Not a valid Win32 Application

Whenever I try to download a file onto my computer, I get a not valid win32 application error when I run it.
please help.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that.

I did an mbam scan, starting at around 7am, and got this:

Malwarebytes' Anti-Malware 1.44
Database version: 3598
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

19/01/2010 9:02:53 AM
mbam-log-2010-01-19 (09-02-53).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 274505
Time elapsed: 1 hour(s), 19 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



going to do the combo fix now

Last edited by tatange on 19th January 2010, 5:06 pm; edited 1 time in total (Reason for editing : edit to add combofix)

Post ComboFix when ready.

combofix log here

ComboFix 10-01-18.03 - Griffin 19/01/2010 9:22.1.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.2814.1209 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Griffin\AppData\Roaming\.#
c:\users\Guest\AppData\Roaming\.#
c:\windows\Temp\log.txt

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2009-12-13 04:54 -------- d-----w- c:\program files\SQ916D
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [19/01/2010 7:17 AM 38224]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBAMSWISSARMY
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 09:28
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-19 09:31:50
ComboFix-quarantined-files.txt 2010-01-19 17:31

Pre-Run: 58,190,729,216 bytes free
Post-Run: 58,585,079,808 bytes free

- - End Of File - - 706A6223B613EE39E6AC089C3B6F6365

Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Alternate link: BleepingComputer.com.
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• Please save the log to a location you will remember.
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy and paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Second scan today, same results, nothing detected

Malwarebytes' Anti-Malware 1.44
Database version: 3598
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

19/01/2010 11:11:03 AM
mbam-log-2010-01-19 (11-11-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 273028
Time elapsed: 1 hour(s), 19 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I know I'm late with this, but here is my Hijackthis scan result

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:29 AM, on 19/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5865/mcfscan.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\Windows\System32\avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5613 bytes

Please run a free online scan with the ESET Online Scanner

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Four scans and it keeps locking up at the same spot. The program twice sat at the same sopt for almomst 2 hours before I restarted it. On the third sscan, my wife turned it off after it sat there for 45 minutes, and now it has sat in the same sopt for 1/2 an hour, but I'm not stopping it.

37% complete, 43999 files scanned, 0 infected files.
the file it locks up at is Windows live photo gallery.lnk

The computer just shut itself off, after being stuck in the same place for 2 hr. 15 mins. Now it says it wants to go into startup repair, and when it starts loading the repair files, it again shuts itself off, and won't go any further.

It was at the same point as it was two hours ago.

37% complete, 43999 files scanned, 0 infected files.

Let's search for those locked files.

Download LockSearch to your desktop

• A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  
• A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply
  

Thanks DragonMaster Jay.
Here's the log

LockSearch by jpshortstuff (05.11.09.1)
Log created at 16:51 on 20/01/2010 (Griffin)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-

Please re-run ComboFix and post a log.

ComboFix 10-01-21.01 - Griffin 21/01/2010 14:57:40.2.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.2814.1876 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Griffin\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-21 23:06 . 2010-01-21 23:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 01:33 . 2010-01-21 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 03:43 . 2010-01-20 03:43 -------- d-----w- c:\program files\ESET
2010-01-19 23:46 . 2010-01-21 22:52 -------- d-----w- c:\users\Griffin\AppData\Roaming\skypePM
2010-01-19 23:43 . 2010-01-21 22:56 -------- d-----w- c:\users\Griffin\AppData\Roaming\Skype
2010-01-19 23:43 . 2010-01-21 01:34 -------- d-----r- c:\program files\Skype
2010-01-19 23:42 . 2010-01-21 01:33 -------- d-----w- c:\programdata\Skype
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:49 . 2009-06-30 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 23:46 . 2010-01-19 23:46 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2009-12-13 04:54 -------- d-----w- c:\program files\SQ916D
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-01-19_17.28.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-01 13:40 . 2010-01-21 22:50 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 13:40 . 2010-01-21 22:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-01 13:40 . 2010-01-21 22:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-03-01 13:40 . 2010-01-19 05:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-10 22:10 . 2010-01-19 05:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-10 22:10 . 2010-01-21 14:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-28 08:49 . 2003-02-21 03:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2003-02-21 03:09 . 2003-02-21 03:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2008-05-28 08:49 . 2003-02-21 03:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2003-02-21 03:09 . 2003-02-21 03:09 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2004-07-15 08:32 . 2004-07-15 08:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2008-05-28 08:49 . 2004-07-15 08:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2004-07-15 09:49 . 2004-07-15 09:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2008-05-28 09:30 . 2004-07-15 09:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2010-01-19 05:33 . 2010-01-19 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-21 14:00 . 2010-01-21 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-01-19 05:33 . 2010-01-19 05:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-21 14:00 . 2010-01-21 22:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-12 12:37 . 2010-01-19 22:23 408051 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
- 2006-11-02 10:33 . 2010-01-19 15:17 609146 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-21 22:57 609146 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-21 22:57 109878 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-01-19 15:17 109878 c:\windows\System32\perfc009.dat
+ 2008-05-28 08:49 . 2004-07-15 08:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2004-07-15 08:33 . 2004-07-15 08:33 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2008-05-28 08:48 . 2004-07-15 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2004-07-15 08:25 . 2004-07-15 08:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2008-05-28 09:30 . 2004-07-15 09:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2004-07-15 09:49 . 2004-07-15 09:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-01-21 01:34 . 2010-01-21 01:34 794112 c:\windows\Installer\103369a.msi
+ 2010-01-21 01:34 . 2010-01-21 01:34 371272 c:\windows\Installer\{D103C4BA-F905-437A-8049-DB24763BBE36}\SkypeIcon.exe
- 2006-11-02 10:22 . 2010-01-19 05:31 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-01-19 22:23 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2004-07-15 22:29 . 2004-07-15 22:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2004-07-15 22:29 1257472 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2008-05-28 09:35 . 2004-07-15 22:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 22:31 . 2004-07-15 22:31 1224704 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2004-07-15 08:28 . 2004-07-15 08:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2004-07-15 08:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2008-05-28 08:48 . 2004-07-15 08:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 08:26 . 2004-07-15 08:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2004-07-15 22:29 . 2004-07-15 22:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2008-05-28 08:43 . 2004-07-15 22:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-01-21 01:34 . 2010-01-21 01:34 1565696 c:\windows\Installer\1033694.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - F:\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:06
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3296)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Completion time: 2010-01-21 15:10:53
ComboFix-quarantined-files.txt 2010-01-21 23:10
ComboFix2.txt 2010-01-19 17:31

Pre-Run: 62,946,435,072 bytes free
Post-Run: 62,657,540,096 bytes free

- - End Of File - - 6450E511EFBC394BAFCB5E3BF95F8A7F

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   File::
   c:\programdata\ezsidmv.dat
   
   Folder::
   c:\program files\SQ916D
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Thanks DragonMaster Jay. Here's the log:

ComboFix 10-01-21.01 - Griffin 21/01/2010 15:40:22.3.2 - x86
Microsoft Windows Vista Home Premium 6.0.6001.1.1252.2.1033.18.2814.1752 [GMT -8:00]
Running from: c:\users\Griffin\Desktop\ComboFix.exe
Command switches used :: c:\users\Griffin\Desktop\cfscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\SQ916D
c:\program files\SQ916D\skin\AVI_Logo.bmp
c:\program files\SQ916D\skin\Delete1.bmp
c:\program files\SQ916D\skin\Delete2.bmp
c:\program files\SQ916D\skin\Delete3.bmp
c:\program files\SQ916D\skin\Delete4.bmp
c:\program files\SQ916D\skin\DeleteAll1.bmp
c:\program files\SQ916D\skin\DeleteAll2.bmp
c:\program files\SQ916D\skin\DeleteAll3.bmp
c:\program files\SQ916D\skin\DeleteAll4.bmp
c:\program files\SQ916D\skin\Exit1.bmp
c:\program files\SQ916D\skin\Exit2.bmp
c:\program files\SQ916D\skin\Exit3.bmp
c:\program files\SQ916D\skin\Exit4.bmp
c:\program files\SQ916D\skin\ImageFrame1.bmp
c:\program files\SQ916D\skin\ImageFrame2.bmp
c:\program files\SQ916D\skin\ImageFrame3.bmp
c:\program files\SQ916D\skin\Main.bmp
c:\program files\SQ916D\skin\Minimize1.bmp
c:\program files\SQ916D\skin\Minimize2.bmp
c:\program files\SQ916D\skin\Minimize3.bmp
c:\program files\SQ916D\skin\Minimize4.bmp
c:\program files\SQ916D\skin\NextPage1.bmp
c:\program files\SQ916D\skin\NextPage2.bmp
c:\program files\SQ916D\skin\NextPage3.bmp
c:\program files\SQ916D\skin\NextPage4.bmp
c:\program files\SQ916D\skin\PreviousPage1.bmp
c:\program files\SQ916D\skin\PreviousPage2.bmp
c:\program files\SQ916D\skin\PreviousPage3.bmp
c:\program files\SQ916D\skin\PreviousPage4.bmp
c:\program files\SQ916D\skin\Progress1.bmp
c:\program files\SQ916D\skin\Progress2.bmp
c:\program files\SQ916D\skin\Save1.bmp
c:\program files\SQ916D\skin\Save2.bmp
c:\program files\SQ916D\skin\Save3.bmp
c:\program files\SQ916D\skin\Save4.bmp
c:\program files\SQ916D\skin\SelectAll1.bmp
c:\program files\SQ916D\skin\SelectAll2.bmp
c:\program files\SQ916D\skin\SelectAll3.bmp
c:\program files\SQ916D\skin\SelectAll4.bmp
c:\program files\SQ916D\skin\Setup.ini
c:\program files\SQ916D\SQ916D.exe
c:\program files\SQ916D\TransTWAIN.exe
c:\programdata\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Griffin\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-01-21 23:49 . 2010-01-21 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 01:33 . 2010-01-21 01:33 -------- d-----w- c:\program files\Common Files\Skype
2010-01-20 03:43 . 2010-01-20 03:43 -------- d-----w- c:\program files\ESET
2010-01-19 23:46 . 2010-01-21 22:52 -------- d-----w- c:\users\Griffin\AppData\Roaming\skypePM
2010-01-19 23:43 . 2010-01-21 23:38 -------- d-----w- c:\users\Griffin\AppData\Roaming\Skype
2010-01-19 23:43 . 2010-01-21 01:34 -------- d-----r- c:\program files\Skype
2010-01-19 23:42 . 2010-01-21 01:33 -------- d-----w- c:\programdata\Skype
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\users\Griffin\AppData\Roaming\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-19 15:17 . 2010-01-19 15:17 -------- d-----w- c:\programdata\Malwarebytes
2010-01-19 15:17 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-19 06:00 . 2010-01-19 06:00 -------- d-----w- c:\windows\McAfee.com
2010-01-19 05:04 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-19 01:27 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-01-19 00:12 . 2009-10-29 09:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-19 00:10 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-19 00:10 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-19 00:10 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-19 00:08 . 2009-10-19 14:27 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-19 00:08 . 2009-10-19 14:24 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-19 00:06 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-19 00:06 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-18 23:24 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-01-18 23:24 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-18 23:23 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-01-18 23:23 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-18 23:23 . 2009-08-05 14:22 3597896 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-18 23:23 . 2009-08-05 14:22 3546184 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-18 23:23 . 2009-08-10 11:01 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-01-18 23:23 . 2009-08-10 11:00 1257472 ----a-w- c:\windows\system32\msxml3.dll
2010-01-18 23:23 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-18 23:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2010-01-18 23:23 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-18 23:22 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-01-18 23:22 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-01-18 23:18 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-10 01:06 . 2010-01-10 01:08 -------- d-----w- c:\users\Griffin\AppData\Roaming\QuickScan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:49 . 2009-06-30 21:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 05:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-14 19:12 . 2009-10-03 09:21 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-13 04:54 . 2008-08-19 02:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-13 04:53 . 2009-12-13 04:52 -------- d-----w- c:\program files\Snap 'n Share
2009-12-08 01:02 . 2009-01-04 00:43 -------- d-----w- c:\program files\Google
2009-12-03 17:03 . 2009-06-10 00:29 -------- d-----w- c:\program files\Java
2009-12-03 14:29 . 2008-08-19 09:14 -------- d-----w- c:\program files\Microsoft Works
2009-12-03 14:29 . 2008-08-19 09:12 -------- d-----w- c:\programdata\Microsoft Help
2009-11-30 16:34 . 2009-05-08 02:43 -------- d-----w- c:\programdata\avg8
2009-11-30 14:58 . 2009-11-30 14:58 -------- d-----w- c:\programdata\avg9
2009-11-30 14:58 . 2009-05-08 02:43 -------- d-----w- c:\program files\AVG
2009-11-21 06:40 . 2010-01-19 01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2010-01-19 01:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2010-01-19 01:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2010-01-19 01:28 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 01:15 . 2009-11-09 01:15 95 ----a-w- c:\users\Griffin\AppData\Local\fusioncache.dat
2009-11-09 01:07 . 2009-11-09 01:07 9662 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\ARPPRODUCTICON.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut7_21209AE81E934289A88F5EE0F22CF9F8_1.exe
2009-11-09 01:07 . 2009-11-09 01:07 49152 ----a-r- c:\users\Griffin\AppData\Roaming\Microsoft\Installer\{21209AE8-1E93-4289-A88F-5EE0F22CF9F8}\NewShortcut1_21209AE81E934289A88F5EE0F22CF9F8_6.exe
2009-11-06 16:47 . 2009-11-26 00:20 2064152 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-11-03 16:47 . 2009-11-26 00:20 3513624 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-11-03 16:47 . 2009-11-26 00:20 2028312 ----a-w- c:\programdata\avg8\update\backup\avgtray.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-15 01:05 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-21 6144000]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"LXCFCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-09-14 73728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoChangeAnimation"= 0 (0x0)
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2008-05-30 00:44 167936 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-05-15 01:05 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [07/05/2009 6:44 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [07/05/2009 6:44 PM 108552]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [19/08/2008 1:39 AM 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [19/08/2008 1:40 AM 81504]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [19/08/2008 1:36 AM 24576]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [19/08/2008 1:40 AM 122368]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [28/03/2008 3:44 AM 210432]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [03/01/2009 4:44 PM 22072]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [07/05/2009 6:43 PM 297752]
S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [03/03/2008 12:11 PM 16384]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [25/04/2008 8:36 PM 45056]
S3 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [25/04/2008 8:36 PM 131072]
S3 SQTECH9090;TOP Cam;c:\windows\System32\drivers\Capt9090.sys [12/12/2009 8:54 PM 48384]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0309&m=aspire_5535
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Griffin\AppData\Roaming\Mozilla\Firefox\Profiles\ke765pq8.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 15:49
Windows 6.0.6001 Service Pack 1 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCFtime.dll,RunDLLEntry???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-21 15:53:30
ComboFix-quarantined-files.txt 2010-01-21 23:53
ComboFix2.txt 2010-01-21 23:10
ComboFix3.txt 2010-01-19 17:31

Pre-Run: 62,689,001,472 bytes free
Post-Run: 62,650,490,880 bytes free

- - End Of File - - 4A6D678F494E03A3123E5763E5F925CF

Now, try any scan again (online or MBAM), and let me know if it finishes successfully.

It finished. I did a full scan, and it said there was nothing detected. I tried to download another anti-virus that was recommended from here. It downloaded, but when I tried to run it, it said that it was not a valid Win32 Application.

Here is the MBAM scan log.

Malwarebytes' Anti-Malware 1.44
Database version: 3611
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865

21/01/2010 6:37:13 PM
mbam-log-2010-01-21 (18-37-13).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 278179
Time elapsed: 1 hour(s), 21 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Now, try to run the installer in Safe Mode with Networking and see if it runs.

I am thinking this is a deeper issue.

Just tried to re-start in safe mode with networking. I walked away after I hit start, so I didn't actually see how far it got before the computer shut down. I'm going to try it again, right away, and get back right after that.

I finally got the file downloaded in safe mode, after many system crashes. Sometimes it would let me get into windows, sometimes not. Then twice it would not let me connect to the net. Anyways, still, in safe mode, I got the notification that avira_antivir_personal__en.exe is a not a valid win32 application.

to beat that, when I tried to post this in safe mode, I was almost finished typing, and my system crashed. I almost chucked this computer out my front window.

Please download RootRepeal from GooglePages.com.

• Extract the program file to your Desktop.
  
• Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.
  
  
  
• Select ALL of the checkboxes and then click OK and it will start scanning your system.
  
  
• If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  
• When done, click on Save Report
  
• Save it to the Desktop.
  
• Please copy/paste the contents of the report in your next reply.
  

Please remove any e-mail address in the RootRepeal report (if present).

==

Please download Rooter and Save it to your desktop

1. Double click it to start the tool.
   
2. Click Scan.
   
3. Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
   

==

SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

• Double click Sysprot.exe to start the program.
  
• Click on the Log tab.
  
• In the Write to log box select the following items.
  
  
  
  • Process << Selected
    
  • Kernel Modules << Selected
    
  • SSDT << Selected
    
  • Kernel Hooks << Selected
    
  • IRP Hooks << NOT Selected
    
  • Ports << NOT Selected
    
  • hȋdden Files << Selected
    
  
  
• At the bottom of the page
  
  
  
  • hȋdden Objects Only << Selected
    
  
  
• Click on the Create Log button on the bottom right.
  
• After a few seconds a new window should appear.
  
• Select Scan Root Drive. Click on the Start button.
  
• When it is complete a new window will appear to indicate that the scan is finished.
  
• The
  log will be saved automatically in the same folder Sysprot.exe was
  extracted to. Open the text file and copy/paste the log here.
  

==

Post any or all logs you get from these programs.

I ran Root Repair. It gave me a huge long list, and while still running, the screen went blank, and the hard drive light stayed on full bright. I had to unplug the machine to get it to reset. This was after 20 mins of dark screen.

Will try the other two first, then root repair again.

Ok. Let me know how it goes. If it is what I think it is, we have a dragon on our hands.

A Dragon? I must have the right guy helping me.

I got a Sysprot report. Here it is


SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No hȋdden Processes found

******************************************************************************************
******************************************************************************************
No hȋdden Kernel Modules found

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hȋdden files/folders found

When I tried to run Rooter, it scanned for about 2 seconds, then I got a popup that said :

Malaware Finder has stopped working correctly. Windows will close the program and notify you if a solution is available."

when I clicked close program, Rooter closed. I tried it two more times with the exact same result.

That is when I went to sysprot Antirrotkit

Download this << file >> & extract TDSSKiller.exe onto your Desktop

Then create this batch file to be placed next to TDSSKiller

=====

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run

Post the log.

20:31:38:870 1420 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
20:31:38:870 1420 ================================================================================
20:31:38:870 1420 SystemInfo:

20:31:38:870 1420 OS Version: 6.0.6001 ServicePack: 1.0
20:31:38:870 1420 Product type: Workstation
20:31:38:870 1420 ComputerName: GRIFFIN-PC
20:31:38:870 1420 UserName: Griffin
20:31:38:870 1420 Windows directory: C:\Windows
20:31:38:870 1420 Processor architecture: Intel x86
20:31:38:870 1420 Number of processors: 2
20:31:38:870 1420 Page size: 0x1000
20:31:38:870 1420 Boot type: Normal boot
20:31:38:870 1420 ================================================================================
20:31:38:886 1420 UnloadDriverW: NtUnloadDriver error 2
20:31:38:886 1420 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
20:31:38:901 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
20:31:58:214 1420 UtilityInit: KLMD drop and load success
20:31:58:214 1420 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
20:31:58:214 1420 UtilityInit: KLMD open success
20:31:58:214 1420 UtilityInit: Initialize success
20:31:58:214 1420
20:31:58:214 1420 Scanning Services ...
20:31:58:214 1420 CreateRegParser: Registry parser init started
20:31:58:214 1420 CreateRegParser: DisableWow64Redirection error
20:31:58:214 1420 wfopen_ex: Trying to open file C:\Windows\system32\config\system
20:31:58:214 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\system) returned status C0000043
20:31:58:214 1420 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:58:214 1420 wfopen_ex: Trying to KLMD file open
20:31:58:214 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\system
20:31:58:214 1420 wfopen_ex: File opened ok (Flags 2)
20:31:58:230 1420 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\system) init success: 22F2B98
20:31:58:230 1420 wfopen_ex: Trying to open file C:\Windows\system32\config\software
20:31:58:230 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\config\software) returned status C0000043
20:31:58:230 1420 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
20:31:58:230 1420 wfopen_ex: Trying to KLMD file open
20:31:58:230 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\config\software
20:31:58:230 1420 wfopen_ex: File opened ok (Flags 2)
20:31:58:230 1420 CreateRegParser: HIVE_ADAPTER(C:\Windows\system32\config\software) init success: 22F2BC0
20:31:58:230 1420 CreateRegParser: EnableWow64Redirection error
20:31:58:230 1420 CreateRegParser: RegParser init completed
20:31:59:212 1420 GetAdvancedServicesInfo: Raw services enum returned 442 services
20:31:59:212 1420 fclose_ex: Trying to close file C:\Windows\system32\config\system
20:31:59:228 1420 fclose_ex: Trying to close file C:\Windows\system32\config\software
20:31:59:228 1420
20:31:59:228 1420 Scanning Kernel memory ...
20:31:59:228 1420 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
20:31:59:228 1420 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 8628B798
20:31:59:228 1420 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
20:31:59:228 1420
20:31:59:228 1420 DetectCureTDL3: DEVICE_OBJECT: 8528B478
20:31:59:228 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8528B478
20:31:59:228 1420 DetectCureTDL3: DEVICE_OBJECT: 84F5E820
20:31:59:228 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 84F5E820
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x84F5E820[0x38]
20:31:59:228 1420 DetectCureTDL3: DRIVER_OBJECT: 87C107D0
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x87C107D0[0xA8]
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x87BA4C30[0x1E]
20:31:59:228 1420 DetectCureTDL3: DRIVER_OBJECT name: \Driver\USBSTOR, Driver Name: USBSTOR
20:31:59:228 1420 DetectCureTDL3: IrpHandler (0) addr: 99A64B40
20:31:59:228 1420 DetectCureTDL3: IrpHandler (1) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (2) addr: 99A64BB8
20:31:59:228 1420 DetectCureTDL3: IrpHandler (3) addr: 99A64C30
20:31:59:228 1420 DetectCureTDL3: IrpHandler (4) addr: 99A64C30
20:31:59:228 1420 DetectCureTDL3: IrpHandler (5) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (6) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (7) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (8) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (9) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (10) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (11) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (12) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (13) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (14) addr: 99A64828
20:31:59:228 1420 DetectCureTDL3: IrpHandler (15) addr: 99A594AA
20:31:59:228 1420 DetectCureTDL3: IrpHandler (16) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (17) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (18) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (19) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (20) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (21) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (22) addr: 99A62F9A
20:31:59:228 1420 DetectCureTDL3: IrpHandler (23) addr: 99A607A2
20:31:59:228 1420 DetectCureTDL3: IrpHandler (24) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (25) addr: 8206CFE3
20:31:59:228 1420 DetectCureTDL3: IrpHandler (26) addr: 8206CFE3
20:31:59:228 1420 KLMD_ReadMem: Trying to ReadMemory 0x99A5BA44[0x400]
20:31:59:228 1420 TDL3_StartIoHookDetect: CheckParameters: 4, 99A5F000, 0
20:31:59:228 1420 TDL3_FileDetect: Processing driver: USBSTOR
20:31:59:228 1420 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:59:228 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:31:59:244 1420 TDL3_FileDetect: C:\Windows\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
20:31:59:244 1420
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 8638EAC8
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8638EAC8
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 85CD1A60
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 85CD1A60
20:31:59:244 1420 DetectCureTDL3: DEVICE_OBJECT: 856E3828
20:31:59:244 1420 KLMD_GetLowerDeviceObject: Trying to get lower device object for 856E3828
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x856E3828[0x38]
20:31:59:244 1420 DetectCureTDL3: DRIVER_OBJECT: 8540B268
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x8540B268[0xA8]
20:31:59:244 1420 KLMD_ReadMem: Trying to ReadMemory 0x853CF8D8[0x20]
20:31:59:244 1420 DetectCureTDL3: DRIVER_OBJECT name: \Driver\ahcix86s, Driver Name: ahcix86s
20:31:59:244 1420 DetectCureTDL3: IrpHandler (0) addr: 89B7A60A
20:31:59:244 1420 DetectCureTDL3: IrpHandler (1) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (2) addr: 89B7A565
20:31:59:244 1420 DetectCureTDL3: IrpHandler (3) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (4) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (5) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (6) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (7) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (8) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (9) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (10) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (11) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (12) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (13) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (14) addr: 89B7A6CB
20:31:59:244 1420 DetectCureTDL3: IrpHandler (15) addr: 89B49EE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (16) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (17) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (18) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (19) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (20) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (21) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (22) addr: 89B4F98F
20:31:59:244 1420 DetectCureTDL3: IrpHandler (23) addr: 89B7A8FE
20:31:59:244 1420 DetectCureTDL3: IrpHandler (24) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (25) addr: 8206CFE3
20:31:59:244 1420 DetectCureTDL3: IrpHandler (26) addr: 8206CFE3
20:31:59:244 1420 TDL3_FileDetect: Processing driver: ahcix86s
20:31:59:244 1420 TDL3_FileDetect: Processing driver file: C:\Windows\system32\DRIVERS\ahcix86s.sys
20:31:59:244 1420 KLMD_CreateFileW: Trying to open file C:\Windows\system32\DRIVERS\ahcix86s.sys
20:31:59:259 1420 TDL3_FileDetect: C:\Windows\system32\DRIVERS\ahcix86s.sys - Verdict: Clean
20:31:59:259 1420
20:31:59:259 1420 Completed
20:31:59:259 1420
20:31:59:259 1420 Results:
20:31:59:259 1420 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420 File objects infected / cured / cured on reboot: 0 / 0 / 0
20:31:59:259 1420
20:31:59:259 1420 MyNtCreateFileW: NtCreateFile(\??\C:\Windows\system32\drivers\klmd.sys) returned status 00000000
20:31:59:259 1420 UtilityDeinit: KLMD(ARK) unloaded successfully

Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
Type in: sfc /scannow
Press enter.

After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

==

Now let's see if that error happens again.

Tried to run it twice.

Both times it got to 77% complete, and it said :

"windows resource protection could not perform the requested operation"

Sounds like a reinstall to me. Seems like system damage.

I never did get the original Vista Disk with this computer, and I can't locate the backup I made when I bought it new. I tried to do a restore back to new before I came here.

Have any vista disks laying around that you aren't using?

I don't. Lol.

However, if you do not have an install disc or repair disc, then we have to do it manually.

Are you ready?

As ready as I'll ever be

Ok.

Please get an uninstall list from HijackThis by doing the following:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

Acer Arcade Deluxe
Acer Arcade Deluxe
Acer Crystal Eye webcam Ver:1.1.57.409
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Agatha Christie Death on the Nile
Alice Greenfingers
AMD USB Audio Driver Filter
AVG Free 8.5
Azada
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Catalyst Control Center - Branding
Chicken Invaders 3
Chuzzle
CyberLink PowerDirector
CyberLink PowerDirector
Diner Dash Flo on the Go
Downloader
ESET Online Scanner v3
Flip Words 2
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java(TM) 6 Update 17
Jewel Quest Solitaire
Kick N Rush
Launch Manager
Lexmark 730 Series
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Image Composite Editor
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Media Maker 8
Orion
PhotoNow!
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Scrapbook Flair
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Skype web features
Skype 4.1
Snap 'n Share
SpongeBob SquarePants Typing
Synaptics Pointing Device Driver
Turbo Pizza
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC 9.0 Runtime
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Zuma Deluxe

Let's start with Windows Installer 4.5.

Go to this page: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=5a58b56f-60b6-4412-95b9-54d056d6f9f4

Download the following:
Windows6.0-KB942288-v2-x86.msu

Then, install it. Tell me what it says, if error.

===

Install this update for Windows Vista: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=4758433b-11dd-49fc-9529-f8d7a914e1bf

Tell me what it says, if error.

===

Install this update: http://www.microsoft.com/downloads/details.aspx?FamilyId=DF72A9B0-564E-4326-894E-05CBA709CB39&displaylang=en

Tell me what it says, if error.

===

Have you tried to install any service packs recently?

What service pack do you have? 1 or 2?

When I downloaded Windows6.0-KB942288-v2-x86.msu, it asked if I wanted to do it with Windows update standalone installer. I said yes, and it said I needed an update installed, so I did it. I had to restart the computer, then I downloaded it again, with windows update standalone installer. While it was doing that, it said "the update does not apply to my system"

Ok. Tell me what the others do, and tell me about your service packs, please.

Looks like I have SP1, but for some reson I thought I downloaded SP2.

I have been opening the updates from Microsoft, and it doesn't look like anything is happening. Should I be saving them?

That should be fine.

Ok. Now, go ahead and forget the rest.

Now, uninstall Service Pack 1, then tell me what happens.

Follow this tutorial: http://support.microsoft.com/kb/948537

There are a number of SP1 updates. Am I deleting all the .NET framework 3.5 SP1 updates? Or all updates that have SP1 after them.

Go ahead and uninstall all updates for Windows Vista with SP1.

Warning: do not browse the internet while doing this, because malware can exploit the security holes after uninstalling the updates.

I got rid of two SP1 updates, but I could not delete the third.

KB953595 date 03/03/09

I was told to restart, so I did, and will try again to delete this last SP1 update. I will get back to you shortly.

Nope. Doesn't give me the option to remove that update.

Ok. Are you able to remove Service Pack 1?

I could not remove all three parts of SP1. I tried all methods on the site, and could only get two of them off

Go to Start and right click on Computer and select Properties.

Tell me what it says the version of Vista is.

It will say either Windows Vista Home Premium, or will specifically say it has a service pack.