Viruses on my laptop!

Acer / Aspire 6930
March 27, 2010 at 10:47:25
Specs: Microsoft Windows Vista Home Premium, 2 GHz / 3000 MB
Hi,I have viruses on my computer.can you help me?by the way i have hijackthis already installed.ok here are the problems:
1.Computer starts up slow
2.I have games i want to uninstall but it says 'Ghost install log file not found'
3.Whenever i install a program it works fine but when i restart computer it doesnt work
4.Itunes doesnt work
5.Finally the last problem,I cant install anti-virus programs.

See More: Viruses on my laptop!

Report •


#1
March 27, 2010 at 11:22:30
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
March 27, 2010 at 17:49:27
DDS is here:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Shawn Pollock at 20:43:03.74 on Sat 03/27/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1543 [GMT -4:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\Common Files\BinarySense\hldasvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Users\SHAWNP~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Returnil\RVS3\rvsmon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\providerComcast\bin\tgsrvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lexmark 1200 Series\LXCZbmgr.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IObit\IObit Security 360\is360tray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSdts.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Shawn Pollock\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_6930
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
mURLSearchHooks: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - Dealio Toolbar
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: &Egis Option Pack: {312105c4-2e13-4e10-af72-f9d79ba077e6} - c:\program files\acer\empowering technology\edatasecurity\x86\eDsWebmailtb.dll
TB: IObitCom Toolbar: {31c7d459-9cc3-44f2-9dca-fc11795309b4} - c:\program files\iobitcom\tbIObi.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} -
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [lxczbmgr.exe] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
dRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p10 /q c:\users\shawnp~1\appdata\local\temp\low\__skyp~1\e70d95~1.sh! c:\$recycle.bin\s-1-5-~2\$rkzpawd.sh! c:\$recycle.bin\s-1-5-~2\$rub0x89\dc8\vsh.SH!
dRun: [VistaBatterySaver] c:\program files\sharpsoft\vista battery saver\VistaBatterySaver.exe
StartupFolder: c:\users\shawnp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\THETOO~1.LNK -
StartupFolder: c:\users\shawnp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rvs201~1.lnk - c:\program files\returnil\rvs3\rvsgui.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\dps32.dll,c:\progra~1\google\google~1\GOEC62~1.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

================= FIREFOX ===================

FF - ProfilePath - c:\users\shawnp~1\appdata\roaming\mozilla\firefox\profiles\i7edh2sw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\users\shawn pollock\appdata\roaming\mozilla\firefox\profiles\i7edh2sw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\shawn pollock\appdata\roaming\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\shawn pollock\appdata\roaming\mozilla\firefox\profiles\i7edh2sw.default\extensions\{0ffcc8d1-8198-4b2f-9a96-2b4d4a65ecc9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-3-14 79052]
R0 RVSystem;RVSystem;c:\windows\system32\drivers\rvsystem.sys [2010-2-6 45136]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 rvsmon;rvsmon;c:\windows\system32\drivers\rvsmon.sys [2010-2-6 264128]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2008-10-29 61424]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 Application Updater;Application Updater;"c:\program files\application updater\applicationupdater.exe" --> c:\program files\application updater\ApplicationUpdater.exe [?]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-10-29 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-14 24576]
R2 HDDlife HDD Access service;HDDlife HDD Access service;c:\program files\common files\binarysense\hldasvc.exe [2008-2-15 832760]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-2-5 311568]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2008-10-29 122368]
R2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\returnil\rvs3\rvsmon.exe [2010-1-22 1246560]
R2 rvsmonf;rvsmonf;c:\windows\system32\drivers\rvsmonf.sys [2010-2-6 1034696]
R2 rvsmonn;rvsmonn;c:\windows\system32\drivers\rvsmonn2.sys [2010-2-6 18328]
R2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providercomcast\bin\tgsrvc.exe [2008-5-2 148768]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-1-22 36368]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-10-14 113664]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-6-2 4233728]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
S2 RelevantKnowledge;RelevantKnowledge;c:\program files\relevantknowledge\rlservice.exe /service --> c:\program files\relevantknowledge\rlservice.exe [?]
S3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2009-2-1 31232]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-3-6 29184]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-24 30192]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-8 34248]
S3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-12-29 81704]

=============== Created Last 30 ================

2010-03-28 00:36:26 10752 ----a-w- C:\SensApi.dll
2010-03-13 21:20:23 520192 ----a-w- c:\windows\system32\Pokémon Platinum Screesaver.scr
2010-03-13 21:20:23 0 d-----w- c:\windows\system32\Pokémon Platinum Screesaver dir
2010-03-12 00:38:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 00:38:40 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-12 00:38:40 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 01:44:22 0 d-----w- c:\programdata\AIM
2010-03-11 01:44:12 0 d-----w- c:\program files\common files\AOL
2010-03-07 03:07:38 29184 ----a-w- c:\windows\system32\drivers\dsiarhwprog.sys

==================== Find3M ====================

2010-03-27 14:17:09 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-27 14:17:09 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-07 03:08:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-25 00:31:40 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 00:23:29 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-25 00:23:23 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-06 17:00:55 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-28 01:57:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-23 22:05:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-06-23 22:05:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-06-23 22:05:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-06-23 22:05:35 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-09-11 20:35:33 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-21 02:23:32 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23:32 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe

============= FINISH: 20:44:30.96 ===============


Attach is here:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/29/2008 1:58:54 PM
System Uptime: 3/27/2010 8:34:16 PM (0 hours ago)

Motherboard: Acer | | Makalu
Processor: Intel(R) Core(TM)2 Duo CPU T5800 @ 2.00GHz | U2E1 | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 121 GiB total, 88.185 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 44.483 GiB free.
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #2
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

360Share Pro(remove only)
7-Zip 4.57
Ace DivX Player v2.1
Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam 2.0.8
Acer Crystal Eye Webcam Video Class Camera
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acrobat.com
Action Replay DSi Code Manager
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Alice Greenfingers
Any Video Converter 2.7.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
Azada
Backspin Billiards
Big Kahuna Reef
Bing Maps 3D
Bonjour
Bookworm Deluxe
Bricks of Egypt
Byki Express
CA Pest Patrol Realtime Protection
Cake Mania
CDBurnerXP
Chicken Invaders 3
Chuzzle
Comcast Toolbar 3.0
Comcast User Setup
Complete Cleanup Trial
Coupon Printer for Windows
CutePDF Writer 2.7
Diner Dash Flo on the Go
DivX Version Checker
DVD Flick 1.3.0.7
eBay Desktop
Flip Words 2
FLV Video Converter 1.1
FoxyTunes for Firefox
Free Audio Converter version 1.2
Game Booster
Google Desktop
Google Toolbar for Firefox
Google Updater
greenstreet Business Card Maker
HDAUDIO Soft Data Fax Modem with SmartCP
HDDlife 3.1 Google Desktop Gadget
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
IObit Security 360
IObitCom Toolbar
iTunes
Java 2 Runtime Environment, SE v1.4.2_19
Java(TM) 6 Update 13
Jewel Quest Solitaire
JumpStart Typing
Kick N Rush
Kool Kart Racers
Launch Manager
Lexmark 1200 Series
LightScribe 1.4.142.1
Macromedia Shockwave Player
Mahjong Escape Ancient China
Mahjongg Artifacts
Marble Blast XP
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Word Viewer 2003
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
Microsoft Works
Mission Paintball Powered Up
MobileMe Control Panel
Move Media Player
Moyea FLV Player version 1.6.2.2
Mozilla Firefox (3.6)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Offroad Arena
OGA Notifier 2.0.0048.0
PhotoNow!
PHP 5.3.0
Pokémon Platinum Screesaver
PrintMaster Silver 17
Project Pokemon Save Editor
PS3 Max Media Manager Pro
QuickTime
Rack em Up Road Trip
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Returnil Virtual System 2010
Safari
Saints & Sinners Bowling
Security Update for CAPICOM (KB931906)
Skype™ 4.0
Smart Defrag
Spelling Dictionaries Support For Adobe Reader 9
Super Soaker Water Fight
Switch Sound File Converter
Synaptics Pointing Device Driver
System Requirements Lab
The ToonTown Spoofer
The Weather Channel Desktop 6
The Weather Channel Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC80CRTRedist - 8.0.50727.762
VIDEO GAME TYCOON : Gold Edition
Winbond CIR Device Drivers
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Photo Gallery
Windows Live Writer
Windows Media Player Firefox Plugin
Windows System Scanner
WinZip 14.0
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets
Yahtzee Master v1.47
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

3/27/2010 9:42:19 AM, Error: EventLog [6008] - The previous system shutdown at 9:39:09 AM on 3/27/2010 was unexpected.
3/27/2010 8:41:43 AM, Error: EventLog [6008] - The previous system shutdown at 8:39:27 AM on 3/27/2010 was unexpected.
3/27/2010 8:37:03 PM, Error: Service Control Manager [7034] - The lxcz_device service terminated unexpectedly. It has done this 1 time(s).
3/27/2010 8:36:14 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 126
3/27/2010 8:35:59 PM, Error: EventLog [6008] - The previous system shutdown at 5:21:13 PM on 3/27/2010 was unexpected.
3/27/2010 8:35:23 PM, Error: volmgr [46] - Crash dump initialization failed!
3/27/2010 5:19:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
3/26/2010 10:15:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxcz_device service to connect.
3/26/2010 10:15:37 PM, Error: Service Control Manager [7000] - The lxcz_device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/24/2010 8:14:08 AM, Error: EventLog [6008] - The previous system shutdown at 9:34:16 PM on 3/23/2010 was unexpected.
3/24/2010 4:23:17 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
3/24/2010 4:23:03 PM, Error: EventLog [6008] - The previous system shutdown at 4:14:50 PM on 3/24/2010 was unexpected.
3/23/2010 7:31:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.
3/23/2010 7:30:16 PM, Error: EventLog [6008] - The previous system shutdown at 6:19:43 PM on 3/23/2010 was unexpected.
3/23/2010 5:48:43 PM, Error: EventLog [6008] - The previous system shutdown at 5:14:52 PM on 3/23/2010 was unexpected.
3/23/2010 5:05:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SupportSoft Repair Service (providercomcast) service to connect.
3/23/2010 5:05:32 PM, Error: Service Control Manager [7000] - The SupportSoft Repair Service (providercomcast) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/23/2010 5:03:52 PM, Error: EventLog [6008] - The previous system shutdown at 9:21:54 AM on 3/23/2010 was unexpected.
3/22/2010 8:34:56 AM, Error: EventLog [6008] - The previous system shutdown at 7:42:02 PM on 3/21/2010 was unexpected.
3/22/2010 5:55:51 PM, Error: EventLog [6008] - The previous system shutdown at 5:53:19 PM on 3/22/2010 was unexpected.
3/22/2010 5:52:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Updater service to connect.
3/22/2010 5:50:19 PM, Error: EventLog [6008] - The previous system shutdown at 3:53:40 PM on 3/22/2010 was unexpected.
3/21/2010 12:29:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:16:11 PM on 3/21/2010 was unexpected.
3/20/2010 5:30:16 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {4991D34B-80A1-4291-83B6-3328366B9097} to the user ShawnPollock-PC\Shawn Pollock SID (S-1-5-21-428822933-532519472-42752551-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/20/2010 4:43:36 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ShawnPollock-PC\Shawn Pollock SID (S-1-5-21-428822933-532519472-42752551-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/20/2010 4:11:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/20/2010 4:11:36 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/20/2010 4:11:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/20/2010 4:11:24 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
3/20/2010 3:06:22 AM, Error: EventLog [6008] - The previous system shutdown at 8:27:26 PM on 3/19/2010 was unexpected.

==== End Of File ===========================


Report •

#3
March 28, 2010 at 08:46:56
See if you can download and run Malwarebytes.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

Related Solutions

#4
March 28, 2010 at 09:10:25
Ok i scanned,here is the log that it gave me:

Malwarebytes' Anti-Malware 1.44
Database version: 3923
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/28/2010 12:09:30 PM
mbam-log-2010-03-28 (12-09-30).txt

Scan type: Quick Scan
Objects scanned: 115977
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\ProgramData\Zwangi (Adware.Zwangi) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


Report •

#5
March 28, 2010 at 09:25:17
Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18. Uninstalll any older versions of Java from add/remove programs.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Orbit antivirus and CA Pest Patrol Realtime Protection must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#6
March 28, 2010 at 10:16:40
Ok here is the 'combofix.txt':

ComboFix 10-03-28.01 - Shawn Pollock 03/28/2010 12:44:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3000.1275 [GMT -4:00]
Running from: c:\users\Shawn Pollock\Downloads\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-428822933-532519472-42752551-1003
c:\$recycle.bin\S-1-5-21-428822933-532519472-42752551-1004
c:\$recycle.bin\S-1-5-21-428822933-532519472-42752551-1005
c:\$recycle.bin\S-1-5-21-428822933-532519472-42752551-500
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\SeARchsettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\SSFF\chrome.manifest
c:\program files\Dealio Toolbar\SSFF\chrome\skin\yahoo.xml
c:\program files\Dealio Toolbar\SSFF\install.rdf
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera
c:\programdata\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam Video Class Camera \Uninstall.lnk
c:\users\Shawn Pollock\AppData\Roaming\.#
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@3824@1872990.###
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@3824@18729C0.###
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@3824@18729F0.###
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@38B0@2002990.###
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@38B0@20029C0.###
c:\users\Shawn Pollock\AppData\Roaming\.#\MBX@38B0@20029F0.###
c:\users\Shawn Pollock\AppData\Roaming\02000000b28b12d7670C.manifest
c:\users\Shawn Pollock\AppData\Roaming\02000000b28b12d7670O.manifest
c:\users\Shawn Pollock\AppData\Roaming\02000000b28b12d7670P.manifest
c:\users\Shawn Pollock\AppData\Roaming\02000000b28b12d7670S.manifest
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Suyin.reg
c:\windows\system32\5QShNl1.vbs
c:\windows\system32\asVwd.vbs
c:\windows\system32\Bj1Gp.vbs
c:\windows\system32\f3HvdxWVYvaKq.vbs
c:\windows\system32\ieaOhSM.vbs
c:\windows\system32\rCjRO.vbs
c:\windows\system32\service
c:\windows\system32\service\11112009_TIS17_SfFniAU.log
c:\windows\system32\service\27112009_TIS17_SfFniAU.log
c:\windows\system32\UbYK7.vbs
c:\windows\system32\WAaDrTizBqphf.vbs

----- BITS: Possible infected sites -----

hxxp://farm3.static.flickr.com
hxxp://farm4.static.flickr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-28 )))))))))))))))))))))))))))))))
.

2010-03-28 16:57 . 2008-07-30 00:46 10752 ----a-w- C:\SensApi.dll
2010-03-28 16:54 . 2010-03-28 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-28 16:41 . 2010-03-28 16:41 -------- d-----w- c:\program files\Common Files\Java
2010-03-28 16:00 . 2010-03-28 16:00 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\Malwarebytes
2010-03-28 16:00 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 16:00 . 2010-03-28 16:00 -------- d-----w- c:\programdata\Malwarebytes
2010-03-28 16:00 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 15:59 . 2010-03-28 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 11:48 . 2010-03-28 11:48 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-03-28 11:48 . 2010-03-28 11:48 -------- d-----w- c:\users\Shawn Pollock\AppData\Local\eSupport.com
2010-03-13 21:20 . 2010-03-13 21:20 -------- d-----w- c:\windows\system32\Pokémon Platinum Screesaver dir
2010-03-13 21:20 . 2010-03-13 21:20 520192 ----a-w- c:\windows\system32\Pokémon Platinum Screesaver.scr
2010-03-12 00:38 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-12 00:38 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-12 00:38 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 01:44 . 2010-03-11 01:46 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\acccore
2010-03-11 01:44 . 2010-03-11 01:44 -------- d-----w- c:\users\Shawn Pollock\AppData\Local\AOL
2010-03-11 01:44 . 2010-03-11 01:44 -------- d-----w- c:\users\Shawn Pollock\AppData\Local\AIM
2010-03-11 01:44 . 2010-03-11 01:44 -------- d-----w- c:\programdata\AIM
2010-03-11 01:44 . 2010-03-13 02:15 -------- d-----w- c:\program files\Common Files\AOL
2010-03-07 03:07 . 2007-02-08 13:45 29184 ----a-w- c:\windows\system32\drivers\dsiarhwprog.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-28 16:54 . 2008-12-25 09:25 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\Skype
2010-03-28 16:39 . 2009-05-31 13:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-28 16:35 . 2009-05-08 22:18 -------- d-----w- c:\program files\Java
2010-03-18 20:32 . 2010-02-10 21:43 -------- d-----w- c:\program files\iTunes
2010-03-18 20:32 . 2010-02-10 21:43 -------- d-----w- c:\program files\iPod
2010-03-18 20:32 . 2008-12-27 17:40 -------- d-----w- c:\program files\Common Files\Apple
2010-03-18 20:28 . 2010-03-18 20:28 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-18 20:27 . 2009-11-08 21:27 -------- d-----w- c:\program files\Safari
2010-03-18 20:26 . 2010-03-18 20:26 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-14 23:51 . 2009-07-11 20:30 -------- d-----w- c:\program files\comcasttb
2010-03-13 21:30 . 2010-03-13 21:30 144162 ----a-w- c:\users\Shawn Pollock\AppData\Roaming\Move Networks\uninstall.exe
2010-03-13 21:30 . 2009-02-16 04:14 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\Move Networks
2010-03-13 21:29 . 2009-12-18 03:27 5603776 ----a-w- c:\users\Shawn Pollock\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
2010-03-13 21:29 . 2009-07-11 20:31 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\CallingID
2010-03-13 21:20 . 2010-03-13 21:20 520192 ----a-w- c:\windows\system32\Pokémon Platinum Screesaver.scr
2010-03-13 02:25 . 2008-10-14 23:08 -------- d-----w- c:\program files\Acer GameZone
2010-03-13 02:23 . 2009-02-03 21:40 -------- d-----w- c:\program files\Microsoft
2010-03-12 01:25 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-12 00:48 . 2009-12-08 21:46 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-07 18:19 . 2009-06-19 03:17 -------- d-----w- c:\program files\IObit
2010-03-04 04:11 . 2008-12-25 09:24 -------- d-----w- c:\programdata\Skype
2010-03-04 04:11 . 2009-12-08 23:35 -------- d-----w- c:\programdata\Google Updater
2010-02-27 02:46 . 2009-09-13 23:04 -------- d-----w- c:\users\Shawn Pollock\AppData\Roaming\DVD Flick
2010-02-25 00:44 . 2010-01-23 02:07 -------- d-----w- c:\programdata\avg9
2010-02-25 00:39 . 2009-07-24 22:02 -------- d-----w- c:\programdata\Norton
2010-02-25 00:38 . 2009-07-24 22:01 -------- d-----w- c:\programdata\NortonInstaller
2010-02-25 00:35 . 2009-07-11 22:59 234984 ----a-w- c:\users\Shawn Pollock\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-25 00:31 . 2008-10-29 18:02 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-25 00:23 . 2010-02-25 00:24 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-02-25 00:23 . 2010-02-25 00:24 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-02-24 14:16 . 2009-10-03 13:27 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 02:08 . 2008-10-14 22:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-21 19:15 . 2009-08-16 17:24 -------- d-----w- c:\programdata\IObit
2010-02-21 16:51 . 2009-05-31 22:02 -------- d-----w- c:\programdata\Symantec
2010-02-20 22:47 . 2010-02-20 22:47 -------- d-----w- c:\program files\NortonInstaller
2010-02-20 20:52 . 2009-12-08 21:34 -------- d-----w- c:\program files\Winamp
2010-02-20 20:47 . 2010-02-20 20:47 -------- dc-h--w- c:\programdata\{3D91BFA3-4B91-4808-862D-BF7B5E9B6BA9}
2010-02-10 21:41 . 2010-02-10 21:41 -------- d-----w- c:\program files\Bonjour
2010-02-06 17:00 . 2010-02-06 17:00 45136 ----a-w- c:\windows\system32\drivers\rvsystem.sys
2010-02-06 17:00 . 2010-02-06 17:00 -------- d-----w- c:\program files\Returnil
2010-01-25 12:00 . 2010-02-24 01:41 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 01:41 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 01:41 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 01:41 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 01:41 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 01:41 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 01:41 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 01:41 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:21 . 2010-02-24 01:41 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-23 09:26 . 2010-02-24 01:42 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 01:37 . 2010-01-23 01:41 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-01-23 01:37 . 2010-01-23 01:41 225808 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-01-23 01:37 . 2010-01-23 01:41 1223832 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-01-13 20:16 . 2010-02-06 17:06 18328 ----a-w- c:\windows\system32\drivers\rvsmonn2.sys
2010-01-13 20:16 . 2010-02-06 17:06 1034696 ----a-w- c:\windows\system32\drivers\rvsmonf.sys
2010-01-13 20:16 . 2010-02-06 17:05 264128 ----a-w- c:\windows\system32\drivers\rvsmon.sys
2010-01-06 15:39 . 2010-02-24 01:41 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 01:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 01:41 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 01:41 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 01:41 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 01:41 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 01:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-23 00:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-23 00:01 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-23 00:01 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-23 00:01 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 14:52 . 2009-11-21 14:52 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2009-10-01 21:29 2166296 ----a-w- c:\program files\IObitCom\tbIObi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIObi.dll" [2009-10-01 2166296]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 00:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24267560]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 68856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ComcastAntispyClient"="c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-07 6139904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-05-30 544768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-08-01 405504]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-21 30192]
"lxczbmgr.exe"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2007-04-19 74672]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-08-25 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2010-02-17 177472]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):81,17,ac,b6,ac,34,ca,01

R3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-02-01 31232]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2010-03-28 23456]
R3 dsiarhwprog;dsiarhwprog;c:\windows\system32\Drivers\dsiarhwprog.sys [2007-02-08 29184]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-21 30192]
R3 MUXMP;My WiFi PAN MUX-IM Virtual Miniport Driver;c:\windows\system32\DRIVERS\mux.sys [x]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-05-26 81704]
S0 AFS;AFS; [x]
S0 RVSystem;RVSystem;c:\windows\system32\Drivers\RVSystem.sys [2010-02-06 45136]
S1 rvsmon;rvsmon;c:\windows\system32\DRIVERS\rvsmon.sys [2010-01-13 264128]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-06-02 24576]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe [2009-12-24 311568]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 RVSMONBL;Returnil Virtual System Core Service;c:\windows\system32\Returnil\RVS3\rvsmon.exe [2010-01-22 1246560]
S2 rvsmonf;rvsmonf;c:\windows\system32\DRIVERS\rvsmonf.sys [2010-01-13 1034696]
S2 rvsmonn;rvsmonn;c:\windows\system32\DRIVERS\rvsmonn2.sys [2010-01-13 18328]
S2 tgsrvc_providercomcast;SupportSoft Repair Service (providercomcast);c:\program files\providerComcast\bin\tgsrvc.exe [2008-05-02 148768]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-01-23 36368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2009-06-18 42480]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-05-29 4233728]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-03-28 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-12-20 16:02]

2010-03-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-24 23:35]

2010-02-08 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-16 21:22]

2010-03-28 c:\windows\Tasks\User_Feed_Synchronization-{F170D32A-4EF3-4BDD-B6F2-95A545FED1B4}.job
- c:\windows\system32\msfeedssync.exe [2010-01-23 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_6930
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\users\Shawn Pollock\AppData\Roaming\Mozilla\Firefox\Profiles\i7edh2sw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - component: c:\users\Shawn Pollock\AppData\Roaming\Mozilla\Firefox\Profiles\i7edh2sw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Shawn Pollock\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
FF - plugin: c:\users\Shawn Pollock\AppData\Roaming\Mozilla\Firefox\Profiles\i7edh2sw.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
pref(dom.disable_open_during_load, false);
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.homepage.dontask, truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-UCam_Menu - c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
HKLM-Run-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
HKU-Default-Run-VistaBatterySaver - c:\program files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700} - c:\program files\Acer GameZone\Zuma Deluxe\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233} - c:\program files\Acer GameZone\Bookworm Deluxe\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123} - c:\program files\Acer GameZone\Bricks of Egypt\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783} - c:\program files\Acer GameZone\Big Kahuna Reef\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110522523} - c:\program files\Acer GameZone\Offroad Arena\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111097223} - c:\program files\Acer GameZone\Saints & Sinners Bowling\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433} - c:\program files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750} - c:\program files\Acer GameZone\Cake Mania\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743} - c:\program files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990} - c:\program files\Acer GameZone\Kick N Rush\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617} - c:\program files\Acer GameZone\Backspin Billiards\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111547587} - c:\program files\Acer GameZone\Rack em Up Road Trip\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950} - c:\program files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833} - c:\program files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363} - c:\program files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660} - c:\program files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577} - c:\program files\Acer GameZone\Flip Words 2\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267} - c:\program files\Acer GameZone\Chicken Invaders 3\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767} - c:\program files\Acer GameZone\Alice Greenfingers\Uninstall.exe
AddRemove-{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210} - c:\program files\Acer GameZone\Azada\Uninstall.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,a4,c7,98,f3,62,2e,48,90,48,47,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,65,92,c3,78,76,41,4a,80,bd,ac,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,a4,c7,98,f3,62,2e,48,90,48,47,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(5736)
c:\program files\CA\PPRT\bin\CACheck.dll
c:\program files\CA\PPRT\bin\CAHook.dll
c:\program files\CA\PPRT\bin\CAServer.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lxczcoms.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2010-03-28 13:06:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-28 17:06

Pre-Run: 94,371,237,888 bytes free
Post-Run: 93,588,316,160 bytes free

- - End Of File - - E51B2D851ACEF71DDBA30476CB59A53B


Report •

#7
March 28, 2010 at 10:41:18
Can you get on a antivirus site now and is the computer any faster?

Report •

#8
March 28, 2010 at 10:56:53
well i have seen improved start up speeds i will see about programs and stuff now......

Report •

#9
March 28, 2010 at 11:10:08
the games that wouldnt uninstall are gone.....

Report •

#10
March 28, 2010 at 11:12:39
i installed norton anti-virus full edition (not trial)

Report •

#11
March 28, 2010 at 11:14:48
itunes still doesnt work but im gonna restart now to see if my programs stay there.Oh and i have a question, Is it safe for me to download utorrent? by that i mean is it a virus program?

Report •

#12
March 28, 2010 at 11:30:50
I still have problems 1.
3.
and
4.

Report •

#13
March 28, 2010 at 14:57:02
Utorrent is known to harbor spyware.

Did you uninstall or rename the AFS.sys file.

Turn off Norton, CA Pest Control and windows defender before you run combofix.

Did you uninstall your Orbit antivirus prior to installing Norton?Open Notepad and copy/paste everything between the X's into it and make sure the first word (such as KILLALL, File, Folder, Registry etc.) is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
KILLALL::
File::
c:\windows\system32\Drivers\dsiarhwprog.sys

Driver::
dsiarhwprog

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red symbol on your desktop) if combofix does not auto start click "run".

Please post the log that is produced.


Report •

#14
March 28, 2010 at 18:46:48
that driver is for my dsi action replay i trust it so sorry,but i wont remove it.

Report •

#15
March 28, 2010 at 19:22:45
That is good, did you uninstall or rename the AFS.sys file. This could be the reason itunes is not working.

As you can see in the Combofix log there is a AFS driver but no file so placing that file back in the driver folder may resolve that issue. If you find the file in its proper location it may be corrupt.

Look at technograns post at this link:

AFS.sys info


Report •

#16
March 28, 2010 at 19:34:25
well i went to that link and i got something different than that when i click itunes it has the windows installer stuff and then it says 'A fatal installation error occured'.

Report •

#17
March 29, 2010 at 19:58:39
I would uninstall and reinstall itunes. Follow the instructions at this apple site (copy/paste into your browser.

http://support.apple.com/kb/ht1926


Report •

#18
April 6, 2010 at 12:44:56
still nothing

Report •


Ask Question