System Check virus removed but Internet not working

ComboFix 12-02-10.03 - Pondalex 02/11/2012 8:59.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2300 [GMT -7:00]
Running from: c:\users\Pondalex\Desktop\pondalex.exe.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\pondalex.exe
c:\pondalex.exe\023.dat
c:\pondalex.exe\023v.dat
c:\pondalex.exe\appdata.folder.dat
c:\pondalex.exe\appinit.bad
c:\pondalex.exe\asp.str
c:\pondalex.exe\Assoc.cmd
c:\pondalex.exe\attr.dat
c:\pondalex.exe\ATTRIB.3XE
c:\pondalex.exe\autorun_inf.dat
c:\pondalex.exe\autorun_infB.dat
c:\pondalex.exe\av.cmd
c:\pondalex.exe\av.vbs
c:\pondalex.exe\AWF.cmd
c:\pondalex.exe\badclsid
c:\pondalex.exe\BFE.dat
c:\pondalex.exe\Boot-Rk.cmd
c:\pondalex.exe\Boot.bat
c:\pondalex.exe\BootDrv.vbs
c:\pondalex.exe\borlander_file.dat
c:\pondalex.exe\borlander_folder.dat
c:\pondalex.exe\c.bat
c:\pondalex.exe\c.mrk
c:\pondalex.exe\cache.folder.dat
c:\pondalex.exe\Catch-sub.cmd
c:\pondalex.exe\catchme.3XE
c:\pondalex.exe\Catchme.tmp
c:\pondalex.exe\CCS.bat
c:\pondalex.exe\CF-Script.cmd
c:\pondalex.exe\CF16351.3XE
c:\pondalex.exe\Cfiles.dat
c:\pondalex.exe\Cfolders.dat
c:\pondalex.exe\CHCP.bat
c:\pondalex.exe\ClistB.dat
c:\pondalex.exe\clsid.c
c:\pondalex.exe\clsid.dat
c:\pondalex.exe\Combobatch.bat
c:\pondalex.exe\ComboFix-Download.3XE
c:\pondalex.exe\ConEnv.sed
c:\pondalex.exe\Cookies.folder.dat
c:\pondalex.exe\Create.cmd
c:\pondalex.exe\Creg.dat
c:\pondalex.exe\CregC.cmd
c:\pondalex.exe\CregC.dat
c:\pondalex.exe\CregC_.dat
c:\pondalex.exe\CSCRIPT.3XE
c:\pondalex.exe\d-del_A.dat
c:\pondalex.exe\d-delA.dat
c:\pondalex.exe\dd.3XE
c:\pondalex.exe\ddsDo.sed
c:\pondalex.exe\DelClsid.bat
c:\pondalex.exe\DelClsid64.bat
c:\pondalex.exe\desktop.folder.dat
c:\pondalex.exe\desktop.ini
c:\pondalex.exe\DisclaimED.dat
c:\pondalex.exe\dll_whitelist.dat
c:\pondalex.exe\dnd.dat
c:\pondalex.exe\DPF.str
c:\pondalex.exe\Drive.folder.dat
c:\pondalex.exe\DriveFile.dat
c:\pondalex.exe\Drives.dat
c:\pondalex.exe\DrvRun.vbs
c:\pondalex.exe\dumphive.3XE
c:\pondalex.exe\embedded.sed
c:\pondalex.exe\en-US\ATTRIB.3XE.mui
c:\pondalex.exe\en-US\CF16351.3XE.mui
c:\pondalex.exe\en-US\cmd.3XE.mui
c:\pondalex.exe\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe\en-US\iexplore.exe
c:\pondalex.exe\en-US\PING.3XE.mui
c:\pondalex.exe\en-US\REGT.3XE.mui
c:\pondalex.exe\en-US\ROUTE.3XE.mui
c:\pondalex.exe\Env.sed
c:\pondalex.exe\ERDNT.e_e
c:\pondalex.exe\ERDNTDOS.LOC
c:\pondalex.exe\ERDNTWIN.LOC
c:\pondalex.exe\ERUNT.3XE
c:\pondalex.exe\erunt.dat
c:\pondalex.exe\ERUNT.LOC
c:\pondalex.exe\Exe.reg
c:\pondalex.exe\extract.3XE
c:\pondalex.exe\f_system
c:\pondalex.exe\favorites.folder.dat
c:\pondalex.exe\FD-SV.cmd
c:\pondalex.exe\FdsvOK
c:\pondalex.exe\ffdefstr.dll
c:\pondalex.exe\FileKill.3XE
c:\pondalex.exe\files.pif
c:\pondalex.exe\Fin.dat
c:\pondalex.exe\FIND3M.bat
c:\pondalex.exe\FIXLSP.bat
c:\pondalex.exe\FKMGen.cmd
c:\pondalex.exe\ForeignWht
c:\pondalex.exe\GetHive.cmd
c:\pondalex.exe\GOLDUN.DAT
c:\pondalex.exe\grep.3XE
c:\pondalex.exe\gsar.3XE
c:\pondalex.exe\handle.3XE
c:\pondalex.exe\hidec.3XE
c:\pondalex.exe\history.bat
c:\pondalex.exe\History.folder.dat
c:\pondalex.exe\iexplore.exe
c:\pondalex.exe\image001.gif
c:\pondalex.exe\Imefile.dat
c:\pondalex.exe\katch.cmd
c:\pondalex.exe\katchNT-OS
c:\pondalex.exe\KBJunctions00
c:\pondalex.exe\Kill-All.cmd
c:\pondalex.exe\kmd.dat
c:\pondalex.exe\Lang.bat
c:\pondalex.exe\List-B.bat
c:\pondalex.exe\List-C.bat
c:\pondalex.exe\lnkread.vbs
c:\pondalex.exe\localappdata.folder.dat
c:\pondalex.exe\LocalService.dat
c:\pondalex.exe\LocalServiceNetworkRestricted.dat
c:\pondalex.exe\LocalSettings.folder.dat
c:\pondalex.exe\LocalSystemNetworkRestricted.dat
c:\pondalex.exe\max_.dat
c:\pondalex.exe\mbr.3XE
c:\pondalex.exe\mbr.chk
c:\pondalex.exe\md5sum.pif
c:\pondalex.exe\MoveIt.bat
c:\pondalex.exe\mtee.3XE
c:\pondalex.exe\MUI
c:\pondalex.exe\Music.folder.dat
c:\pondalex.exe\MWindows.dat
c:\pondalex.exe\mynul.dat
c:\pondalex.exe\mypictures.folder.dat
c:\pondalex.exe\N_\10330
c:\pondalex.exe\N_\10417
c:\pondalex.exe\N_\10665
c:\pondalex.exe\N_\11895
c:\pondalex.exe\N_\12426
c:\pondalex.exe\N_\14348
c:\pondalex.exe\N_\15536
c:\pondalex.exe\N_\17374
c:\pondalex.exe\N_\1897
c:\pondalex.exe\N_\191
c:\pondalex.exe\N_\1917
c:\pondalex.exe\N_\19431
c:\pondalex.exe\N_\20592
c:\pondalex.exe\N_\22421
c:\pondalex.exe\N_\23280
c:\pondalex.exe\N_\23631
c:\pondalex.exe\N_\24184
c:\pondalex.exe\N_\24787
c:\pondalex.exe\N_\26157
c:\pondalex.exe\N_\26335
c:\pondalex.exe\N_\26394
c:\pondalex.exe\N_\26692
c:\pondalex.exe\N_\27171
c:\pondalex.exe\N_\28881
c:\pondalex.exe\N_\30026
c:\pondalex.exe\N_\30401
c:\pondalex.exe\N_\3390
c:\pondalex.exe\N_\4715
c:\pondalex.exe\N_\6600
c:\pondalex.exe\N_\8314
c:\pondalex.exe\N_\8325
c:\pondalex.exe\N_\8610
c:\pondalex.exe\N_\cfdummy00
c:\pondalex.exe\N_\CmdLine00
c:\pondalex.exe\ncmd.com
c:\pondalex.exe\ND_.bat
c:\pondalex.exe\ND_64.bat
c:\pondalex.exe\ndis_combofix.dat
c:\pondalex.exe\NetHood.folder.dat
c:\pondalex.exe\netsvc.bad.dat
c:\pondalex.exe\netsvc.dat
c:\pondalex.exe\NetworkService.dat
c:\pondalex.exe\NirCmd.3XE
c:\pondalex.exe\NircmdB.exe
c:\pondalex.exe\NirCmdC.3XE
c:\pondalex.exe\NIRKMD.3XE
c:\pondalex.exe\NlsLanguageDefault
c:\pondalex.exe\notifykeys.dat
c:\pondalex.exe\notifykeysB.dat
c:\pondalex.exe\NT-OS.cmd
c:\pondalex.exe\NULL
c:\pondalex.exe\OsId.txt
c:\pondalex.exe\OSid.vbs
c:\pondalex.exe\pausep.3XE
c:\pondalex.exe\pend.txt
c:\pondalex.exe\personal.folder.dat
c:\pondalex.exe\pev.3XE
c:\pondalex.exe\PEV.exe
c:\pondalex.exe\pevb.3XE
c:\pondalex.exe\Pictures.folder.dat
c:\pondalex.exe\PING.3XE
c:\pondalex.exe\Policies.dat
c:\pondalex.exe\Pondalex.user.cf
c:\pondalex.exe\powp.dat
c:\pondalex.exe\PreDIR
c:\pondalex.exe\Prep.inf
c:\pondalex.exe\PrintHood.folder.dat
c:\pondalex.exe\Profiles.Folder.dat
c:\pondalex.exe\Profiles.Folder.folder.dat
c:\pondalex.exe\progfile.dat
c:\pondalex.exe\programs.folder.dat
c:\pondalex.exe\Purity.dat
c:\pondalex.exe\PV.3XE
c:\pondalex.exe\pv.com
c:\pondalex.exe\rar_sfx.cmd
c:\pondalex.exe\RCLink.dat
c:\pondalex.exe\RcVer00
c:\pondalex.exe\Recent.folder.dat
c:\pondalex.exe\REGDACL.sed
c:\pondalex.exe\RegDo.sed
c:\pondalex.exe\region.dat
c:\pondalex.exe\RegScan.cmd
c:\pondalex.exe\RegScan64.cmd
c:\pondalex.exe\REGT.3XE
c:\pondalex.exe\Resident.txt
c:\pondalex.exe\restore_pt.dat
c:\pondalex.exe\restore_pt.vbs
c:\pondalex.exe\Rkey.cmd
c:\pondalex.exe\rmbr.3XE
c:\pondalex.exe\rogues.dat
c:\pondalex.exe\ROUTE.3XE
c:\pondalex.exe\run.sed
c:\pondalex.exe\run2.sed
c:\pondalex.exe\Rust.str
c:\pondalex.exe\s0rt.3XE
c:\pondalex.exe\safeboot.dat
c:\pondalex.exe\safeboot.def.dat
c:\pondalex.exe\sed.3XE
c:\pondalex.exe\SendTo.folder.dat
c:\pondalex.exe\SetEnvmt.bat
c:\pondalex.exe\setpath.3XE
c:\pondalex.exe\SetPath.bat
c:\pondalex.exe\setpath_N.cmd
c:\pondalex.exe\SF.exe
c:\pondalex.exe\sfx.cmd
c:\pondalex.exe\SnapShot.cmd
c:\pondalex.exe\SRestore.cmd
c:\pondalex.exe\srizbi.md5
c:\pondalex.exe\Start_dat
c:\pondalex.exe\startmenu.folder.dat
c:\pondalex.exe\startup.folder.dat
c:\pondalex.exe\SuppScan.cmd
c:\pondalex.exe\svc_wht.dat
c:\pondalex.exe\SvcDrv.vbs
c:\pondalex.exe\svchost.dat
c:\pondalex.exe\swreg.3XE
c:\pondalex.exe\swsc.3XE
c:\pondalex.exe\swxcacls.3XE
c:\pondalex.exe\SysPath.dat
c:\pondalex.exe\system_ini.dat
c:\pondalex.exe\tail.3XE
c:\pondalex.exe\Temp.dat
c:\pondalex.exe\templates.folder.dat
c:\pondalex.exe\toolbar.sed
c:\pondalex.exe\unhand.dat
c:\pondalex.exe\Update-CF.cmd
c:\pondalex.exe\v_wht.dat
c:\pondalex.exe\VerCF.bat
c:\pondalex.exe\VikPev00
c:\pondalex.exe\Vikpev01
c:\pondalex.exe\VInfo
c:\pondalex.exe\VInfo2
c:\pondalex.exe\VINFO3
c:\pondalex.exe\Vipev.dat
c:\pondalex.exe\ViPev00
c:\pondalex.exe\ViPev01
c:\pondalex.exe\Vista.krl
c:\pondalex.exe\Vista.mac
c:\pondalex.exe\vistaMcode.dat
c:\pondalex.exe\vistareg.dat
c:\pondalex.exe\vRun_DLL
c:\pondalex.exe\vun.dat
c:\pondalex.exe\vundonames.dat
c:\pondalex.exe\VwinTemp.dacl
c:\pondalex.exe\w_sock.dll
c:\pondalex.exe\w7Mcode.dat
c:\pondalex.exe\whiteAll.dat
c:\pondalex.exe\whitedir.dat
c:\pondalex.exe\whitedirCreated.dat
c:\pondalex.exe\Wmi_rem.vbs
c:\pondalex.exe\xpmcode.dat
c:\pondalex.exe\XPSBoot.reg
c:\pondalex.exe\zDomain.dat
c:\pondalex.exe\zhsvc.dat
c:\pondalex.exe\zip.3XE
c:\pondalex.exe\Zlob01
c:\programdata\erFWlu6VTzaxlf
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.2-win32.exe
c:\programdata\vlc-1.0.5-win32.exe
c:\programdata\vlc-1.1.1-win32.exe
c:\programdata\vlc-1.1.2-win32.exe
c:\programdata\vlc-1.1.3-win32.exe
c:\programdata\vlc-1.1.4-win32.exe
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Pondalex\AppData\Roaming\vso_ts_preview.xml
c:\users\Pondalex\Desktop\System Check.lnk
c:\users\Pondalex\Documents\~WRD0003.tmp
c:\users\Pondalex\Documents\~WRD0546.tmp
c:\users\Pondalex\Documents\~WRD2442.tmp
c:\users\Pondalex\Documents\~WRD3709.tmp
c:\users\Pondalex\Documents\~WRL0365.tmp
c:\users\Pondalex\Documents\~WRL0564.tmp
c:\users\Pondalex\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB45409$
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\stapo.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 16:14 . 2012-02-11 16:21 -------- d-----w- c:\users\Pondalex\AppData\Local\temp
2012-02-11 16:14 . 2012-02-11 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 15:30 . 2012-02-11 15:34 -------- d-----w- C:\pondalex.exe15177p
2012-02-11 07:09 . 2012-02-11 15:06 -------- d-----w- C:\pondalex.exe20417p
2012-02-11 04:40 . 2012-02-11 04:40 -------- d--h--w- c:\windows\PIF
2012-02-10 04:33 . 2012-02-10 04:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 05:07 . 2012-02-09 05:07 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-09 05:07 . 2012-02-09 05:07 -------- d-----w- c:\users\Pondalex\AppData\Roaming\FixTDSS
2012-02-08 03:43 . 2012-02-08 03:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 03:39 . 2012-02-08 03:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 03:40 . 2012-02-07 04:48 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-02-07 03:23 . 2012-02-07 03:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-05 05:25 . 2012-02-05 05:26 -------- d-----w- c:\users\Pondalex\AppData\Roaming\GetRightToGo
2012-02-05 03:17 . 2012-02-05 03:17 -------- d-----w- c:\programdata\WindowsSearch
2012-02-05 01:33 . 2012-02-05 01:33 -------- d-----w- c:\program files\ARO 2012
2012-02-02 02:13 . 2012-02-04 22:32 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Ota
2012-02-02 02:13 . 2012-02-04 06:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Nelyu
2012-01-30 03:50 . 2012-01-31 04:14 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gtk-2.0
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\AppData\Local\GNU
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\.kde
2012-01-30 01:15 . 2012-01-31 04:20 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gnupg
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\programdata\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\program files\GNU
2012-01-29 23:53 . 2012-01-30 00:01 -------- d-----w- c:\program files\container
2012-01-29 23:50 . 2012-01-29 23:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\TrueCrypt
2012-01-29 23:45 . 2012-01-29 23:45 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-29 23:45 . 2012-01-29 23:45 -------- d-----w- c:\program files\TrueCrypt
2012-01-28 18:33 . 2012-01-28 18:34 -------- d-----w- c:\users\Pondalex\AppData\Local\Facebook
2012-01-24 04:56 . 2012-02-07 04:20 -------- d-----w- c:\users\Pondalex\tor
2012-01-15 10:05 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 10:05 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 10:05 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 10:05 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 10:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 10:05 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:36 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2011-12-15 19:34 . 2011-12-15 19:34 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2008-10-16 22:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 20:38 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 18:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 20:38 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 20:38 66560 ----a-w- c:\windows\system32\packager.dll
2010-03-31 03:43 . 2001-04-02 08:49 423936 ----a-w- c:\program files\Conversor.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 21:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-05-16 54664]
"Facebook Update"="c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-14 30192]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Pondalex\AppData\Local\vghd\bin\vghd.exe [2011-9-4 1640448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-15 292240]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-06 16:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
2009-03-27 15:29 177488 ----a-w- c:\program files\eAcceleration\Station\station.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-26 01:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
- c:\windows\system32\msfeedssync.exe [2011-04-05 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CamfrogServer60 - c:\program files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe
HKLM-Run-hxmihOGCcujDAx.exe - c:\programdata\hxmihOGCcujDAx.exe
SafeBoot-42417034.sys
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
MSConfigStartUp-webscan - c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe
AddRemove-Excel Join (Merge, Combine) Multiple Sheets & Fi~0B6A6C16_is1 - c:\program files\Excel Join (Merge
AddRemove-KidLogger_is1 - c:\program files\KidLogger\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 09:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Pondalex\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\04\06*\10?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9780)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2012-02-11 09:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 16:28
ComboFix2.txt 2009-03-21 23:45
.
Pre-Run: 429,268,246,528 bytes free
Post-Run: 429,700,005,888 bytes free
.
- - End Of File - - 58EEB1FEFE0C855BBE4C83C27D836081

ComboFix 12-02-10.03 - Pondalex 02/11/2012 10:26:41.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1904 [GMT -7:00]
Running from: c:\users\Pondalex\Desktop\pondalex.exe.exe
Command switches used :: c:\users\Pondalex\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\pondalex.exe15177p
c:\pondalex.exe15177p\023.dat
c:\pondalex.exe15177p\023v.dat
c:\pondalex.exe15177p\appdata.folder.dat
c:\pondalex.exe15177p\appinit.bad
c:\pondalex.exe15177p\asp.str
c:\pondalex.exe15177p\Assoc.cmd
c:\pondalex.exe15177p\attr.dat
c:\pondalex.exe15177p\ATTRIB.3XE
c:\pondalex.exe15177p\autorun_inf.dat
c:\pondalex.exe15177p\autorun_infB.dat
c:\pondalex.exe15177p\av.cmd
c:\pondalex.exe15177p\av.vbs
c:\pondalex.exe15177p\AWF.cmd
c:\pondalex.exe15177p\badclsid
c:\pondalex.exe15177p\BFE.dat
c:\pondalex.exe15177p\Boot-Rk.cmd
c:\pondalex.exe15177p\Boot.bat
c:\pondalex.exe15177p\BootDrv.vbs
c:\pondalex.exe15177p\borlander_file.dat
c:\pondalex.exe15177p\borlander_folder.dat
c:\pondalex.exe15177p\c.bat
c:\pondalex.exe15177p\cache.folder.dat
c:\pondalex.exe15177p\Catch-sub.cmd
c:\pondalex.exe15177p\catchme.3XE
c:\pondalex.exe15177p\Catchme.tmp
c:\pondalex.exe15177p\CCS.bat
c:\pondalex.exe15177p\CF-Script.cmd
c:\pondalex.exe15177p\CF11092.3XE
c:\pondalex.exe15177p\Cfiles.dat
c:\pondalex.exe15177p\Cfolders.dat
c:\pondalex.exe15177p\CHCP.bat
c:\pondalex.exe15177p\ClistB.dat
c:\pondalex.exe15177p\clsid.c
c:\pondalex.exe15177p\clsid.dat
c:\pondalex.exe15177p\Combobatch.bat
c:\pondalex.exe15177p\ComboFix-Download.3XE
c:\pondalex.exe15177p\ConEnv.sed
c:\pondalex.exe15177p\Cookies.folder.dat
c:\pondalex.exe15177p\Create.cmd
c:\pondalex.exe15177p\Creg.dat
c:\pondalex.exe15177p\CregC.cmd
c:\pondalex.exe15177p\CregC.dat
c:\pondalex.exe15177p\CregC_.dat
c:\pondalex.exe15177p\CSCRIPT.3XE
c:\pondalex.exe15177p\d-del_A.dat
c:\pondalex.exe15177p\d-delA.dat
c:\pondalex.exe15177p\dd.3XE
c:\pondalex.exe15177p\ddsDo.sed
c:\pondalex.exe15177p\DelClsid.bat
c:\pondalex.exe15177p\DelClsid64.bat
c:\pondalex.exe15177p\desktop.folder.dat
c:\pondalex.exe15177p\DisclaimED.dat
c:\pondalex.exe15177p\dll_whitelist.dat
c:\pondalex.exe15177p\dnd.dat
c:\pondalex.exe15177p\DPF.str
c:\pondalex.exe15177p\Drive.folder.dat
c:\pondalex.exe15177p\DriveFile.dat
c:\pondalex.exe15177p\Drives.dat
c:\pondalex.exe15177p\DrvRun.vbs
c:\pondalex.exe15177p\dumphive.3XE
c:\pondalex.exe15177p\embedded.sed
c:\pondalex.exe15177p\en-US\ATTRIB.3XE.mui
c:\pondalex.exe15177p\en-US\CF11092.3XE.mui
c:\pondalex.exe15177p\en-US\cmd.3XE.mui
c:\pondalex.exe15177p\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe15177p\en-US\iexplore.exe
c:\pondalex.exe15177p\en-US\PING.3XE.mui
c:\pondalex.exe15177p\en-US\REGT.3XE.mui
c:\pondalex.exe15177p\en-US\ROUTE.3XE.mui
c:\pondalex.exe15177p\Env.sed
c:\pondalex.exe15177p\ERDNT.e_e
c:\pondalex.exe15177p\ERDNTDOS.LOC
c:\pondalex.exe15177p\ERDNTWIN.LOC
c:\pondalex.exe15177p\ERUNT.3XE
c:\pondalex.exe15177p\erunt.dat
c:\pondalex.exe15177p\ERUNT.LOC
c:\pondalex.exe15177p\Exe.reg
c:\pondalex.exe15177p\extract.3XE
c:\pondalex.exe15177p\f_system
c:\pondalex.exe15177p\favorites.folder.dat
c:\pondalex.exe15177p\FD-SV.cmd
c:\pondalex.exe15177p\FdsvOK
c:\pondalex.exe15177p\ffdefstr.dll
c:\pondalex.exe15177p\FileKill.3XE
c:\pondalex.exe15177p\files.pif
c:\pondalex.exe15177p\Fin.dat
c:\pondalex.exe15177p\FIND3M.bat
c:\pondalex.exe15177p\FIXLSP.bat
c:\pondalex.exe15177p\FKMGen.cmd
c:\pondalex.exe15177p\ForeignWht
c:\pondalex.exe15177p\GetHive.cmd
c:\pondalex.exe15177p\GOLDUN.DAT
c:\pondalex.exe15177p\grep.3XE
c:\pondalex.exe15177p\gsar.3XE
c:\pondalex.exe15177p\handle.3XE
c:\pondalex.exe15177p\hidec.3XE
c:\pondalex.exe15177p\history.bat
c:\pondalex.exe15177p\History.folder.dat
c:\pondalex.exe15177p\iexplore.exe
c:\pondalex.exe15177p\image001.gif
c:\pondalex.exe15177p\Imefile.dat
c:\pondalex.exe15177p\katch.cmd
c:\pondalex.exe15177p\Kill-All.cmd
c:\pondalex.exe15177p\kmd.dat
c:\pondalex.exe15177p\Lang.bat
c:\pondalex.exe15177p\List-B.bat
c:\pondalex.exe15177p\List-C.bat
c:\pondalex.exe15177p\lnkread.vbs
c:\pondalex.exe15177p\localappdata.folder.dat
c:\pondalex.exe15177p\LocalService.dat
c:\pondalex.exe15177p\LocalServiceNetworkRestricted.dat
c:\pondalex.exe15177p\LocalSettings.folder.dat
c:\pondalex.exe15177p\LocalSystemNetworkRestricted.dat
c:\pondalex.exe15177p\max_.dat
c:\pondalex.exe15177p\max_drivertocheck
c:\pondalex.exe15177p\mbr.3XE
c:\pondalex.exe15177p\mbr.chk
c:\pondalex.exe15177p\md5sum.pif
c:\pondalex.exe15177p\MoveIt.bat
c:\pondalex.exe15177p\mtee.3XE
c:\pondalex.exe15177p\MUI
c:\pondalex.exe15177p\Music.folder.dat
c:\pondalex.exe15177p\MWindows.dat
c:\pondalex.exe15177p\mynul.dat
c:\pondalex.exe15177p\mypictures.folder.dat
c:\pondalex.exe15177p\N_\10254
c:\pondalex.exe15177p\N_\10302
c:\pondalex.exe15177p\N_\10341
c:\pondalex.exe15177p\N_\10363
c:\pondalex.exe15177p\N_\10396
c:\pondalex.exe15177p\N_\10525
c:\pondalex.exe15177p\N_\10676
c:\pondalex.exe15177p\N_\10884
c:\pondalex.exe15177p\N_\11171
c:\pondalex.exe15177p\N_\11230
c:\pondalex.exe15177p\N_\11541
c:\pondalex.exe15177p\N_\11622
c:\pondalex.exe15177p\N_\11626
c:\pondalex.exe15177p\N_\11832
c:\pondalex.exe15177p\N_\11908
c:\pondalex.exe15177p\N_\12092
c:\pondalex.exe15177p\N_\12104
c:\pondalex.exe15177p\N_\12398
c:\pondalex.exe15177p\N_\12488
c:\pondalex.exe15177p\N_\12900
c:\pondalex.exe15177p\N_\13142
c:\pondalex.exe15177p\N_\13273
c:\pondalex.exe15177p\N_\13390
c:\pondalex.exe15177p\N_\13431
c:\pondalex.exe15177p\N_\13546
c:\pondalex.exe15177p\N_\13555
c:\pondalex.exe15177p\N_\13700
c:\pondalex.exe15177p\N_\13829
c:\pondalex.exe15177p\N_\13837
c:\pondalex.exe15177p\N_\13954
c:\pondalex.exe15177p\N_\14052
c:\pondalex.exe15177p\N_\15262
c:\pondalex.exe15177p\N_\15274
c:\pondalex.exe15177p\N_\15430
c:\pondalex.exe15177p\N_\156
c:\pondalex.exe15177p\N_\15669
c:\pondalex.exe15177p\N_\1567
c:\pondalex.exe15177p\N_\15726
c:\pondalex.exe15177p\N_\1578
c:\pondalex.exe15177p\N_\15919
c:\pondalex.exe15177p\N_\16000
c:\pondalex.exe15177p\N_\16029
c:\pondalex.exe15177p\N_\16042
c:\pondalex.exe15177p\N_\16051
c:\pondalex.exe15177p\N_\16053
c:\pondalex.exe15177p\N_\16265
c:\pondalex.exe15177p\N_\16312
c:\pondalex.exe15177p\N_\16438
c:\pondalex.exe15177p\N_\16454
c:\pondalex.exe15177p\N_\166
c:\pondalex.exe15177p\N_\16806
c:\pondalex.exe15177p\N_\17145
c:\pondalex.exe15177p\N_\17159
c:\pondalex.exe15177p\N_\17332
c:\pondalex.exe15177p\N_\1747
c:\pondalex.exe15177p\N_\176
c:\pondalex.exe15177p\N_\1779
c:\pondalex.exe15177p\N_\17894
c:\pondalex.exe15177p\N_\17920
c:\pondalex.exe15177p\N_\18028
c:\pondalex.exe15177p\N_\183
c:\pondalex.exe15177p\N_\18303
c:\pondalex.exe15177p\N_\18436
c:\pondalex.exe15177p\N_\1851
c:\pondalex.exe15177p\N_\18596
c:\pondalex.exe15177p\N_\1878
c:\pondalex.exe15177p\N_\18922
c:\pondalex.exe15177p\N_\19075
c:\pondalex.exe15177p\N_\19088
c:\pondalex.exe15177p\N_\19406
c:\pondalex.exe15177p\N_\19440
c:\pondalex.exe15177p\N_\19478
c:\pondalex.exe15177p\N_\19584
c:\pondalex.exe15177p\N_\19954
c:\pondalex.exe15177p\N_\20140
c:\pondalex.exe15177p\N_\20175
c:\pondalex.exe15177p\N_\2024
c:\pondalex.exe15177p\N_\20258
c:\pondalex.exe15177p\N_\20333
c:\pondalex.exe15177p\N_\20350
c:\pondalex.exe15177p\N_\20481
c:\pondalex.exe15177p\N_\20535
c:\pondalex.exe15177p\N_\20554
c:\pondalex.exe15177p\N_\20791
c:\pondalex.exe15177p\N_\20945
c:\pondalex.exe15177p\N_\2114
c:\pondalex.exe15177p\N_\21850
c:\pondalex.exe15177p\N_\21893
c:\pondalex.exe15177p\N_\21965
c:\pondalex.exe15177p\N_\22036
c:\pondalex.exe15177p\N_\22099
c:\pondalex.exe15177p\N_\22348
c:\pondalex.exe15177p\N_\22531
c:\pondalex.exe15177p\N_\22919
c:\pondalex.exe15177p\N_\22953
c:\pondalex.exe15177p\N_\23040
c:\pondalex.exe15177p\N_\23260
c:\pondalex.exe15177p\N_\23281
c:\pondalex.exe15177p\N_\23372
c:\pondalex.exe15177p\N_\23407
c:\pondalex.exe15177p\N_\2341
c:\pondalex.exe15177p\N_\23702
c:\pondalex.exe15177p\N_\23782
c:\pondalex.exe15177p\N_\23907
c:\pondalex.exe15177p\N_\24237
c:\pondalex.exe15177p\N_\2550
c:\pondalex.exe15177p\N_\2592
c:\pondalex.exe15177p\N_\2599
c:\pondalex.exe15177p\N_\26003
c:\pondalex.exe15177p\N_\26594
c:\pondalex.exe15177p\N_\26711
c:\pondalex.exe15177p\N_\26723
c:\pondalex.exe15177p\N_\26727
c:\pondalex.exe15177p\N_\26758
c:\pondalex.exe15177p\N_\26841
c:\pondalex.exe15177p\N_\27067
c:\pondalex.exe15177p\N_\27505
c:\pondalex.exe15177p\N_\27620
c:\pondalex.exe15177p\N_\28212
c:\pondalex.exe15177p\N_\28347
c:\pondalex.exe15177p\N_\28612
c:\pondalex.exe15177p\N_\28643
c:\pondalex.exe15177p\N_\28907
c:\pondalex.exe15177p\N_\28917
c:\pondalex.exe15177p\N_\28967
c:\pondalex.exe15177p\N_\28995
c:\pondalex.exe15177p\N_\29440
c:\pondalex.exe15177p\N_\29582
c:\pondalex.exe15177p\N_\29922
c:\pondalex.exe15177p\N_\30286
c:\pondalex.exe15177p\N_\30499
c:\pondalex.exe15177p\N_\3052
c:\pondalex.exe15177p\N_\30714
c:\pondalex.exe15177p\N_\30760
c:\pondalex.exe15177p\N_\30836
c:\pondalex.exe15177p\N_\31038
c:\pondalex.exe15177p\N_\31170
c:\pondalex.exe15177p\N_\31191
c:\pondalex.exe15177p\N_\31423
c:\pondalex.exe15177p\N_\31527
c:\pondalex.exe15177p\N_\3162
c:\pondalex.exe15177p\N_\31878
c:\pondalex.exe15177p\N_\32066
c:\pondalex.exe15177p\N_\32142
c:\pondalex.exe15177p\N_\32523
c:\pondalex.exe15177p\N_\32608
c:\pondalex.exe15177p\N_\32633
c:\pondalex.exe15177p\N_\32734
c:\pondalex.exe15177p\N_\3347
c:\pondalex.exe15177p\N_\3472
c:\pondalex.exe15177p\N_\3485
c:\pondalex.exe15177p\N_\3607
c:\pondalex.exe15177p\N_\3733
c:\pondalex.exe15177p\N_\392
c:\pondalex.exe15177p\N_\3933
c:\pondalex.exe15177p\N_\3996
c:\pondalex.exe15177p\N_\4170
c:\pondalex.exe15177p\N_\4395
c:\pondalex.exe15177p\N_\4466
c:\pondalex.exe15177p\N_\4538
c:\pondalex.exe15177p\N_\4810
c:\pondalex.exe15177p\N_\4872
c:\pondalex.exe15177p\N_\4899
c:\pondalex.exe15177p\N_\5008
c:\pondalex.exe15177p\N_\5107
c:\pondalex.exe15177p\N_\5126
c:\pondalex.exe15177p\N_\5291
c:\pondalex.exe15177p\N_\5402
c:\pondalex.exe15177p\N_\5430
c:\pondalex.exe15177p\N_\5431
c:\pondalex.exe15177p\N_\5671
c:\pondalex.exe15177p\N_\5722
c:\pondalex.exe15177p\N_\5754
c:\pondalex.exe15177p\N_\5867
c:\pondalex.exe15177p\N_\5942
c:\pondalex.exe15177p\N_\5968
c:\pondalex.exe15177p\N_\5985
c:\pondalex.exe15177p\N_\6224
c:\pondalex.exe15177p\N_\6691
c:\pondalex.exe15177p\N_\6919
c:\pondalex.exe15177p\N_\7012
c:\pondalex.exe15177p\N_\7145
c:\pondalex.exe15177p\N_\7198
c:\pondalex.exe15177p\N_\7262
c:\pondalex.exe15177p\N_\7369
c:\pondalex.exe15177p\N_\7686
c:\pondalex.exe15177p\N_\8072
c:\pondalex.exe15177p\N_\8224
c:\pondalex.exe15177p\N_\8413
c:\pondalex.exe15177p\N_\8708
c:\pondalex.exe15177p\N_\9000
c:\pondalex.exe15177p\N_\9091
c:\pondalex.exe15177p\N_\924
c:\pondalex.exe15177p\N_\9300
c:\pondalex.exe15177p\N_\9356
c:\pondalex.exe15177p\N_\9451
c:\pondalex.exe15177p\N_\9469
c:\pondalex.exe15177p\N_\9656
c:\pondalex.exe15177p\N_\9718
c:\pondalex.exe15177p\N_\9743
c:\pondalex.exe15177p\N_\9840
c:\pondalex.exe15177p\N_\987
c:\pondalex.exe15177p\N_\9950
c:\pondalex.exe15177p\N_\cfdummy00
c:\pondalex.exe15177p\N_\CmdLine00
c:\pondalex.exe15177p\ncmd.com
c:\pondalex.exe15177p\ND_.bat
c:\pondalex.exe15177p\ND_64.bat
c:\pondalex.exe15177p\ndis_combofix.dat
c:\pondalex.exe15177p\NetHood.folder.dat
c:\pondalex.exe15177p\netsvc.bad.dat
c:\pondalex.exe15177p\netsvc.dat
c:\pondalex.exe15177p\NetworkService.dat
c:\pondalex.exe15177p\NirCmd.3XE
c:\pondalex.exe15177p\NircmdB.exe
c:\pondalex.exe15177p\NirCmdC.3XE
c:\pondalex.exe15177p\NIRKMD.3XE
c:\pondalex.exe15177p\NlsLanguageDefault
c:\pondalex.exe15177p\notifykeys.dat
c:\pondalex.exe15177p\notifykeysB.dat
c:\pondalex.exe15177p\NT-OS.cmd
c:\pondalex.exe15177p\NULL
c:\pondalex.exe15177p\OsId.txt
c:\pondalex.exe15177p\OSid.vbs
c:\pondalex.exe15177p\pausep.3XE
c:\pondalex.exe15177p\pend.txt
c:\pondalex.exe15177p\personal.folder.dat
c:\pondalex.exe15177p\pev.3XE
c:\pondalex.exe15177p\PEV.exe
c:\pondalex.exe15177p\pevb.3XE
c:\pondalex.exe15177p\Pictures.folder.dat
c:\pondalex.exe15177p\PING.3XE
c:\pondalex.exe15177p\Policies.dat
c:\pondalex.exe15177p\Pondalex.user.cf
c:\pondalex.exe15177p\powp.dat
c:\pondalex.exe15177p\PreDIR
c:\pondalex.exe15177p\Prep.inf
c:\pondalex.exe15177p\PrintHood.folder.dat
c:\pondalex.exe15177p\Profiles.Folder.dat
c:\pondalex.exe15177p\Profiles.Folder.folder.dat
c:\pondalex.exe15177p\progfile.dat
c:\pondalex.exe15177p\programs.folder.dat
c:\pondalex.exe15177p\Purity.dat
c:\pondalex.exe15177p\PV.3XE
c:\pondalex.exe15177p\pv.com
c:\pondalex.exe15177p\rar_sfx.cmd
c:\pondalex.exe15177p\RBoot.dat
c:\pondalex.exe15177p\RCLink.dat
c:\pondalex.exe15177p\RcVer00
c:\pondalex.exe15177p\Recent.folder.dat
c:\pondalex.exe15177p\REGDACL.sed
c:\pondalex.exe15177p\RegDo.sed
c:\pondalex.exe15177p\region.dat
c:\pondalex.exe15177p\RegScan.cmd
c:\pondalex.exe15177p\RegScan64.cmd
c:\pondalex.exe15177p\REGT.3XE
c:\pondalex.exe15177p\Resident.txt
c:\pondalex.exe15177p\restore_pt.dat
c:\pondalex.exe15177p\restore_pt.vbs
c:\pondalex.exe15177p\RkDetectA_HDCntrl.dat
c:\pondalex.exe15177p\Rkey.cmd
c:\pondalex.exe15177p\rmbr.3XE
c:\pondalex.exe15177p\rogues.dat
c:\pondalex.exe15177p\ROUTE.3XE
c:\pondalex.exe15177p\run.sed
c:\pondalex.exe15177p\run2.sed
c:\pondalex.exe15177p\Rust.str
c:\pondalex.exe15177p\s0rt.3XE
c:\pondalex.exe15177p\safeboot.dat
c:\pondalex.exe15177p\safeboot.def.dat
c:\pondalex.exe15177p\sed.3XE
c:\pondalex.exe15177p\SendTo.folder.dat
c:\pondalex.exe15177p\SetEnvmt.bat
c:\pondalex.exe15177p\setpath.3XE
c:\pondalex.exe15177p\SetPath.bat
c:\pondalex.exe15177p\setpath_N.cmd
c:\pondalex.exe15177p\SF.exe
c:\pondalex.exe15177p\sfx.cmd
c:\pondalex.exe15177p\SnapShot.cmd
c:\pondalex.exe15177p\SRestore.cmd
c:\pondalex.exe15177p\srizbi.md5
c:\pondalex.exe15177p\Start_dat
c:\pondalex.exe15177p\startmenu.folder.dat
c:\pondalex.exe15177p\startup.folder.dat
c:\pondalex.exe15177p\SuppScan.cmd
c:\pondalex.exe15177p\svc_wht.dat
c:\pondalex.exe15177p\SvcDrv.vbs
c:\pondalex.exe15177p\svchost.dat
c:\pondalex.exe15177p\swreg.3XE
c:\pondalex.exe15177p\swsc.3XE
c:\pondalex.exe15177p\swxcacls.3XE
c:\pondalex.exe15177p\SysPath.dat
c:\pondalex.exe15177p\system_ini.dat
c:\pondalex.exe15177p\tail.3XE
c:\pondalex.exe15177p\Temp.dat
c:\pondalex.exe15177p\templates.folder.dat
c:\pondalex.exe15177p\toolbar.sed
c:\pondalex.exe15177p\unhand.dat
c:\pondalex.exe15177p\Update-CF.cmd
c:\pondalex.exe15177p\v_wht.dat
c:\pondalex.exe15177p\VerCF.bat
c:\pondalex.exe15177p\VikPev00
c:\pondalex.exe15177p\Vikpev01
c:\pondalex.exe15177p\VInfo
c:\pondalex.exe15177p\VInfo2
c:\pondalex.exe15177p\VINFO3
c:\pondalex.exe15177p\Vipev.dat
c:\pondalex.exe15177p\ViPev00
c:\pondalex.exe15177p\ViPev01
c:\pondalex.exe15177p\Vista.krl
c:\pondalex.exe15177p\Vista.mac
c:\pondalex.exe15177p\vistaMcode.dat
c:\pondalex.exe15177p\vistareg.dat
c:\pondalex.exe15177p\vRun_DLL
c:\pondalex.exe15177p\vun.dat
c:\pondalex.exe15177p\vundonames.dat
c:\pondalex.exe15177p\VwinTemp.dacl
c:\pondalex.exe15177p\w_sock.dll
c:\pondalex.exe15177p\w7Mcode.dat
c:\pondalex.exe15177p\whiteAll.dat
c:\pondalex.exe15177p\whitedir.dat
c:\pondalex.exe15177p\whitedirCreated.dat
c:\pondalex.exe15177p\Wmi_rem.vbs
c:\pondalex.exe15177p\xpmcode.dat
c:\pondalex.exe15177p\XPSBoot.reg
c:\pondalex.exe15177p\zDomain.dat
c:\pondalex.exe15177p\zhsvc.dat
c:\pondalex.exe15177p\zip.3XE
c:\pondalex.exe15177p\Zlob01
C:\pondalex.exe20417p
c:\pondalex.exe20417p\023.dat
c:\pondalex.exe20417p\023v.dat
c:\pondalex.exe20417p\appdata.folder.dat
c:\pondalex.exe20417p\appinit.bad
c:\pondalex.exe20417p\asp.str
c:\pondalex.exe20417p\Assoc.cmd
c:\pondalex.exe20417p\attr.dat
c:\pondalex.exe20417p\ATTRIB.3XE
c:\pondalex.exe20417p\autorun_inf.dat
c:\pondalex.exe20417p\autorun_infB.dat
c:\pondalex.exe20417p\av.cmd
c:\pondalex.exe20417p\av.vbs
c:\pondalex.exe20417p\AWF.cmd
c:\pondalex.exe20417p\badclsid
c:\pondalex.exe20417p\BFE.dat
c:\pondalex.exe20417p\Boot-Rk.cmd
c:\pondalex.exe20417p\Boot.bat
c:\pondalex.exe20417p\BootDrv.vbs
c:\pondalex.exe20417p\borlander_file.dat
c:\pondalex.exe20417p\borlander_folder.dat
c:\pondalex.exe20417p\c.bat
c:\pondalex.exe20417p\cache.folder.dat
c:\pondalex.exe20417p\Catch-sub.cmd
c:\pondalex.exe20417p\catchme.3XE
c:\pondalex.exe20417p\Catchme.tmp
c:\pondalex.exe20417p\CCS.bat
c:\pondalex.exe20417p\CF-Script.cmd
c:\pondalex.exe20417p\CF11370.3XE
c:\pondalex.exe20417p\Cfiles.dat
c:\pondalex.exe20417p\Cfolders.dat
c:\pondalex.exe20417p\CHCP.bat
c:\pondalex.exe20417p\ClistB.dat
c:\pondalex.exe20417p\clsid.c
c:\pondalex.exe20417p\clsid.dat
c:\pondalex.exe20417p\Combobatch.bat
c:\pondalex.exe20417p\ComboFix-Download.3XE
c:\pondalex.exe20417p\ConEnv.sed
c:\pondalex.exe20417p\Cookies.folder.dat
c:\pondalex.exe20417p\Create.cmd
c:\pondalex.exe20417p\Creg.dat
c:\pondalex.exe20417p\CregC.cmd
c:\pondalex.exe20417p\CregC.dat
c:\pondalex.exe20417p\CregC_.dat
c:\pondalex.exe20417p\CSCRIPT.3XE
c:\pondalex.exe20417p\d-del_A.dat
c:\pondalex.exe20417p\d-delA.dat
c:\pondalex.exe20417p\dd.3XE
c:\pondalex.exe20417p\ddsDo.sed
c:\pondalex.exe20417p\DelClsid.bat
c:\pondalex.exe20417p\DelClsid64.bat
c:\pondalex.exe20417p\desktop.folder.dat
c:\pondalex.exe20417p\DisclaimED.dat
c:\pondalex.exe20417p\dll_whitelist.dat
c:\pondalex.exe20417p\dnd.dat
c:\pondalex.exe20417p\DPF.str
c:\pondalex.exe20417p\Drive.folder.dat
c:\pondalex.exe20417p\DriveFile.dat
c:\pondalex.exe20417p\Drives.dat
c:\pondalex.exe20417p\DrvRun.vbs
c:\pondalex.exe20417p\dumphive.3XE
c:\pondalex.exe20417p\embedded.sed
c:\pondalex.exe20417p\en-US\ATTRIB.3XE.mui
c:\pondalex.exe20417p\en-US\CF11370.3XE.mui
c:\pondalex.exe20417p\en-US\cmd.3XE.mui
c:\pondalex.exe20417p\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe20417p\en-US\iexplore.exe
c:\pondalex.exe20417p\en-US\PING.3XE.mui
c:\pondalex.exe20417p\en-US\REGT.3XE.mui
c:\pondalex.exe20417p\en-US\ROUTE.3XE.mui
c:\pondalex.exe20417p\Env.sed
c:\pondalex.exe20417p\ERDNT.e_e
c:\pondalex.exe20417p\ERDNTDOS.LOC
c:\pondalex.exe20417p\ERDNTWIN.LOC
c:\pondalex.exe20417p\ERUNT.3XE
c:\pondalex.exe20417p\erunt.dat
c:\pondalex.exe20417p\ERUNT.LOC
c:\pondalex.exe20417p\Exe.reg
c:\pondalex.exe20417p\extract.3XE
c:\pondalex.exe20417p\f_system
c:\pondalex.exe20417p\favorites.folder.dat
c:\pondalex.exe20417p\FD-SV.cmd
c:\pondalex.exe20417p\FdsvOK
c:\pondalex.exe20417p\ffdefstr.dll
c:\pondalex.exe20417p\FileKill.3XE
c:\pondalex.exe20417p\files.pif
c:\pondalex.exe20417p\Fin.dat
c:\pondalex.exe20417p\FIND3M.bat
c:\pondalex.exe20417p\FIXLSP.bat
c:\pondalex.exe20417p\FKMGen.cmd
c:\pondalex.exe20417p\ForeignWht
c:\pondalex.exe20417p\GetHive.cmd
c:\pondalex.exe20417p\GOLDUN.DAT
c:\pondalex.exe20417p\grep.3XE
c:\pondalex.exe20417p\gsar.3XE
c:\pondalex.exe20417p\handle.3XE
c:\pondalex.exe20417p\hidec.3XE
c:\pondalex.exe20417p\history.bat
c:\pondalex.exe20417p\History.folder.dat
c:\pondalex.exe20417p\iexplore.exe
c:\pondalex.exe20417p\image001.gif
c:\pondalex.exe20417p\Imefile.dat
c:\pondalex.exe20417p\katch.cmd
c:\pondalex.exe20417p\Kill-All.cmd
c:\pondalex.exe20417p\kmd.dat
c:\pondalex.exe20417p\Lang.bat
c:\pondalex.exe20417p\List-B.bat
c:\pondalex.exe20417p\List-C.bat
c:\pondalex.exe20417p\lnkread.vbs
c:\pondalex.exe20417p\localappdata.folder.dat
c:\pondalex.exe20417p\LocalService.dat
c:\pondalex.exe20417p\LocalServiceNetworkRestricted.dat
c:\pondalex.exe20417p\LocalSettings.folder.dat
c:\pondalex.exe20417p\LocalSystemNetworkRestricted.dat
c:\pondalex.exe20417p\max_.dat
c:\pondalex.exe20417p\max_drivertocheck
c:\pondalex.exe20417p\mbr.3XE
c:\pondalex.exe20417p\mbr.chk
c:\pondalex.exe20417p\md5sum.pif
c:\pondalex.exe20417p\MoveIt.bat
c:\pondalex.exe20417p\mtee.3XE
c:\pondalex.exe20417p\MUI
c:\pondalex.exe20417p\Music.folder.dat
c:\pondalex.exe20417p\MWindows.dat
c:\pondalex.exe20417p\mynul.dat
c:\pondalex.exe20417p\mypictures.folder.dat
c:\pondalex.exe20417p\N_\10025
c:\pondalex.exe20417p\N_\10056
c:\pondalex.exe20417p\N_\1006
c:\pondalex.exe20417p\N_\10093
c:\pondalex.exe20417p\N_\10234
c:\pondalex.exe20417p\N_\10325
c:\pondalex.exe20417p\N_\10647
c:\pondalex.exe20417p\N_\10667
c:\pondalex.exe20417p\N_\1069
c:\pondalex.exe20417p\N_\10744
c:\pondalex.exe20417p\N_\10801
c:\pondalex.exe20417p\N_\10818
c:\pondalex.exe20417p\N_\10848
c:\pondalex.exe20417p\N_\10921
c:\pondalex.exe20417p\N_\10942
c:\pondalex.exe20417p\N_\1098
c:\pondalex.exe20417p\N_\11282
c:\pondalex.exe20417p\N_\11379
c:\pondalex.exe20417p\N_\11406
c:\pondalex.exe20417p\N_\11429
c:\pondalex.exe20417p\N_\1157
c:\pondalex.exe20417p\N_\1165
c:\pondalex.exe20417p\N_\11846
c:\pondalex.exe20417p\N_\11851
c:\pondalex.exe20417p\N_\1193
c:\pondalex.exe20417p\N_\12002
c:\pondalex.exe20417p\N_\12004
c:\pondalex.exe20417p\N_\1209
c:\pondalex.exe20417p\N_\1221
c:\pondalex.exe20417p\N_\12212
c:\pondalex.exe20417p\N_\12391
c:\pondalex.exe20417p\N_\1242
c:\pondalex.exe20417p\N_\12468
c:\pondalex.exe20417p\N_\12470
c:\pondalex.exe20417p\N_\1250
c:\pondalex.exe20417p\N_\126
c:\pondalex.exe20417p\N_\12837
c:\pondalex.exe20417p\N_\12929
c:\pondalex.exe20417p\N_\13001
c:\pondalex.exe20417p\N_\13007
c:\pondalex.exe20417p\N_\13163
c:\pondalex.exe20417p\N_\13184
c:\pondalex.exe20417p\N_\13201
c:\pondalex.exe20417p\N_\13213
c:\pondalex.exe20417p\N_\13324
c:\pondalex.exe20417p\N_\13428
c:\pondalex.exe20417p\N_\13450
c:\pondalex.exe20417p\N_\1375
c:\pondalex.exe20417p\N_\13790
c:\pondalex.exe20417p\N_\13965
c:\pondalex.exe20417p\N_\14001
c:\pondalex.exe20417p\N_\14105
c:\pondalex.exe20417p\N_\14130
c:\pondalex.exe20417p\N_\14190
c:\pondalex.exe20417p\N_\14423
c:\pondalex.exe20417p\N_\14498
c:\pondalex.exe20417p\N_\14524
c:\pondalex.exe20417p\N_\14662
c:\pondalex.exe20417p\N_\14681
c:\pondalex.exe20417p\N_\14714
c:\pondalex.exe20417p\N_\1475
c:\pondalex.exe20417p\N_\14753
c:\pondalex.exe20417p\N_\14765
c:\pondalex.exe20417p\N_\14883
c:\pondalex.exe20417p\N_\14934
c:\pondalex.exe20417p\N_\14996
c:\pondalex.exe20417p\N_\15025
c:\pondalex.exe20417p\N_\15069
c:\pondalex.exe20417p\N_\15277
c:\pondalex.exe20417p\N_\15341
c:\pondalex.exe20417p\N_\15357
c:\pondalex.exe20417p\N_\15371
c:\pondalex.exe20417p\N_\15385
c:\pondalex.exe20417p\N_\15518
c:\pondalex.exe20417p\N_\15626
c:\pondalex.exe20417p\N_\15771
c:\pondalex.exe20417p\N_\15893
c:\pondalex.exe20417p\N_\159
c:\pondalex.exe20417p\N_\15940
c:\pondalex.exe20417p\N_\16043
c:\pondalex.exe20417p\N_\16088
c:\pondalex.exe20417p\N_\16094
c:\pondalex.exe20417p\N_\16132
c:\pondalex.exe20417p\N_\16278
c:\pondalex.exe20417p\N_\1631
c:\pondalex.exe20417p\N_\16576
c:\pondalex.exe20417p\N_\16664
c:\pondalex.exe20417p\N_\16693
c:\pondalex.exe20417p\N_\16695
c:\pondalex.exe20417p\N_\16775
c:\pondalex.exe20417p\N_\16776
c:\pondalex.exe20417p\N_\16780
c:\pondalex.exe20417p\N_\16952
c:\pondalex.exe20417p\N_\16980
c:\pondalex.exe20417p\N_\17078
c:\pondalex.exe20417p\N_\17294
c:\pondalex.exe20417p\N_\17298
c:\pondalex.exe20417p\N_\17326
c:\pondalex.exe20417p\N_\17389
c:\pondalex.exe20417p\N_\17539
c:\pondalex.exe20417p\N_\17547
c:\pondalex.exe20417p\N_\17626
c:\pondalex.exe20417p\N_\17799
c:\pondalex.exe20417p\N_\17821
c:\pondalex.exe20417p\N_\17899
c:\pondalex.exe20417p\N_\18154
c:\pondalex.exe20417p\N_\18181
c:\pondalex.exe20417p\N_\18204
c:\pondalex.exe20417p\N_\18374
c:\pondalex.exe20417p\N_\1842
c:\pondalex.exe20417p\N_\18456
c:\pondalex.exe20417p\N_\18460
c:\pondalex.exe20417p\N_\18475
c:\pondalex.exe20417p\N_\18502
c:\pondalex.exe20417p\N_\18525
c:\pondalex.exe20417p\N_\18619
c:\pondalex.exe20417p\N_\18737
c:\pondalex.exe20417p\N_\1876
c:\pondalex.exe20417p\N_\18844
c:\pondalex.exe20417p\N_\18880
c:\pondalex.exe20417p\N_\18957
c:\pondalex.exe20417p\N_\19250
c:\pondalex.exe20417p\N_\19307
c:\pondalex.exe20417p\N_\19366
c:\pondalex.exe20417p\N_\19376
c:\pondalex.exe20417p\N_\19437
c:\pondalex.exe20417p\N_\1947
c:\pondalex.exe20417p\N_\19480
c:\pondalex.exe20417p\N_\19491
c:\pondalex.exe20417p\N_\19561
c:\pondalex.exe20417p\N_\19594
c:\pondalex.exe20417p\N_\19771
c:\pondalex.exe20417p\N_\19910
c:\pondalex.exe20417p\N_\20042
c:\pondalex.exe20417p\N_\20116
c:\pondalex.exe20417p\N_\20171
c:\pondalex.exe20417p\N_\20212
c:\pondalex.exe20417p\N_\20310
c:\pondalex.exe20417p\N_\20434
c:\pondalex.exe20417p\N_\20905
c:\pondalex.exe20417p\N_\20909
c:\pondalex.exe20417p\N_\21167
c:\pondalex.exe20417p\N_\21326
c:\pondalex.exe20417p\N_\2136
c:\pondalex.exe20417p\N_\21416
c:\pondalex.exe20417p\N_\21447
c:\pondalex.exe20417p\N_\21566
c:\pondalex.exe20417p\N_\21751
c:\pondalex.exe20417p\N_\21762
c:\pondalex.exe20417p\N_\21883
c:\pondalex.exe20417p\N_\22120
c:\pondalex.exe20417p\N_\22157
c:\pondalex.exe20417p\N_\22198
c:\pondalex.exe20417p\N_\22201
c:\pondalex.exe20417p\N_\22369
c:\pondalex.exe20417p\N_\22379
c:\pondalex.exe20417p\N_\22397
c:\pondalex.exe20417p\N_\22524
c:\pondalex.exe20417p\N_\22630
c:\pondalex.exe20417p\N_\22665
c:\pondalex.exe20417p\N_\22707
c:\pondalex.exe20417p\N_\22764
c:\pondalex.exe20417p\N_\22862
c:\pondalex.exe20417p\N_\22877
c:\pondalex.exe20417p\N_\22898
c:\pondalex.exe20417p\N_\2293
c:\pondalex.exe20417p\N_\23036
c:\pondalex.exe20417p\N_\2320
c:\pondalex.exe20417p\N_\23358
c:\pondalex.exe20417p\N_\23391
c:\pondalex.exe20417p\N_\23406
c:\pondalex.exe20417p\N_\23466
c:\pondalex.exe20417p\N_\23660
c:\pondalex.exe20417p\N_\23791
c:\pondalex.exe20417p\N_\23819
c:\pondalex.exe20417p\N_\23957
c:\pondalex.exe20417p\N_\24105
c:\pondalex.exe20417p\N_\2429
c:\pondalex.exe20417p\N_\24371
c:\pondalex.exe20417p\N_\2445
c:\pondalex.exe20417p\N_\24494
c:\pondalex.exe20417p\N_\24559
c:\pondalex.exe20417p\N_\24641
c:\pondalex.exe20417p\N_\24731
c:\pondalex.exe20417p\N_\24807
c:\pondalex.exe20417p\N_\24895
c:\pondalex.exe20417p\N_\24964
c:\pondalex.exe20417p\N_\25128
c:\pondalex.exe20417p\N_\25188
c:\pondalex.exe20417p\N_\25192
c:\pondalex.exe20417p\N_\25195
c:\pondalex.exe20417p\N_\25265
c:\pondalex.exe20417p\N_\25347
c:\pondalex.exe20417p\N_\25438
c:\pondalex.exe20417p\N_\25622
c:\pondalex.exe20417p\N_\25644
c:\pondalex.exe20417p\N_\25972
c:\pondalex.exe20417p\N_\26045
c:\pondalex.exe20417p\N_\26050
c:\pondalex.exe20417p\N_\26133
c:\pondalex.exe20417p\N_\26194
c:\pondalex.exe20417p\N_\26247
c:\pondalex.exe20417p\N_\26501
c:\pondalex.exe20417p\N_\26558
c:\pondalex.exe20417p\N_\26606
c:\pondalex.exe20417p\N_\26749
c:\pondalex.exe20417p\N_\26810
c:\pondalex.exe20417p\N_\26914
c:\pondalex.exe20417p\N_\26999
c:\pondalex.exe20417p\N_\27107
c:\pondalex.exe20417p\N_\27169
c:\pondalex.exe20417p\N_\27187
c:\pondalex.exe20417p\N_\27260
c:\pondalex.exe20417p\N_\27284
c:\pondalex.exe20417p\N_\27294
c:\pondalex.exe20417p\N_\27329
c:\pondalex.exe20417p\N_\27370
c:\pondalex.exe20417p\N_\27435
c:\pondalex.exe20417p\N_\27492
c:\pondalex.exe20417p\N_\27781
c:\pondalex.exe20417p\N_\27806
c:\pondalex.exe20417p\N_\27807
c:\pondalex.exe20417p\N_\27890
c:\pondalex.exe20417p\N_\2794
c:\pondalex.exe20417p\N_\28081
c:\pondalex.exe20417p\N_\28106
c:\pondalex.exe20417p\N_\28216
c:\pondalex.exe20417p\N_\28385
c:\pondalex.exe20417p\N_\28491
c:\pondalex.exe20417p\N_\28578
c:\pondalex.exe20417p\N_\28592
c:\pondalex.exe20417p\N_\28681
c:\pondalex.exe20417p\N_\28748
c:\pondalex.exe20417p\N_\2890
c:\pondalex.exe20417p\N_\28914
c:\pondalex.exe20417p\N_\28941
c:\pondalex.exe20417p\N_\28945
c:\pondalex.exe20417p\N_\29032
c:\pondalex.exe20417p\N_\29095
c:\pondalex.exe20417p\N_\29157
c:\pondalex.exe20417p\N_\29364
c:\pondalex.exe20417p\N_\29383
c:\pondalex.exe20417p\N_\29412
c:\pondalex.exe20417p\N_\29490
c:\pondalex.exe20417p\N_\29536
c:\pondalex.exe20417p\N_\29618
c:\pondalex.exe20417p\N_\29753
c:\pondalex.exe20417p\N_\29841
c:\pondalex.exe20417p\N_\29911
c:\pondalex.exe20417p\N_\29964
c:\pondalex.exe20417p\N_\30061
c:\pondalex.exe20417p\N_\30115
c:\pondalex.exe20417p\N_\30230
c:\pondalex.exe20417p\N_\30421
c:\pondalex.exe20417p\N_\30566
c:\pondalex.exe20417p\N_\30671
c:\pondalex.exe20417p\N_\30674
c:\pondalex.exe20417p\N_\30808
c:\pondalex.exe20417p\N_\31126
c:\pondalex.exe20417p\N_\31130
c:\pondalex.exe20417p\N_\31132
c:\pondalex.exe20417p\N_\31196
c:\pondalex.exe20417p\N_\31449
c:\pondalex.exe20417p\N_\31574
c:\pondalex.exe20417p\N_\31578
c:\pondalex.exe20417p\N_\31699
c:\pondalex.exe20417p\N_\31703
c:\pondalex.exe20417p\N_\31727
c:\pondalex.exe20417p\N_\31923
c:\pondalex.exe20417p\N_\32170
c:\pondalex.exe20417p\N_\32182
c:\pondalex.exe20417p\N_\3220
c:\pondalex.exe20417p\N_\3243
c:\pondalex.exe20417p\N_\32463
c:\pondalex.exe20417p\N_\32502
c:\pondalex.exe20417p\N_\32571
c:\pondalex.exe20417p\N_\3263
c:\pondalex.exe20417p\N_\32632
c:\pondalex.exe20417p\N_\3270
c:\pondalex.exe20417p\N_\32732
c:\pondalex.exe20417p\N_\329
c:\pondalex.exe20417p\N_\3296
c:\pondalex.exe20417p\N_\3298
c:\pondalex.exe20417p\N_\3329
c:\pondalex.exe20417p\N_\341
c:\pondalex.exe20417p\N_\3449
c:\pondalex.exe20417p\N_\3502
c:\pondalex.exe20417p\N_\3570
c:\pondalex.exe20417p\N_\3767
c:\pondalex.exe20417p\N_\3928
c:\pondalex.exe20417p\N_\4000
c:\pondalex.exe20417p\N_\4058
c:\pondalex.exe20417p\N_\4098
c:\pondalex.exe20417p\N_\4136
c:\pondalex.exe20417p\N_\44
c:\pondalex.exe20417p\N_\4437
c:\pondalex.exe20417p\N_\4580
c:\pondalex.exe20417p\N_\4708
c:\pondalex.exe20417p\N_\4766
c:\pondalex.exe20417p\N_\4823
c:\pondalex.exe20417p\N_\4840
c:\pondalex.exe20417p\N_\4896
c:\pondalex.exe20417p\N_\5009
c:\pondalex.exe20417p\N_\5047
c:\pondalex.exe20417p\N_\5089
c:\pondalex.exe20417p\N_\5333
c:\pondalex.exe20417p\N_\5580
c:\pondalex.exe20417p\N_\5774
c:\pondalex.exe20417p\N_\5926
c:\pondalex.exe20417p\N_\6250
c:\pondalex.exe20417p\N_\6268
c:\pondalex.exe20417p\N_\6382
c:\pondalex.exe20417p\N_\643
c:\pondalex.exe20417p\N_\6646
c:\pondalex.exe20417p\N_\6729
c:\pondalex.exe20417p\N_\6817
c:\pondalex.exe20417p\N_\6821
c:\pondalex.exe20417p\N_\6844
c:\pondalex.exe20417p\N_\6869
c:\pondalex.exe20417p\N_\6900
c:\pondalex.exe20417p\N_\6956
c:\pondalex.exe20417p\N_\7153
c:\pondalex.exe20417p\N_\7168
c:\pondalex.exe20417p\N_\7202
c:\pondalex.exe20417p\N_\7214
c:\pondalex.exe20417p\N_\7370
c:\pondalex.exe20417p\N_\7532
c:\pondalex.exe20417p\N_\7663
c:\pondalex.exe20417p\N_\7667
c:\pondalex.exe20417p\N_\7801
c:\pondalex.exe20417p\N_\7986
c:\pondalex.exe20417p\N_\8000
c:\pondalex.exe20417p\N_\8045
c:\pondalex.exe20417p\N_\8090
c:\pondalex.exe20417p\N_\8120
c:\pondalex.exe20417p\N_\8171
c:\pondalex.exe20417p\N_\8200
c:\pondalex.exe20417p\N_\8265
c:\pondalex.exe20417p\N_\8308
c:\pondalex.exe20417p\N_\8376
c:\pondalex.exe20417p\N_\8378
c:\pondalex.exe20417p\N_\8612
c:\pondalex.exe20417p\N_\8679
c:\pondalex.exe20417p\N_\8832
c:\pondalex.exe20417p\N_\8853
c:\pondalex.exe20417p\N_\8956
c:\pondalex.exe20417p\N_\897
c:\pondalex.exe20417p\N_\9100
c:\pondalex.exe20417p\N_\9129
c:\pondalex.exe20417p\N_\9274
c:\pondalex.exe20417p\N_\9280
c:\pondalex.exe20417p\N_\9385
c:\pondalex.exe20417p\N_\9496
c:\pondalex.exe20417p\N_\9570
c:\pondalex.exe20417p\N_\9635
c:\pondalex.exe20417p\N_\964
c:\pondalex.exe20417p\N_\9640
c:\pondalex.exe20417p\N_\9739
c:\pondalex.exe20417p\N_\9784
c:\pondalex.exe20417p\N_\9798
c:\pondalex.exe20417p\N_\9819
c:\pondalex.exe20417p\N_\99
c:\pondalex.exe20417p\N_\9915
c:\pondalex.exe20417p\N_\9917
c:\pondalex.exe20417p\N_\cfdummy00
c:\pondalex.exe20417p\N_\CmdLine00
c:\pondalex.exe20417p\ncmd.com
c:\pondalex.exe20417p\ND_.bat
c:\pondalex.exe20417p\ND_64.bat
c:\pondalex.exe20417p\ndis_combofix.dat
c:\pondalex.exe20417p\NetHood.folder.dat
c:\pondalex.exe20417p\netsvc.bad.dat
c:\pondalex.exe20417p\netsvc.dat
c:\pondalex.exe20417p\NetworkService.dat
c:\pondalex.exe20417p\NirCmd.3XE
c:\pondalex.exe20417p\NircmdB.exe
c:\pondalex.exe20417p\NirCmdC.3XE
c:\pondalex.exe20417p\NIRKMD.3XE
c:\pondalex.exe20417p\NlsLanguageDefault
c:\pondalex.exe20417p\notifykeys.dat
c:\pondalex.exe20417p\notifykeysB.dat
c:\pondalex.exe20417p\NT-OS.cmd
c:\pondalex.exe20417p\NULL
c:\pondalex.exe20417p\OsId.txt
c:\pondalex.exe20417p\OSid.vbs
c:\pondalex.exe20417p\pausep.3XE
c:\pondalex.exe20417p\pend.txt
c:\pondalex.exe20417p\personal.folder.dat
c:\pondalex.exe20417p\pev.3XE
c:\pondalex.exe20417p\PEV.exe
c:\pondalex.exe20417p\pevb.3XE
c:\pondalex.exe20417p\Pictures.folder.dat
c:\pondalex.exe20417p\PING.3XE
c:\pondalex.exe20417p\Policies.dat
c:\pondalex.exe20417p\Pondalex.user.cf
c:\pondalex.exe20417p\powp.dat
c:\pondalex.exe20417p\PreDIR
c:\pondalex.exe20417p\Prep.inf
c:\pondalex.exe20417p\PrintHood.folder.dat
c:\pondalex.exe20417p\Profiles.Folder.dat
c:\pondalex.exe20417p\Profiles.Folder.folder.dat
c:\pondalex.exe20417p\progfile.dat
c:\pondalex.exe20417p\programs.folder.dat
c:\pondalex.exe20417p\Purity.dat
c:\pondalex.exe20417p\PV.3XE
c:\pondalex.exe20417p\pv.com
c:\pondalex.exe20417p\rar_sfx.cmd
c:\pondalex.exe20417p\RBoot.dat
c:\pondalex.exe20417p\RCLink.dat
c:\pondalex.exe20417p\RcVer00
c:\pondalex.exe20417p\Recent.folder.dat
c:\pondalex.exe20417p\REGDACL.sed
c:\pondalex.exe20417p\RegDo.sed
c:\pondalex.exe20417p\region.dat
c:\pondalex.exe20417p\RegScan.cmd
c:\pondalex.exe20417p\RegScan64.cmd
c:\pondalex.exe20417p\REGT.3XE
c:\pondalex.exe20417p\Resident.txt
c:\pondalex.exe20417p\restore_pt.dat
c:\pondalex.exe20417p\restore_pt.vbs
c:\pondalex.exe20417p\RkDetectA_HDCntrl.dat
c:\pondalex.exe20417p\Rkey.cmd
c:\pondalex.exe20417p\rmbr.3XE
c:\pondalex.exe20417p\rogues.dat
c:\pondalex.exe20417p\ROUTE.3XE
c:\pondalex.exe20417p\run.sed
c:\pondalex.exe20417p\run2.sed
c:\pondalex.exe20417p\Rust.str
c:\pondalex.exe20417p\s0rt.3XE
c:\pondalex.exe20417p\safeboot.dat
c:\pondalex.exe20417p\safeboot.def.dat
c:\pondalex.exe20417p\sed.3XE
c:\pondalex.exe20417p\SendTo.folder.dat
c:\pondalex.exe20417p\SetEnvmt.bat
c:\pondalex.exe20417p\setpath.3XE
c:\pondalex.exe20417p\SetPath.bat
c:\pondalex.exe20417p\setpath_N.cmd
c:\pondalex.exe20417p\SF.exe
c:\pondalex.exe20417p\sfx.cmd
c:\pondalex.exe20417p\SnapShot.cmd
c:\pondalex.exe20417p\SRestore.cmd
c:\pondalex.exe20417p\srizbi.md5
c:\pondalex.exe20417p\Start_dat
c:\pondalex.exe20417p\startmenu.folder.dat
c:\pondalex.exe20417p\startup.folder.dat
c:\pondalex.exe20417p\SuppScan.cmd
c:\pondalex.exe20417p\svc_wht.dat
c:\pondalex.exe20417p\SvcDrv.vbs
c:\pondalex.exe20417p\svchost.dat
c:\pondalex.exe20417p\swreg.3XE
c:\pondalex.exe20417p\swsc.3XE
c:\pondalex.exe20417p\swxcacls.3XE
c:\pondalex.exe20417p\SysPath.dat
c:\pondalex.exe20417p\system_ini.dat
c:\pondalex.exe20417p\tail.3XE
c:\pondalex.exe20417p\Temp.dat
c:\pondalex.exe20417p\templates.folder.dat
c:\pondalex.exe20417p\toolbar.sed
c:\pondalex.exe20417p\unhand.dat
c:\pondalex.exe20417p\Update-CF.cmd
c:\pondalex.exe20417p\v_wht.dat
c:\pondalex.exe20417p\VerCF.bat
c:\pondalex.exe20417p\VikPev00
c:\pondalex.exe20417p\Vikpev01
c:\pondalex.exe20417p\VInfo
c:\pondalex.exe20417p\VInfo2
c:\pondalex.exe20417p\VINFO3
c:\pondalex.exe20417p\Vipev.dat
c:\pondalex.exe20417p\ViPev00
c:\pondalex.exe20417p\ViPev01
c:\pondalex.exe20417p\Vista.krl
c:\pondalex.exe20417p\Vista.mac
c:\pondalex.exe20417p\vistaMcode.dat
c:\pondalex.exe20417p\vistareg.dat
c:\pondalex.exe20417p\vRun_DLL
c:\pondalex.exe20417p\vun.dat
c:\pondalex.exe20417p\vundonames.dat
c:\pondalex.exe20417p\VwinTemp.dacl
c:\pondalex.exe20417p\w_sock.dll
c:\pondalex.exe20417p\w7Mcode.dat
c:\pondalex.exe20417p\whiteAll.dat
c:\pondalex.exe20417p\whitedir.dat
c:\pondalex.exe20417p\whitedirCreated.dat
c:\pondalex.exe20417p\Wmi_rem.vbs
c:\pondalex.exe20417p\xpmcode.dat
c:\pondalex.exe20417p\XPSBoot.reg
c:\pondalex.exe20417p\zDomain.dat
c:\pondalex.exe20417p\zhsvc.dat
c:\pondalex.exe20417p\zip.3XE
c:\pondalex.exe20417p\Zlob01
c:\users\Pondalex\Desktop\Internet Explorer.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 17:38 . 2012-02-11 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 16:28 . 2012-02-11 17:38 -------- d-----w- c:\users\Pondalex\AppData\Local\temp
2012-02-11 04:40 . 2012-02-11 04:40 -------- d--h--w- c:\windows\PIF
2012-02-10 04:33 . 2012-02-10 04:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 05:07 . 2012-02-09 05:07 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-09 05:07 . 2012-02-09 05:07 -------- d-----w- c:\users\Pondalex\AppData\Roaming\FixTDSS
2012-02-08 03:43 . 2012-02-08 03:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 03:39 . 2012-02-08 03:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 03:40 . 2012-02-07 04:48 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-02-07 03:23 . 2012-02-07 03:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-05 05:25 . 2012-02-05 05:26 -------- d-----w- c:\users\Pondalex\AppData\Roaming\GetRightToGo
2012-02-05 03:17 . 2012-02-05 03:17 -------- d-----w- c:\programdata\WindowsSearch
2012-02-05 01:33 . 2012-02-05 01:33 -------- d-----w- c:\program files\ARO 2012
2012-02-02 02:13 . 2012-02-04 22:32 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Ota
2012-02-02 02:13 . 2012-02-04 06:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Nelyu
2012-01-30 03:50 . 2012-01-31 04:14 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gtk-2.0
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\AppData\Local\GNU
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\.kde
2012-01-30 01:15 . 2012-01-31 04:20 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gnupg
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\programdata\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\program files\GNU
2012-01-29 23:53 . 2012-01-30 00:01 -------- d-----w- c:\program files\container
2012-01-29 23:50 . 2012-01-29 23:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\TrueCrypt
2012-01-29 23:45 . 2012-01-29 23:45 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-29 23:45 . 2012-01-29 23:45 -------- d-----w- c:\program files\TrueCrypt
2012-01-28 18:33 . 2012-01-28 18:34 -------- d-----w- c:\users\Pondalex\AppData\Local\Facebook
2012-01-24 04:56 . 2012-02-07 04:20 -------- d-----w- c:\users\Pondalex\tor
2012-01-15 10:05 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 10:05 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 10:05 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 10:05 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 10:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 10:05 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:36 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2011-12-15 19:34 . 2011-12-15 19:34 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2008-10-16 22:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 20:38 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 18:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 20:38 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 20:38 66560 ----a-w- c:\windows\system32\packager.dll
2010-03-31 03:43 . 2001-04-02 08:49 423936 ----a-w- c:\program files\Conversor.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Pondalex\AppData\Roaming\Nelyu ----
.
.
---- Directory of c:\users\Pondalex\AppData\Roaming\Ota ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 21:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-05-16 54664]
"Facebook Update"="c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-14 30192]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Pondalex\AppData\Local\vghd\bin\vghd.exe [2011-9-4 1640448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-15 292240]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-06 16:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
2009-03-27 15:29 177488 ----a-w- c:\program files\eAcceleration\Station\station.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-26 01:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
- c:\windows\system32\msfeedssync.exe [2011-04-05 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 10:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-11 10:41:52
ComboFix-quarantined-files.txt 2012-02-11 17:41
ComboFix2.txt 2012-02-11 16:28
ComboFix3.txt 2009-03-21 23:45
.
Pre-Run: 429,699,264,512 bytes free
Post-Run: 429,514,674,176 bytes free
.
- - End Of File - - 9B2B0054E56204E58333557A1B9E6CAB

computer is doing well overall. Just no internet . Will update after running malwarebytes

wrong log.....

Farbar Service Scanner Version: 10-02-2012
Ran by Pondalex (administrator) on 11-02-2012 at 12:03:35
Running from "C:\Users\Pondalex\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

malwarebytes was 28 days old. i was not able to update it. is this important?

Internet still does not work. I think there maybe a hardware settings issue as I was messing with things last week when i was trying to fix this alone

A few days ago, rkill made a registry editor shortcut on my desktop called rk-proxy. Should i add this to the registry?

Farbar Service Scanner Version: 10-02-2012
Ran by Pondalex (administrator) on 11-02-2012 at 12:49:33
Running from "C:\Users\Pondalex\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

this command was not recognized:
netsh winsock reset catalog

Microsoft Windows [Version 6.0.6002]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Pondalex>netsh int ip reset reset.log
Reseting Echo Request, failed.
The requested operation requires elevation.
Reseting Global, failed.
The requested operation requires elevation.
Reseting Interface, failed.
The requested operation requires elevation.
There's no user specified settings to be reset.


C:\Users\Pondalex>netsh winsock reset catalog
The system cannot find the file specified.



C:\Users\Pondalex>

tried again but it did not work . I am sure a spelled / spaced correctly. I posted the cmd window......

oh i see now
sorry