo Tycoon
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
OGA Notifier 2.0.0048.0
Orion
Pattern Maker for cross stitch - v4 (Std)
Picasa 3
QuickTime
Realtek High Definition Audio Driver
RuneScape Launcher 1.0.4
Runescape Toolbar
SA3020 Device Manager
SA30xx Media Converter
SCAR Divi CDE 3.15b
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shockwave
Sibelius Scorch (ActiveX Only)
Skype Toolbars
Skype™ 5.3
Smart Diary Suite 4
Speccy
Spelling Dictionaries Support For Adobe Reader 8
System Requirements Lab for Intel
Theme Park World Fix
TomTom HOME
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/23/2011 8:23:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/23/2011 8:23:30 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2011 8:23:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/23/2011 3:32:43 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.6 for the Network Card with network address 001F3AA16A88 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/23/2011 10:24:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Viewpoint Manager Service service to connect.
8/23/2011 10:24:00 PM, Error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/23/2011 10:13:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/19/2011 10:51:45 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
8/16/2011 8:55:28 PM, Error: EventLog [6008] - The previous system shutdown at 6:38:27 PM on 8/15/2011 was unexpected.
.
==== End Of File ===========================
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120
Run by Roots at 23:34:20 on 2011-08-23
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.124 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\WTouch\WTouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Roots\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Roots\AppData\Local\Google\Update\1.3.21.65\GoogleCrashHandler.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Windows\system32\agrsmsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Roots\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
mURLSearchHooks: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: {CB97CD92-0C46-4F47-330B-9299C1FFD4BB} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Runescape Toolbar: {a8864317-e18b-4292-99d9-e6e65ab905d3} - c:\program files\runescape\tbRune.dll
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\roots\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [B2C_AGENT] c:\programdata\lgmobileax\b2c_client\B2CNotiAgent.exe
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E8DEBD18-7B16-4314-9022-43BD03388EDD} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2008-8-11 28544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-5 294608]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-21 51200]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-5 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-11-5 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-5 40384]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\belkin\belkin usb print and storage center\BkBackupScheduler.exe [2011-5-1 152064]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\belkin\belkin usb print and storage center\Bkapcs.exe [2011-5-1 49152]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [2011-5-1 247320]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-11-7 4497704]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-11-7 113448]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-21 180736]
R3 WacomVTHid;Virtual Touch Driver;c:\windows\system32\drivers\WacomVTHid.sys [2010-11-7 13480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-16 24652]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-10-17 136176]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-11-7 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-24 02:19:57 709968 ----a-w- c:\windows\isRS-000.tmp
2011-08-23 23:48:35 -------- d-----w- c:\program files\Speccy
2011-08-23 21:24:00 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f577876f-7bad-4e74-8fa9-813787f2e8d6}\mpengine.dll
2011-08-22 01:41:20 -------- d-----w- c:\users\roots\appdata\local\{D010E9B6-8DDC-4123-9D6A-163AD2FB5190}
2011-08-22 01:41:04 -------- d-----w- c:\users\roots\appdata\local\{497DCB6F-3926-469D-8516-28760AA7DA23}
2011-08-18 01:54:00 -------- d-----w- c:\program files\iPod
2011-08-18 01:53:44 -------- d-----w- c:\program files\iTunes
2011-08-18 01:45:26 -------- d-----w- c:\program files\Bonjour
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-08-18 01:40:24 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-08-18 01:31:40 -------- d-----w- c:\users\roots\appdata\local\{53E7839E-2722-4D45-8B81-F54A5D849E50}
2011-08-18 01:31:28 -------- d-----w- c:\users\roots\appdata\local\{7B6843D2-AAEF-46BC-A6AF-D115E3A8A562}
2011-08-17 03:41:54 -------- d-----w- c:\users\roots\appdata\local\{69CBEDFB-FC90-4622-98E1-51495586F9C5}
2011-08-17 03:41:38 -------- d-----w- c:\users\roots\appdata\local\{ACC7D549-E8F6-40E4-8F3F-A21C2E101737}
2011-08-17 01:35:17 -------- d-----w- c:\users\roots\appdata\local\{10FCD3C8-6551-4B0F-B504-604E6B07D3EF}
2011-08-17 01:35:06 -------- d-----w- c:\users\roots\appdata\local\{3F9F653B-CC41-486A-81AB-9CE2DD4F1DF5}
2011-08-17 01:08:55 -------- d-----w- c:\users\roots\appdata\roaming\SupportSoft
2011-08-17 01:08:10 -------- d-----w- C:\temp
2011-08-17 01:08:07 -------- d-----w- c:\users\roots\appdata\roaming\OpswatLogs
2011-08-17 01:07:41 -------- d-----w- c:\program files\common files\supportsoft
2011-08-14 02:11:33 -------- d-----w- c:\users\roots\appdata\local\{8B49B999-FFE5-45ED-B8C1-9B61A95B7C50}
2011-08-14 02:11:20 -------- d-----w- c:\users\roots\appdata\local\{A18D3923-1D38-4066-8AB0-C041C4BA7C26}
2011-08-10 09:39:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-10 09:39:53 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-10 09:39:20 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-06 01:51:29 -------- d-----w- c:\users\roots\appdata\local\{29C8014F-D492-4921-8B33-B5212BB39C02}
2011-08-06 01:51:12 -------- d-----w- c:\users\roots\appdata\local\{57A5FA38-B63F-4149-B0C1-4D4B57D38D46}
2011-08-05 04:06:30 -------- d-----w- c:\users\roots\appdata\local\{9E9D5277-C9C3-4685-80EC-CC52B1E29BA9}
2011-08-02 02:31:38 -------- d-----w- c:\users\roots\appdata\local\{F5DAA288-22A8-4B45-9CD6-F9F9E2876F84}
2011-08-01 03:51:07 -------- d-----w- c:\users\roots\appdata\local\{8BBFF5D5-653F-4302-8D54-5CEB333FBF2A}
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-12 15:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-06 23:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 22:37:00 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 22:37:00 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 23:36:07.81 ===============
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-23 23:25:59
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1646GSX rev.LB113J
Running: djk072vb.exe; Driver: C:\Users\Roots\AppData\Local\Temp\awdirkow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8C48082E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8C480652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8C48078C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- User code sections - GMER 1.0.15 ----
(Gmer file continues next couple posts)