[JCK8]

sorry in advance if ive posted this in the wrong section

so ive sucessfully deleted the virus using Combofix and when it was deleting it restarted my comp and now i cant get on the net, it seems that something is blocking it from connecting to the net...

any ideas ??


thanks

Edited by JCK8, 25 July 2009 - 08:05 AM.

[Advertisements]

ComboFix 09-07-24.01 - James 25/07/2009 23:06.5.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2573 [GMT 9.5:30]
Running from: c:\users\James\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 41


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 13:44 . 2009-07-25 13:44 -------- d-----w- c:\users\WAK\AppData\Local\temp
2009-07-25 13:44 . 2009-07-25 13:44 -------- d-----w- c:\users\James\AppData\Local\temp
2009-07-25 07:33 . 2009-07-13 04:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 07:33 . 2009-07-13 04:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 07:33 . 2009-07-25 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 14:09 . 2004-05-11 01:26 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-07-24 14:09 . 2003-11-19 05:29 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-07-24 14:09 . 2000-07-14 20:30 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-23 07:05 . 2009-07-23 07:05 -------- d-----w- c:\program files\iPod
2009-07-23 07:05 . 2009-07-23 07:05 -------- d-----w- c:\program files\iTunes
2009-07-23 06:50 . 2009-07-23 06:50 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-20 12:53 . 2009-07-20 12:56 5589408 ----a-w- c:\users\James\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-07-20 12:53 . 2009-07-20 12:53 -------- d-----w- c:\programdata\TVU Networks
2009-07-18 09:08 . 2009-07-18 09:08 -------- d-----w- c:\users\WAK\AppData\Roaming\Microsoft Web Folders
2009-07-18 02:26 . 2009-07-24 08:59 -------- d-----w- C:\etax2009
2009-07-15 03:35 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:35 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:35 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:35 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:35 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 05:00 . 2009-07-13 05:00 -------- d-----w- c:\programdata\FLEXnet
2009-07-13 02:07 . 2009-07-13 02:07 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-12 06:50 . 2009-07-12 06:50 -------- d-----w- c:\users\WAK\AppData\Roaming\Nero
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-05 13:46 . 2009-07-24 14:36 -------- d-----w- C:\downloads
2009-07-05 13:46 . 2009-07-05 13:46 -------- d-----w- c:\users\James\AppData\Roaming\GrabPro
2009-07-05 13:46 . 2009-07-24 14:39 -------- d-----w- c:\users\James\AppData\Roaming\Orbit
2009-07-05 13:46 . 2009-07-05 13:46 -------- d-----w- c:\program files\Orbitdownloader
2009-07-01 13:08 . 2009-07-25 09:17 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 13:30 . 2009-04-13 10:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-25 12:33 . 2009-04-03 15:07 -------- d-----w- c:\program files\GOPlayer
2009-07-25 11:27 . 2009-06-24 18:06 -------- d-----w- c:\program files\Premiership Coach 2009 Beta
2009-07-25 09:02 . 2008-07-10 03:18 -------- d-----w- c:\users\James\AppData\Roaming\uTorrent
2009-07-24 14:44 . 2008-11-25 06:36 -------- d-----w- c:\users\James\AppData\Roaming\Auslogics
2009-07-23 07:05 . 2008-07-02 06:49 -------- d-----w- c:\program files\Common Files\Apple
2009-07-22 05:53 . 2008-10-12 03:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 12:53 . 2009-03-17 00:25 -------- d-----w- c:\program files\TVUPlayer
2009-07-19 07:11 . 2008-05-17 07:52 107416 ----a-w- c:\users\WAK\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 10:18 . 2008-11-22 07:39 107416 ----a-w- c:\users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 03:44 . 2008-11-01 10:27 -------- d-----w- c:\programdata\Xfire
2009-07-16 03:44 . 2008-11-01 10:27 -------- d-----w- c:\program files\Xfire
2009-07-15 13:06 . 2008-11-01 10:27 -------- d-----w- c:\users\James\AppData\Roaming\Xfire
2009-07-15 03:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 04:54 . 2008-05-31 12:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 13:09 . 2009-02-01 09:15 -------- d-----w- c:\program files\Frets on Fire
2009-07-01 12:54 . 2009-01-01 06:04 1356 ----a-w- c:\users\James\AppData\Local\d3d9caps.dat
2009-06-24 18:08 . 2009-06-24 18:08 -------- d-----w- c:\program files\Microsoft.NET
2009-06-24 18:08 . 2009-06-24 18:07 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-21 10:32 . 2008-08-20 16:00 -------- d-----w- c:\program files\DivX
2009-06-21 10:32 . 2009-06-21 10:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-17 05:09 . 2009-05-27 11:08 -------- d-----w- c:\users\James\AppData\Roaming\MessengerDiscovery 2
2009-06-14 08:44 . 2009-06-02 05:17 -------- d-----w- c:\program files\lists
2009-06-10 05:06 . 2008-02-15 01:44 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 04:58 . 2008-02-15 01:33 -------- d-----w- c:\programdata\NVIDIA
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-10 04:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 04:00 . 2009-06-10 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-10 03:46 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-08 14:42 . 2009-06-08 14:42 -------- d-----w- c:\program files\Face Smoother
2009-06-08 07:46 . 2008-11-11 07:10 2060 ----a-w- c:\users\James\AppData\Roaming\wklnhst.dat
2009-06-04 07:45 . 2009-06-04 07:44 -------- d-----w- c:\program files\QuickTime
2009-06-02 06:47 . 2008-11-25 06:34 -------- d-----w- c:\program files\Auslogics
2009-06-02 06:46 . 2009-06-02 06:46 -------- d-----w- c:\program files\Total Aussie Rules
2009-06-02 06:45 . 2009-06-02 05:17 -------- d-----w- c:\program files\data
2009-06-02 05:18 . 2009-06-02 05:17 -------- d-----w- c:\program files\season
2009-06-02 05:18 . 2009-06-02 05:17 92255 ----a-w- c:\program files\Uninstal.exe
2009-06-02 05:17 . 2009-06-02 05:17 -------- d-----w- c:\program files\manual
2009-05-29 04:06 . 2009-05-29 04:06 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 04:06 . 2009-05-29 04:06 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-27 16:10 . 2009-05-27 16:10 -------- d-----w- c:\users\WAK\AppData\Roaming\MessengerDiscovery 2
2009-05-27 11:08 . 2009-05-27 11:08 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-05-14 06:19 . 2009-05-14 06:19 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-05-14 06:19 . 2009-05-14 06:19 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 06:19 . 2009-05-14 06:19 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 06:17 . 2009-05-14 06:17 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 06:11 . 2009-05-14 06:11 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-04-27 03:55 . 2008-05-18 05:30 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-27 03:55 . 2008-05-18 05:30 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2008-09-23 10:45 . 2008-06-09 09:25 12918784 ----a-w- c:\program files\Footy Fanatic FX.exe
2009-07-23 08:02 . 2008-12-13 10:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-15 01:02 . 2008-02-15 00:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_06.51.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-15 01:17 . 2009-07-25 13:34 65962 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-17 11:25 . 2009-07-25 13:34 17390 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3809952288-2724461265-2277402977-1001_UserData.bin
+ 2008-05-17 07:48 . 2009-07-25 08:25 13752 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3809952288-2724461265-2277402977-1000_UserData.bin
+ 2008-05-17 07:44 . 2009-07-25 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-17 07:44 . 2009-07-25 13:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-17 07:44 . 2009-07-25 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-01 13:58 . 2009-07-01 13:58 97360 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\egui.exe
+ 2009-07-25 09:18 . 2009-07-25 09:18 97360 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\egui.exe
+ 2009-07-25 09:18 . 2009-07-25 09:18 10134 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\callmsi.exe
- 2009-07-01 13:58 . 2009-07-01 13:58 10134 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\callmsi.exe
- 2006-11-02 10:25 . 2009-07-01 13:58 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-25 09:18 51200 c:\windows\inf\infpub.dat
- 2009-07-25 06:42 . 2009-07-25 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-25 13:32 . 2009-07-25 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-25 06:42 . 2009-07-25 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-25 13:32 . 2009-07-25 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-07-25 13:34 175264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:25 . 2009-07-25 09:18 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-01 13:58 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-01 13:58 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-25 09:18 143360 c:\windows\inf\infstor.dat
- 2008-05-17 08:08 . 2009-07-25 06:41 7375272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-17 08:08 . 2009-07-25 13:30 7375272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-25 09:18 . 2009-07-25 09:18 1131008 c:\windows\Installer\3f3c3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 06:54 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2008-10-01 1339904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-23 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0b,59,59,05,81,e9,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D94C5F2F-1598-4FEC-9592-B4043C4E2D4B}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{B0F8E8FA-9512-4B36-83EC-58BF580B6771}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{1D589731-626E-4A60-9BD0-30CF929D8C11}"= UDP:5353:Adobe CSI CS4
"{7DDD7E1D-40D0-41FF-A29C-AFAA63A9EF1E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3EC35B12-E499-4B35-9CDC-6ADE5BDFAB43}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{25311ED9-DCDD-4C43-A8A3-94BF2A8D506A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A14B6AF7-4268-410C-AEF1-F02E344FD056}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CA5BAE35-8D36-47B1-A4BD-304C8790FD8F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D33ED749-C374-4171-A5C6-4FFC1DDDAD31}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{58795CE2-1D96-47E9-9D4B-8148FBB3C286}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{39CE95B4-1210-4D3C-ADB4-BDBD684B8DCB}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 3:47 PM 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [23/04/2009 3:09 PM 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 3:47 PM 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14/05/2009 3:49 PM 38240]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730Pt.sys [11/11/2008 12:22 AM 103680]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;c:\windows\System32\drivers\Ma730VaA.sys [11/11/2008 12:22 AM 21851]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\System32\drivers\Ma730Vad.sys [11/11/2008 12:22 AM 50522]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\System32\drivers\ndisprot.sys [22/11/2008 4:16 PM 29192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809952288-2724461265-2277402977-1001Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 15:01]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809952288-2724461265-2277402977-1001UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 15:01]

2009-07-24 c:\windows\Tasks\NeroLiveEpgUpdate-KEOGH-PC_James.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 00:29]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B3701D10-C79F-4169-83B5-54A59B0324D3}.job
- c:\windows\system32\msfeedssync.exe [2008-08-09 07:33]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{D12325AA-2A68-46F7-AB95-48119854AC7A}.job
- c:\windows\system32\msfeedssync.exe [2008-08-09 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fanfooty.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B9707B65-90D4-4E22-8567-406A61F055EC} = 192.231.203.132,192.231.203.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\w3z8026x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\James\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\w3z8026x.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\users\James\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-07-25 23:16
ComboFix-quarantined-files.txt 2009-07-25 13:46
ComboFix2.txt 2009-07-25 13:29
ComboFix3.txt 2009-07-25 07:29
ComboFix4.txt 2009-07-25 06:56

Pre-Run: 264,116,916,224 bytes free
Post-Run: 264,014,102,528 bytes free

281 --- E O F --- 2009-07-22 23:22

[JCK8]

ComboFix 09-07-24.01 - James 25/07/2009 23:06.5.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3582.2573 [GMT 9.5:30]
Running from: c:\users\James\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 41


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 13:44 . 2009-07-25 13:44 -------- d-----w- c:\users\WAK\AppData\Local\temp
2009-07-25 13:44 . 2009-07-25 13:44 -------- d-----w- c:\users\James\AppData\Local\temp
2009-07-25 07:33 . 2009-07-13 04:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 07:33 . 2009-07-13 04:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 07:33 . 2009-07-25 07:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 14:09 . 2004-05-11 01:26 423784 ----a-w- c:\windows\system32\XceedBkp.dll
2009-07-24 14:09 . 2003-11-19 05:29 512688 ----a-w- c:\windows\system32\XceedCry.dll
2009-07-24 14:09 . 2000-07-14 20:30 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2009-07-23 07:05 . 2009-07-23 07:05 -------- d-----w- c:\program files\iPod
2009-07-23 07:05 . 2009-07-23 07:05 -------- d-----w- c:\program files\iTunes
2009-07-23 06:50 . 2009-07-23 06:50 75040 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-20 12:53 . 2009-07-20 12:56 5589408 ----a-w- c:\users\James\AppData\Roaming\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.3.exe
2009-07-20 12:53 . 2009-07-20 12:53 -------- d-----w- c:\programdata\TVU Networks
2009-07-18 09:08 . 2009-07-18 09:08 -------- d-----w- c:\users\WAK\AppData\Roaming\Microsoft Web Folders
2009-07-18 02:26 . 2009-07-24 08:59 -------- d-----w- C:\etax2009
2009-07-15 03:35 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 03:35 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 03:35 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 03:35 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 03:35 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 05:00 . 2009-07-13 05:00 -------- d-----w- c:\programdata\FLEXnet
2009-07-13 02:07 . 2009-07-13 02:07 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-07-12 06:50 . 2009-07-12 06:50 -------- d-----w- c:\users\WAK\AppData\Roaming\Nero
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-05 13:46 . 2009-07-24 14:36 -------- d-----w- C:\downloads
2009-07-05 13:46 . 2009-07-05 13:46 -------- d-----w- c:\users\James\AppData\Roaming\GrabPro
2009-07-05 13:46 . 2009-07-24 14:39 -------- d-----w- c:\users\James\AppData\Roaming\Orbit
2009-07-05 13:46 . 2009-07-05 13:46 -------- d-----w- c:\program files\Orbitdownloader
2009-07-01 13:08 . 2009-07-25 09:17 -------- d-----w- c:\program files\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 13:30 . 2009-04-13 10:39 12 ----a-w- c:\windows\bthservsdp.dat
2009-07-25 12:33 . 2009-04-03 15:07 -------- d-----w- c:\program files\GOPlayer
2009-07-25 11:27 . 2009-06-24 18:06 -------- d-----w- c:\program files\Premiership Coach 2009 Beta
2009-07-25 09:02 . 2008-07-10 03:18 -------- d-----w- c:\users\James\AppData\Roaming\uTorrent
2009-07-24 14:44 . 2008-11-25 06:36 -------- d-----w- c:\users\James\AppData\Roaming\Auslogics
2009-07-23 07:05 . 2008-07-02 06:49 -------- d-----w- c:\program files\Common Files\Apple
2009-07-22 05:53 . 2008-10-12 03:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 12:53 . 2009-03-17 00:25 -------- d-----w- c:\program files\TVUPlayer
2009-07-19 07:11 . 2008-05-17 07:52 107416 ----a-w- c:\users\WAK\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-18 10:18 . 2008-11-22 07:39 107416 ----a-w- c:\users\James\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-16 03:44 . 2008-11-01 10:27 -------- d-----w- c:\programdata\Xfire
2009-07-16 03:44 . 2008-11-01 10:27 -------- d-----w- c:\program files\Xfire
2009-07-15 13:06 . 2008-11-01 10:27 -------- d-----w- c:\users\James\AppData\Roaming\Xfire
2009-07-15 03:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-13 04:54 . 2008-05-31 12:47 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 13:09 . 2009-02-01 09:15 -------- d-----w- c:\program files\Frets on Fire
2009-07-01 12:54 . 2009-01-01 06:04 1356 ----a-w- c:\users\James\AppData\Local\d3d9caps.dat
2009-06-24 18:08 . 2009-06-24 18:08 -------- d-----w- c:\program files\Microsoft.NET
2009-06-24 18:08 . 2009-06-24 18:07 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-21 10:32 . 2008-08-20 16:00 -------- d-----w- c:\program files\DivX
2009-06-21 10:32 . 2009-06-21 10:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-17 05:09 . 2009-05-27 11:08 -------- d-----w- c:\users\James\AppData\Roaming\MessengerDiscovery 2
2009-06-14 08:44 . 2009-06-02 05:17 -------- d-----w- c:\program files\lists
2009-06-10 05:06 . 2008-02-15 01:44 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 04:58 . 2008-02-15 01:33 -------- d-----w- c:\programdata\NVIDIA
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-10 04:02 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-10 04:01 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-10 04:00 . 2009-06-10 04:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-06-10 03:46 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-08 14:42 . 2009-06-08 14:42 -------- d-----w- c:\program files\Face Smoother
2009-06-08 07:46 . 2008-11-11 07:10 2060 ----a-w- c:\users\James\AppData\Roaming\wklnhst.dat
2009-06-04 07:45 . 2009-06-04 07:44 -------- d-----w- c:\program files\QuickTime
2009-06-02 06:47 . 2008-11-25 06:34 -------- d-----w- c:\program files\Auslogics
2009-06-02 06:46 . 2009-06-02 06:46 -------- d-----w- c:\program files\Total Aussie Rules
2009-06-02 06:45 . 2009-06-02 05:17 -------- d-----w- c:\program files\data
2009-06-02 05:18 . 2009-06-02 05:17 -------- d-----w- c:\program files\season
2009-06-02 05:18 . 2009-06-02 05:17 92255 ----a-w- c:\program files\Uninstal.exe
2009-06-02 05:17 . 2009-06-02 05:17 -------- d-----w- c:\program files\manual
2009-05-29 04:06 . 2009-05-29 04:06 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 04:06 . 2009-05-29 04:06 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-27 16:10 . 2009-05-27 16:10 -------- d-----w- c:\users\WAK\AppData\Roaming\MessengerDiscovery 2
2009-05-27 11:08 . 2009-05-27 11:08 -------- d-----w- c:\program files\MessengerDiscovery 2
2009-05-14 06:19 . 2009-05-14 06:19 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-05-14 06:19 . 2009-05-14 06:19 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 06:19 . 2009-05-14 06:19 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 06:17 . 2009-05-14 06:17 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 06:11 . 2009-05-14 06:11 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-04-27 03:55 . 2008-05-18 05:30 138168 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-04-27 03:55 . 2008-05-18 05:30 189472 ----a-w- c:\windows\system32\PnkBstrB.exe
2008-09-23 10:45 . 2008-06-09 09:25 12918784 ----a-w- c:\program files\Footy Fanatic FX.exe
2009-07-23 08:02 . 2008-12-13 10:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-15 01:02 . 2008-02-15 00:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_06.51.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-15 01:17 . 2009-07-25 13:34 65962 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-17 11:25 . 2009-07-25 13:34 17390 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3809952288-2724461265-2277402977-1001_UserData.bin
+ 2008-05-17 07:48 . 2009-07-25 08:25 13752 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3809952288-2724461265-2277402977-1000_UserData.bin
+ 2008-05-17 07:44 . 2009-07-25 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-17 07:44 . 2009-07-25 13:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-17 07:44 . 2009-07-25 13:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-17 07:44 . 2009-07-25 05:21 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-04 10:37 . 2009-07-25 13:11 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-04 10:37 . 2008-12-26 05:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-01 13:58 . 2009-07-01 13:58 97360 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\egui.exe
+ 2009-07-25 09:18 . 2009-07-25 09:18 97360 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\egui.exe
+ 2009-07-25 09:18 . 2009-07-25 09:18 10134 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\callmsi.exe
- 2009-07-01 13:58 . 2009-07-01 13:58 10134 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\callmsi.exe
- 2006-11-02 10:25 . 2009-07-01 13:58 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-25 09:18 51200 c:\windows\inf\infpub.dat
- 2009-07-25 06:42 . 2009-07-25 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-25 13:32 . 2009-07-25 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-25 06:42 . 2009-07-25 06:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-25 13:32 . 2009-07-25 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 13:05 . 2009-07-25 13:34 175264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:25 . 2009-07-25 09:18 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-01 13:58 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-07-01 13:58 143360 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-07-25 09:18 143360 c:\windows\inf\infstor.dat
- 2008-05-17 08:08 . 2009-07-25 06:41 7375272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-17 08:08 . 2009-07-25 13:30 7375272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-25 09:18 . 2009-07-25 09:18 1131008 c:\windows\Installer\3f3c3.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 06:54 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InternodeUsage"="c:\progra~1\INTERN~2\mum.exe" [2008-10-01 1339904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Google Update"="c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-12-23 133104]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-08 148888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-03 6266880]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0b,59,59,05,81,e9,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D94C5F2F-1598-4FEC-9592-B4043C4E2D4B}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= UDP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"UDP Query User{B0F8E8FA-9512-4B36-83EC-58BF580B6771}c:\\program files\\windows live\\messenger\\msnmsgr.exe"= TCP:c:\program files\windows live\messenger\msnmsgr.exe:Windows Live Messenger
"{1D589731-626E-4A60-9BD0-30CF929D8C11}"= UDP:5353:Adobe CSI CS4
"{7DDD7E1D-40D0-41FF-A29C-AFAA63A9EF1E}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{3EC35B12-E499-4B35-9CDC-6ADE5BDFAB43}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{25311ED9-DCDD-4C43-A8A3-94BF2A8D506A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A14B6AF7-4268-410C-AEF1-F02E344FD056}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{CA5BAE35-8D36-47B1-A4BD-304C8790FD8F}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{D33ED749-C374-4171-A5C6-4FFC1DDDAD31}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{58795CE2-1D96-47E9-9D4B-8148FBB3C286}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{39CE95B4-1210-4D3C-ADB4-BDBD684B8DCB}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [14/05/2009 3:47 PM 107256]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\System32\drivers\sp_rsdrv2.sys [23/04/2009 3:09 PM 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14/05/2009 3:47 PM 731840]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [14/05/2009 3:49 PM 38240]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 Ma730Pt;MA730 Bluetooth VCOM Driver;c:\windows\System32\drivers\ma730Pt.sys [11/11/2008 12:22 AM 103680]
R3 Ma730VaA;MA730 Bluetooth Advanced Audio;c:\windows\System32\drivers\Ma730VaA.sys [11/11/2008 12:22 AM 21851]
R3 Ma730Vad;MA730 Bluetooth Audio;c:\windows\System32\drivers\Ma730Vad.sys [11/11/2008 12:22 AM 50522]
S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\System32\drivers\ndisprot.sys [22/11/2008 4:16 PM 29192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809952288-2724461265-2277402977-1001Core.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 15:01]

2009-07-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3809952288-2724461265-2277402977-1001UA.job
- c:\users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2008-12-23 15:01]

2009-07-24 c:\windows\Tasks\NeroLiveEpgUpdate-KEOGH-PC_James.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-10-27 00:29]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{B3701D10-C79F-4169-83B5-54A59B0324D3}.job
- c:\windows\system32\msfeedssync.exe [2008-08-09 07:33]

2009-07-25 c:\windows\Tasks\User_Feed_Synchronization-{D12325AA-2A68-46F7-AB95-48119854AC7A}.job
- c:\windows\system32\msfeedssync.exe [2008-08-09 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fanfooty.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Crawler Search - tbr:iemenu
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {B9707B65-90D4-4E22-8567-406A61F055EC} = 192.231.203.132,192.231.203.3
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\w3z8026x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\James\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\w3z8026x.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\users\James\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-07-25 23:16
ComboFix-quarantined-files.txt 2009-07-25 13:46
ComboFix2.txt 2009-07-25 13:29
ComboFix3.txt 2009-07-25 07:29
ComboFix4.txt 2009-07-25 06:56

Pre-Run: 264,116,916,224 bytes free
Post-Run: 264,014,102,528 bytes free

281 --- E O F --- 2009-07-22 23:22

[JCK8]

when i run the combofix itll do the log without restarting

and i read on the forums that to get the internet working after Combofix has finished all you need to do is restart... so i restart but still no net and ive tried prety much everything to get the net working