GeekPolice Tech TutorialsLog in

 


Not a valid Win32 Application

Share

descriptionNot a valid Win32 Application

more_horiz
Whenever I try to download a file onto my computer, I get a not valid win32 application error when I run it.
please help.

descriptionRe: Not a valid Win32 Application

more_horiz
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

descriptionRe: Not a valid Win32 Application

more_horiz
I did an mbam scan, starting at around 7am, and got this:

Malwarebytes' Anti-Malware 1.44
Database version: 3598
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

19/01/2010 9:02:53 AM
mbam-log-2010-01-19 (09-02-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 274505
Time elapsed: 1 hour(s), 19 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



going to do the combo fix now

Last edited by tatange on 19th January 2010, 5:06 pm; edited 1 time in total (Reason for editing : edit to add combofix)

descriptionRe: Not a valid Win32 Application

more_horiz
Post ComboFix when ready. Smile...

descriptionRe: Not a valid Win32 Application

more_horiz
combofix log here

ComboFix 10-01-18.03 - Griffin 19/01/2010 9:22.1.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.2.1033.18.2814.1209 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Griffin\AppData\Roaming\.#
c:\users\Guest\AppData\Roaming\.#
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2009-12-13 04:54 -------- d-----w- c:\program files\SQ916D
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19/01/2010 7:17 AM 38224]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 09:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-19 09:31:50
ComboFix-quarantined-files.txt 2010-01-19 17:31

Pre-Run: 58,190,729,216 bytes free
Post-Run: 58,585,079,808 bytes free

- - End Of File - - 706A6223B613EE39E6AC089C3B6F6365

descriptionRe: Not a valid Win32 Application

more_horiz
Please download Malwarebytes Anti-Malware from Malwarebytes.org .
Alternate link: BleepingComputer.com .
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

descriptionRe: Not a valid Win32 Application

more_horiz
Second scan today, same results, nothing detected

Malwarebytes' Anti-Malware 1.44
Database version: 3598
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

19/01/2010 11:11:03 AM
mbam-log-2010-01-19 (11-11-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 273028
Time elapsed: 1 hour(s), 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionRe: Not a valid Win32 Application

more_horiz
I know I'm late with this, but here is my Hijackthis scan result

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:29 AM, on 19/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5865/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5613 bytes

descriptionRe: Not a valid Win32 Application

more_horiz
Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptionRe: Not a valid Win32 Application

more_horiz
Four scans and it keeps locking up at the same spot. The program twice sat at the same sopt for almomst 2 hours before I restarted it. On the third sscan, my wife turned it off after it sat there for 45 minutes, and now it has sat in the same sopt for 1/2 an hour, but I'm not stopping it.

37% complete, 43999 files scanned, 0 infected files.
the file it locks up at is Windows live photo gallery.lnk

descriptionRe: Not a valid Win32 Application

more_horiz
The computer just shut itself off, after being stuck in the same place for 2 hr. 15 mins. Now it says it wants to go into startup repair, and when it starts loading the repair files, it again shuts itself off, and won't go any further.

It was at the same point as it was two hours ago.

37% complete, 43999 files scanned, 0 infected files.

descriptionRe: Not a valid Win32 Application

more_horiz
Let's search for those locked files.

Download LockSearch to your desktop

  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

descriptionRe: Not a valid Win32 Application

more_horiz
Thanks DragonMaster Jay.
Here's the log

LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:51 on 20/01/2010 (Griffin)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-

descriptionRe: Not a valid Win32 Application

more_horiz
Please re-run ComboFix and post a log.

descriptionRe: Not a valid Win32 Application

more_horiz
ComboFix 10-01-21.01 - Griffin 21/01/2010 14:57:40.2.2 - x86
Microsoft®️ Windows Vista™️ Home Premium 6.0.6001.1.1252.2.1033.18.2814.1876 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Griffin\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 01:33 . 2010-01-21 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 03:43 . 2010-01-20 03:43 -------- d-----w- c:\program files\ESET
2010-01-19 23:46 . 2010-01-21 22:52 -------- d-----w- c:\users\Griffin\AppData\Roaming\skypePM
2010-01-19 23:43 . 2010-01-21 22:56 -------- d-----w- c:\users\Griffin\AppData\Roaming\Skype
2010-01-19 23:43 . 2010-01-21 01:34 -------- d-----r- c:\program files\Skype
2010-01-19 23:42 . 2010-01-21 01:33 -------- d-----w- c:\programdata\Skype
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:49 . 2009-06-30 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 23:46 . 2010-01-19 23:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2009-12-13 04:54 -------- d-----w- c:\program files\SQ916D
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-19_17.28.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-01 13:40 . 2010-01-21 22:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 13:40 . 2010-01-21 22:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 13:40 . 2010-01-21 22:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-28 08:49 . 2003-02-21 03:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 03:09 . 2003-02-21 03:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 08:49 . 2003-02-21 03:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 03:09 . 2003-02-21 03:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 08:32 . 2004-07-15 08:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 08:49 . 2004-07-15 08:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 09:49 . 2004-07-15 09:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 09:30 . 2004-07-15 09:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-01-19 05:33 . 2010-01-19 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-21 14:00 . 2010-01-21 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-19 05:33 . 2010-01-19 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-21 14:00 . 2010-01-21 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-12 12:37 . 2010-01-19 22:23 408051 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
- 2006-11-02 10:33 . 2010-01-19 15:17 609146 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-21 22:57 609146 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-21 22:57 109878 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-01-19 15:17 109878 c:\windows\System32\perfc009.dat
+ 2008-05-28 08:49 . 2004-07-15 08:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 08:33 . 2004-07-15 08:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 08:48 . 2004-07-15 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 08:25 . 2004-07-15 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 09:30 . 2004-07-15 09:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 09:49 . 2004-07-15 09:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-01-21 01:34 . 2010-01-21 01:34 794112 c:\windows\Installer\103369a.msi
+ 2010-01-21 01:34 . 2010-01-21 01:34 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2006-11-02 10:22 . 2010-01-19 05:31 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-01-19 22:23 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2004-07-15 22:29 . 2004-07-15 22:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2004-07-15 22:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2004-07-15 22:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 22:31 . 2004-07-15 22:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 08:28 . 2004-07-15 08:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2004-07-15 08:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2004-07-15 08:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 08:26 . 2004-07-15 08:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 22:29 . 2004-07-15 22:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 08:43 . 2004-07-15 22:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-01-21 01:34 . 2010-01-21 01:34 1565696 c:\windows\Installer\1033694.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - F:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3296)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2010-01-21 15:10:53
ComboFix-quarantined-files.txt 2010-01-21 23:10
ComboFix2.txt 2010-01-19 17:31

Pre-Run: 62,946,435,072 bytes free
Post-Run: 62,657,540,096 bytes free

- - End Of File - - 6450E511EFBC394BAFCB5E3BF95F8A7F

descriptionRe: Not a valid Win32 Application

more_horiz
Permissions in this forum:
You cannot reply to topics in this forum