Inactive System Check virus removed but Internet not working

[nautilus808]

\{B618B402-7A51-43F4-A4A2-71329BFDCF6D}
[2012/01/15 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B5737D06-4454-4E95-86ED-6E2960A6EDFD}
[2012/01/14 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6D8AB6BA-0D99-45FC-A95E-DBB35F0A5647}
[2012/01/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4029C74A-DA00-460D-A613-403ED1FCB87F}
[2012/01/13 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2AA391F5-986C-4729-BBAC-8E421F6F930F}
[2012/01/12 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E5089D2B-4C83-4714-878D-7C5F362B8557}
[2012/01/12 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E765F61E-74D9-4263-BF6C-7CF735AE2272}
[2012/01/12 11:52:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8DF7660C-5269-4B67-B39C-803D25231594}
[2012/01/11 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A6892FA6-0758-499A-875C-4365EECF9A6D}
[2012/01/11 23:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CA7D01E5-D4E2-4A1A-953D-BE5D0A1F7B02}
[2001/04/02 01:49:16 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 22:11:30 | 000,001,356 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2012/02/10 21:44:05 | 000,000,147 | ---- | M] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/10 21:40:03 | 000,002,855 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/10 21:36:52 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2012/02/10 20:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:34:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:43 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 23:16:31 | 000,667,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/09 23:16:31 | 000,127,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 23:09:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012/02/09 22:29:49 | 000,000,512 | ---- | M] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:37:06 | 307,695,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 21:12:45 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/08 22:07:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | M] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | M] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | M] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 21:20:18 | 000,000,655 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/05 00:52:45 | 000,015,360 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 22:58:14 | 000,000,341 | ---- | M] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | M] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 15:56:13 | 000,000,607 | ---- | M] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/04 15:35:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/02/01 20:56:29 | 000,001,057 | ---- | M] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 22:34:41 | 000,000,514 | ---- | M] () -- C:\Users\Pondalex\Desktop\Nubiles.net Member's Area - Home.website
[2012/01/30 21:14:32 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 21:00:00 | 000,006,034 | ---- | M] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/29 19:14:51 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/01/21 14:53:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 21:40:22 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:40:08 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:40:03 | 000,002,855 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/09 22:29:49 | 000,000,512 | ---- | C] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:14:23 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/07 23:20:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 23:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | C] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | C] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | C] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:46:49 | 000,000,448 | ---- | C] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/04 23:03:20 | 000,000,341 | ---- | C] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | C] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 18:20:33 | 000,000,147 | ---- | C] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/04 15:56:13 | 000,000,607 | ---- | C] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/01 20:56:29 | 000,001,057 | ---- | C] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 21:14:31 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 20:59:59 | 000,006,034 | ---- | C] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/28 11:33:46 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/01/28 11:33:46 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/01/23 22:43:33 | 000,000,655 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2011/12/17 02:29:57 | 000,201,116 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/09 16:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/09 16:57:12 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/25 19:15:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/11/05 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010/10/10 08:26:28 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/09/28 13:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/21 20:41:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/08 19:36:08 | 019,657,194 | ---- | C] () -- C:\ProgramData\vlc-1.1.4-win32.exe
[2010/08/21 21:37:06 | 019,563,096 | ---- | C] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/08/02 13:01:13 | 019,461,015 | ---- | C] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/07/25 00:31:55 | 019,473,201 | ---- | C] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/04 18:38:22 | 016,310,272 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/05/08 11:38:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\VHx0W
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\8s32
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\ProgramData\8s32
[2010/03/29 21:34:59 | 000,000,579 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\AutoGK.ini
[2010/03/28 16:20:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/12 10:44:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/12 10:44:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:30:39 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/10/24 10:30:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/21 20:22:49 | 000,001,356 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2009/09/15 16:02:36 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/28 20:33:32 | 000,001,044 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\vso_ts_preview.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 06:58:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/09 20:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/05/06 21:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/25 21:41:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/03 18:10:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/03 15:34:18 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:06 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2009/03/21 16:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/21 16:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/21 16:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/09/29 18:42:17 | 000,870,128 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\mcs.rma
[2008/09/29 18:42:17 | 000,000,004 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\1FAC5E
[2008/09/21 02:07:03 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/18 03:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/10 20:43:01 | 000,015,360 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 22:34:46 | 000,001,468 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/08/14 22:15:32 | 000,001,306 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\wklnhst.dat
[2008/08/06 12:39:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/06 08:56:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/06 08:56:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/06 08:52:19 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/08/06 08:52:19 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/08/06 08:52:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,436,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,667,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,127,148 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/10/28 10:07:20 | 000,372,736 | ---- | C] () -- C:\Windows\System32\ffvfw.dll
[2002/10/15 15:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/04/02 01:41:14 | 000,000,157 | ---- | C] () -- C:\Program Files\Perfiles.ini

========== LOP Check ==========

[2011/01/23 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG
[2010/12/04 15:21:16 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG10
[2011/12/11 10:42:40 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Azureus
[2010/08/14 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\BitTorrent
[2011/09/04 07:11:02 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Camfrog
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Canon
[2009/06/12 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ChemBuddy
[2011/06/15 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\com.Shutterfly.ExpressUploader
[2008/09/09 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\DataSafeOnline
[2009/08/05 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Dylogic
[2009/05/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\eAcceleration
[2009/03/30 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ExcelCube
[2012/02/08 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
[2012/02/04 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
[2012/01/30 21:20:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gnupg
[2012/01/30 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
[2011/03/21 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Image Zone Express
[2008/08/30 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Leadertech
[2010/06/13 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\LimeWire
[2012/02/03 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
[2012/02/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Ota
[2009/11/01 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Printer Info Cache
[2010/06/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Raptr
[2010/12/30 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Registry Mechanic
[2011/02/24 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Sammsoft
[2009/07/09 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Snapfish
[2008/08/20 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Template
[2012/01/29 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
[2011/10/26 08:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Uniblue
[2010/04/22 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\vghd
[2009/08/28 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Vso
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:37:20 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/01 02:51:21 | 000,000,078 | ---- | M] () -- C:\AEIusb.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 08:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/08/06 12:40:01 | 000,005,187 | R--- | M] () -- C:\dell.sdr
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/07 20:44:28 | 000,047,516 | ---- | M] () -- C:\JavaRa.log
[2010/05/09 09:21:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/02/10 20:38:35 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2012/02/10 21:46:46 | 000,000,467 | ---- | M] () -- C:\rkill.log
[2009/03/28 21:40:24 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
[2009/03/29 09:12:33 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2009/03/28 21:40:24 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 09:12:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2012/02/09 21:34:26 | 000,086,456 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_09.02.2012_21.32.57_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/01 22:57:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_hpzpp4v2.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\2_hpzpp4v2.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/08/21 19:12:10 | 000,001,682 | ---- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/03/30 20:43:24 | 000,423,936 | ---- | M] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/04/03 15:34:20 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:17 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2010/03/30 20:43:24 | 000,000,157 | ---- | M] () -- C:\Program Files\Perfiles.ini
[2009/04/09 23:46:14 | 000,012,092 | ---- | M] () -- C:\Program Files\Self-made media for NM-122708.xlsx

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/01/23 22:11:58 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2011/01/23 22:11:58 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2011/01/23 22:11:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2011/01/23 22:11:59 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2011/01/23 22:11:59 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/04 17:21:17 | 000,000,087 | -HS- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2007/09/17 19:28:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Pondalex\Desktop\recdisc.exe
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/09 22:43:49 | 000,061,224 | ---- | M] () -- C:\Users\Pondalex\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/23 22:10:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/01/23 22:10:32 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/13 22:45:10 | 000,000,402 | -HS- | M] () -- C:\Users\Pondalex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/04 00:39:44 | 000,003,604 | -HS- | M] () -- C:\ProgramData\8s32
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/01/21 14:53:37 | 000,004,264 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/04 21:58:34 | 000,009,584 | -HS- | M] () -- C:\ProgramData\VHx0W
[2009/09/15 16:17:05 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2010/10/10 08:26:28 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2011/01/23 21:49:00 | 016,310,272 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/07/25 00:34:20 | 019,473,201 | ---- | M] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/08/02 13:03:42 | 019,461,015 | ---- | M] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/08/21 21:39:34 | 019,563,096 | ---- | M] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/09/08 19:39:32 | 019,657,194 | ---- | M] () -- C:\ProgramData\vlc-1.1.4-win32.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$] -> -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

 

[nautilus808]

I ran combofix, overnight. This am, a message said "combofix detecetd rootkit" and needs to restart.

 

[nautilus808]

Ran combofix. It said that the machine is infected with Rootkit.zeroaccess. It has inserted itself into the tcp/ip stack.
2 min later message appeared " rootkit detetected, be patient, this make take some moments"

. Upon restart in normal mode, the internet did nto work. I got a message saying "Java update scheduler has stopped working"

 

[Broni]

Did Combofix run to a completion?
Did it produce any log?

 

[nautilus808]

Ran combofix a few times. It finally produced a log just now!

\{B618B402-7A51-43F4-A4A2-71329BFDCF6D}
[2012/01/15 10:24:56 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{B5737D06-4454-4E95-86ED-6E2960A6EDFD}
[2012/01/14 10:16:04 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{6D8AB6BA-0D99-45FC-A95E-DBB35F0A5647}
[2012/01/13 20:16:14 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{4029C74A-DA00-460D-A613-403ED1FCB87F}
[2012/01/13 20:16:03 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{2AA391F5-986C-4729-BBAC-8E421F6F930F}
[2012/01/12 23:53:24 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E5089D2B-4C83-4714-878D-7C5F362B8557}
[2012/01/12 11:53:00 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{E765F61E-74D9-4263-BF6C-7CF735AE2272}
[2012/01/12 11:52:49 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{8DF7660C-5269-4B67-B39C-803D25231594}
[2012/01/11 23:52:20 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{A6892FA6-0758-499A-875C-4365EECF9A6D}
[2012/01/11 23:52:07 | 000,000,000 | ---D | C] -- C:\Users\Pondalex\AppData\Local\{CA7D01E5-D4E2-4A1A-953D-BE5D0A1F7B02}
[2001/04/02 01:49:16 | 000,423,936 | ---- | C] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 22:11:30 | 000,001,356 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2012/02/10 21:44:05 | 000,000,147 | ---- | M] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/10 21:40:03 | 000,002,855 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/10 21:36:52 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2012/02/10 20:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:37:23 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/10 20:34:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:43 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:43 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/09 23:16:31 | 000,667,260 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/09 23:16:31 | 000,127,148 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/09 23:09:58 | 000,000,862 | ---- | M] () -- C:\Windows\System32\tversity.cookies
[2012/02/09 22:29:49 | 000,000,512 | ---- | M] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:37:06 | 307,695,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/09 21:12:45 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | M] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/08 22:07:55 | 000,026,872 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\FixTDSS.sys
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | M] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | M] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | M] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 21:20:18 | 000,000,655 | ---- | M] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/05 00:52:45 | 000,015,360 | ---- | M] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/04 22:58:14 | 000,000,341 | ---- | M] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | M] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 15:56:13 | 000,000,607 | ---- | M] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/04 15:35:53 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2012/02/01 20:56:29 | 000,001,057 | ---- | M] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 22:34:41 | 000,000,514 | ---- | M] () -- C:\Users\Pondalex\Desktop\Nubiles.net Member's Area - Home.website
[2012/01/30 21:14:32 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 21:00:00 | 000,006,034 | ---- | M] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | M] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/29 19:14:51 | 000,000,436 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/29 16:45:40 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2012/01/21 14:53:36 | 000,130,834 | ---- | M] () -- C:\Windows\hpoins18.dat
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/10 21:40:22 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.exe
[2012/02/10 21:40:08 | 001,008,141 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill.com
[2012/02/10 21:40:03 | 000,002,855 | ---- | C] () -- C:\Users\Pondalex\Desktop\rkill - Shortcut.pif
[2012/02/09 22:29:49 | 000,000,512 | ---- | C] () -- C:\Users\Pondalex\Desktop\MBR.dat
[2012/02/09 21:14:23 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (4).lnk
[2012/02/09 21:10:38 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (3).lnk
[2012/02/09 20:59:49 | 000,000,715 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut (2).lnk
[2012/02/09 20:54:19 | 000,000,299 | ---- | C] () -- C:\Users\Pondalex\Desktop\recdisc - Shortcut.lnk
[2012/02/07 23:20:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/07 23:20:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/07 20:54:38 | 000,001,110 | ---- | C] () -- C:\Users\Pondalex\Desktop\Get Live PC Help Now.lnk
[2012/02/06 21:23:04 | 000,000,523 | ---- | C] () -- C:\Users\Pondalex\Desktop\The MUZIK - Shortcut.lnk
[2012/02/06 21:22:48 | 000,000,679 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut (2).lnk
[2012/02/06 21:22:36 | 000,000,415 | ---- | C] () -- C:\Users\Pondalex\Desktop\Downloads - Shortcut.lnk
[2012/02/06 20:40:10 | 000,000,938 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2012/02/06 08:55:53 | 000,000,286 | ---- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
[2012/02/05 10:46:49 | 000,000,448 | ---- | C] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/02/04 23:03:20 | 000,000,341 | ---- | C] () -- C:\Users\Pondalex\Desktop\exefix.reg
[2012/02/04 18:41:44 | 000,000,474 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/04 18:33:52 | 000,001,649 | ---- | C] () -- C:\Users\Pondalex\Desktop\Check PC For Errors.lnk
[2012/02/04 18:20:33 | 000,000,147 | ---- | C] () -- C:\Users\Pondalex\Desktop\rk-proxy.reg
[2012/02/04 15:56:13 | 000,000,607 | ---- | C] () -- C:\Users\Pondalex\Desktop\System Check.lnk
[2012/02/01 20:56:29 | 000,001,057 | ---- | C] () -- C:\Users\Pondalex\Desktop\Spybot - Search & Destroy.lnk
[2012/01/30 21:14:31 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-87623C84.asc
[2012/01/29 20:59:59 | 000,006,034 | ---- | C] () -- C:\Users\Pondalex\secret-key-F8B6DEB8.asc
[2012/01/29 20:50:56 | 000,006,035 | ---- | C] () -- C:\Users\Pondalex\secret-key-6C9A59A4.asc
[2012/01/28 11:33:46 | 000,000,940 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/01/28 11:33:46 | 000,000,918 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/01/23 22:43:33 | 000,000,655 | ---- | C] () -- C:\Users\Pondalex\Desktop\Start Tor Browser - Shortcut.lnk
[2011/12/17 02:29:57 | 000,201,116 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/06/09 16:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/06/09 16:57:12 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/25 19:15:14 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/11/05 12:17:10 | 000,000,000 | ---- | C] () -- C:\Windows\hpqEmlSz.INI
[2010/10/10 08:26:28 | 018,527,244 | ---- | C] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2010/09/28 13:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/09/21 20:41:54 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/08 19:36:08 | 019,657,194 | ---- | C] () -- C:\ProgramData\vlc-1.1.4-win32.exe
[2010/08/21 21:37:06 | 019,563,096 | ---- | C] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/08/02 13:01:13 | 019,461,015 | ---- | C] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/07/25 00:31:55 | 019,473,201 | ---- | C] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/06/04 18:38:22 | 016,310,272 | ---- | C] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/05/08 11:38:53 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys
[2010/04/22 19:02:04 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\VHx0W
[2010/04/04 20:58:19 | 000,009,584 | -HS- | C] () -- C:\ProgramData\VHx0W
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\Users\Pondalex\AppData\Local\8s32
[2010/04/03 21:33:42 | 000,003,604 | -HS- | C] () -- C:\ProgramData\8s32
[2010/03/29 21:34:59 | 000,000,579 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\AutoGK.ini
[2010/03/28 16:20:56 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/11/12 10:44:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/11/12 10:44:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/24 10:30:39 | 000,130,834 | ---- | C] () -- C:\Windows\hpoins18.dat
[2009/10/24 10:30:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2009/10/21 20:22:49 | 000,001,356 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\d3d9caps.dat
[2009/09/15 16:02:36 | 018,015,723 | ---- | C] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2009/08/28 20:33:32 | 000,001,044 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\vso_ts_preview.xml
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/06 06:58:43 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/05/09 20:30:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/05/06 21:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/04/25 21:41:35 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/03 18:10:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/04/03 15:34:18 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:06 | 000,016,362 | ---- | C] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2009/03/21 16:40:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/03/21 16:40:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/03/21 16:40:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/01/25 14:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 16:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLgFT.dll
[2008/09/29 18:42:17 | 000,870,128 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\mcs.rma
[2008/09/29 18:42:17 | 000,000,004 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\1FAC5E
[2008/09/21 02:07:03 | 000,066,482 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2008/09/18 03:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/10 20:43:01 | 000,015,360 | ---- | C] () -- C:\Users\Pondalex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 22:34:46 | 000,001,468 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/08/14 22:15:32 | 000,001,306 | ---- | C] () -- C:\Users\Pondalex\AppData\Roaming\wklnhst.dat
[2008/08/06 12:39:55 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/08/06 08:56:26 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/08/06 08:56:25 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/08/06 08:52:19 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/08/06 08:52:19 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/08/06 08:52:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2006/11/02 05:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 05:47:37 | 000,436,592 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:33:01 | 000,667,260 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 03:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 03:33:01 | 000,127,148 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 03:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 03:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 01:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 01:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 00:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/10/28 10:07:20 | 000,372,736 | ---- | C] () -- C:\Windows\System32\ffvfw.dll
[2002/10/15 15:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/04/02 01:41:14 | 000,000,157 | ---- | C] () -- C:\Program Files\Perfiles.ini

========== LOP Check ==========

[2011/01/23 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG
[2010/12/04 15:21:16 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\AVG10
[2011/12/11 10:42:40 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Azureus
[2010/08/14 08:36:27 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\BitTorrent
[2011/09/04 07:11:02 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Camfrog
[2011/02/04 15:38:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Canon
[2009/06/12 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ChemBuddy
[2011/06/15 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\com.Shutterfly.ExpressUploader
[2008/09/09 23:22:13 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\DataSafeOnline
[2009/08/05 12:59:25 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Dylogic
[2009/05/05 20:17:34 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\eAcceleration
[2009/03/30 22:25:46 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\ExcelCube
[2012/02/08 22:07:55 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\FixTDSS
[2012/02/04 22:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\GetRightToGo
[2012/01/30 21:20:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gnupg
[2012/01/30 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\gtk-2.0
[2011/03/21 21:39:03 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Image Zone Express
[2008/08/30 23:14:39 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Leadertech
[2010/06/13 21:03:44 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\LimeWire
[2012/02/03 23:54:31 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Nelyu
[2012/02/04 15:32:58 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Ota
[2009/11/01 12:08:08 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Printer Info Cache
[2010/06/13 21:03:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Raptr
[2010/12/30 23:27:07 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Registry Mechanic
[2011/02/24 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Sammsoft
[2009/07/09 12:05:48 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Snapfish
[2008/08/20 21:36:33 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Template
[2012/01/29 16:54:28 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\TrueCrypt
[2011/10/26 08:14:38 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Uniblue
[2010/04/22 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\vghd
[2009/08/28 23:25:52 | 000,000,000 | ---D | M] -- C:\Users\Pondalex\AppData\Roaming\Vso
[2012/02/10 20:30:39 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
[2012/02/10 20:30:39 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
[2012/02/10 20:37:20 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/06 08:55:53 | 000,000,286 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/01 02:51:21 | 000,000,078 | ---- | M] () -- C:\AEIusb.log
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 08:21:26 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/08/06 12:40:01 | 000,005,187 | R--- | M] () -- C:\dell.sdr
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/02/07 20:44:28 | 000,047,516 | ---- | M] () -- C:\JavaRa.log
[2010/05/09 09:21:06 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/12/04 10:23:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\npbittorrent.dll
[2012/02/10 20:38:35 | 3532,881,920 | -HS- | M] () -- C:\pagefile.sys
[2012/02/10 21:46:46 | 000,000,467 | ---- | M] () -- C:\rkill.log
[2009/03/28 21:40:24 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
[2009/03/29 09:12:33 | 000,000,268 | ---- | M] () -- C:\sqmdata01.sqm
[2009/03/28 21:40:24 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
[2009/03/29 09:12:33 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
[2012/02/09 21:34:26 | 000,086,456 | ---- | M] () -- C:\TDSSKiller.2.7.11.0_09.02.2012_21.32.57_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/01/01 22:57:22 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_hpzpp4v2.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\2_hpzpp4v2.dll
[2006/04/10 15:02:32 | 000,074,240 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp054.dll
[2007/02/02 10:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/05/13 14:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/08/21 19:12:10 | 000,001,682 | ---- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2010/03/30 20:43:24 | 000,423,936 | ---- | M] (Feñiz 2001) -- C:\Program Files\Conversor.exe
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2009/04/03 15:34:20 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended-((Demonoid.com)).torrent
[2009/04/03 15:28:17 | 000,016,362 | ---- | M] () -- C:\Program Files\Microsoft_Office_2003_Pro_Unattended_x-Demonoid.com-x.torrent
[2010/03/30 20:43:24 | 000,000,157 | ---- | M] () -- C:\Program Files\Perfiles.ini
[2009/04/09 23:46:14 | 000,012,092 | ---- | M] () -- C:\Program Files\Self-made media for NM-122708.xlsx

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/01/23 22:11:58 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2011/01/23 22:11:58 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2011/01/23 22:11:59 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2011/01/23 22:11:59 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2011/01/23 22:11:59 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/02/04 17:21:17 | 000,000,087 | -HS- | M] () -- C:\Users\Pondalex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/02/08 21:24:36 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pondalex\Desktop\aswMBR.exe
[2012/02/10 22:28:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pondalex\Desktop\OTL.exe
[2012/02/10 21:35:16 | 004,400,207 | R--- | M] (Swearware) -- C:\Users\Pondalex\Desktop\pondalex.exe.exe
[2007/09/17 19:28:30 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Users\Pondalex\Desktop\recdisc.exe
[2012/02/10 21:36:26 | 001,008,141 | ---- | M] () -- C:\Users\Pondalex\Desktop\rkill.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2008/09/09 22:43:49 | 000,061,224 | ---- | M] () -- C:\Users\Pondalex\GoToAssistDownloadHelper.exe

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/23 22:10:32 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/01/23 22:10:32 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/01/23 22:10:32 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/13 22:45:10 | 000,000,402 | -HS- | M] () -- C:\Users\Pondalex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/04/04 00:39:44 | 000,003,604 | -HS- | M] () -- C:\ProgramData\8s32
[2012/02/05 10:47:55 | 000,000,448 | ---- | M] () -- C:\ProgramData\erFWlu6VTzaxlf
[2012/01/21 14:53:37 | 000,004,264 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2010/04/04 21:58:34 | 000,009,584 | -HS- | M] () -- C:\ProgramData\VHx0W
[2009/09/15 16:17:05 | 018,015,723 | ---- | M] () -- C:\ProgramData\vlc-1.0.1-win32.exe
[2010/10/10 08:26:28 | 018,527,244 | ---- | M] () -- C:\ProgramData\vlc-1.0.2-win32.exe
[2011/01/23 21:49:00 | 016,310,272 | ---- | M] () -- C:\ProgramData\vlc-1.0.5-win32.exe
[2010/07/25 00:34:20 | 019,473,201 | ---- | M] () -- C:\ProgramData\vlc-1.1.1-win32.exe
[2010/08/02 13:03:42 | 019,461,015 | ---- | M] () -- C:\ProgramData\vlc-1.1.2-win32.exe
[2010/08/21 21:39:34 | 019,563,096 | ---- | M] () -- C:\ProgramData\vlc-1.1.3-win32.exe
[2010/09/08 19:39:32 | 019,657,194 | ---- | M] () -- C:\ProgramData\vlc-1.1.4-win32.exe

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\$NtUninstallKB45409$] -> -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Application Data] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Cookies] -> Error: Cannot create file handle -> Unknown point type
[C:\Windows\System32\config\systemprofile\Local Settings] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP1B5B4F1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

 

[Broni]

This is not Combofix log.

 

[nautilus808]

Thats strange, something ran upon start up and produced this log. It said it was combofix. Wait for combofix to finish before doing anything it said. Wait for log to pop up it said. The combofix txt files will not open. When i try to open it says "illegal operation attempted on a registry key that has been marked for deletion"

 

[Broni]

Restart computer.

 

[nautilus808]

ok
restarting......

 

[nautilus808]

Computer restarted with no problem...

 

[Broni]

Look for C:\combofix.txt

 

[nautilus808]

ComboFix 12-02-10.03 - Pondalex 02/11/2012 8:59.2.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2300 [GMT -7:00]
Running from: c:\users\Pondalex\Desktop\pondalex.exe.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\pondalex.exe
c:\pondalex.exe\023.dat
c:\pondalex.exe\023v.dat
c:\pondalex.exe\appdata.folder.dat
c:\pondalex.exe\appinit.bad
c:\pondalex.exe\asp.str
c:\pondalex.exe\Assoc.cmd
c:\pondalex.exe\attr.dat
c:\pondalex.exe\ATTRIB.3XE
c:\pondalex.exe\autorun_inf.dat
c:\pondalex.exe\autorun_infB.dat
c:\pondalex.exe\av.cmd
c:\pondalex.exe\av.vbs
c:\pondalex.exe\AWF.cmd
c:\pondalex.exe\badclsid
c:\pondalex.exe\BFE.dat
c:\pondalex.exe\Boot-Rk.cmd
c:\pondalex.exe\Boot.bat
c:\pondalex.exe\BootDrv.vbs
c:\pondalex.exe\borlander_file.dat
c:\pondalex.exe\borlander_folder.dat
c:\pondalex.exe\c.bat
c:\pondalex.exe\c.mrk
c:\pondalex.exe\cache.folder.dat
c:\pondalex.exe\Catch-sub.cmd
c:\pondalex.exe\catchme.3XE
c:\pondalex.exe\Catchme.tmp
c:\pondalex.exe\CCS.bat
c:\pondalex.exe\CF-Script.cmd
c:\pondalex.exe\CF16351.3XE
c:\pondalex.exe\Cfiles.dat
c:\pondalex.exe\Cfolders.dat
c:\pondalex.exe\CHCP.bat
c:\pondalex.exe\ClistB.dat
c:\pondalex.exe\clsid.c
c:\pondalex.exe\clsid.dat
c:\pondalex.exe\Combobatch.bat
c:\pondalex.exe\ComboFix-Download.3XE
c:\pondalex.exe\ConEnv.sed
c:\pondalex.exe\Cookies.folder.dat
c:\pondalex.exe\Create.cmd
c:\pondalex.exe\Creg.dat
c:\pondalex.exe\CregC.cmd
c:\pondalex.exe\CregC.dat
c:\pondalex.exe\CregC_.dat
c:\pondalex.exe\CSCRIPT.3XE
c:\pondalex.exe\d-del_A.dat
c:\pondalex.exe\d-delA.dat
c:\pondalex.exe\dd.3XE
c:\pondalex.exe\ddsDo.sed
c:\pondalex.exe\DelClsid.bat
c:\pondalex.exe\DelClsid64.bat
c:\pondalex.exe\desktop.folder.dat
c:\pondalex.exe\desktop.ini
c:\pondalex.exe\DisclaimED.dat
c:\pondalex.exe\dll_whitelist.dat
c:\pondalex.exe\dnd.dat
c:\pondalex.exe\DPF.str
c:\pondalex.exe\Drive.folder.dat
c:\pondalex.exe\DriveFile.dat
c:\pondalex.exe\Drives.dat
c:\pondalex.exe\DrvRun.vbs
c:\pondalex.exe\dumphive.3XE
c:\pondalex.exe\embedded.sed
c:\pondalex.exe\en-US\ATTRIB.3XE.mui
c:\pondalex.exe\en-US\CF16351.3XE.mui
c:\pondalex.exe\en-US\cmd.3XE.mui
c:\pondalex.exe\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe\en-US\iexplore.exe
c:\pondalex.exe\en-US\PING.3XE.mui
c:\pondalex.exe\en-US\REGT.3XE.mui
c:\pondalex.exe\en-US\ROUTE.3XE.mui
c:\pondalex.exe\Env.sed
c:\pondalex.exe\ERDNT.e_e
c:\pondalex.exe\ERDNTDOS.LOC
c:\pondalex.exe\ERDNTWIN.LOC
c:\pondalex.exe\ERUNT.3XE
c:\pondalex.exe\erunt.dat
c:\pondalex.exe\ERUNT.LOC
c:\pondalex.exe\Exe.reg
c:\pondalex.exe\extract.3XE
c:\pondalex.exe\f_system
c:\pondalex.exe\favorites.folder.dat
c:\pondalex.exe\FD-SV.cmd
c:\pondalex.exe\FdsvOK
c:\pondalex.exe\ffdefstr.dll
c:\pondalex.exe\FileKill.3XE
c:\pondalex.exe\files.pif
c:\pondalex.exe\Fin.dat
c:\pondalex.exe\FIND3M.bat
c:\pondalex.exe\FIXLSP.bat
c:\pondalex.exe\FKMGen.cmd
c:\pondalex.exe\ForeignWht
c:\pondalex.exe\GetHive.cmd
c:\pondalex.exe\GOLDUN.DAT
c:\pondalex.exe\grep.3XE
c:\pondalex.exe\gsar.3XE
c:\pondalex.exe\handle.3XE
c:\pondalex.exe\hidec.3XE
c:\pondalex.exe\history.bat
c:\pondalex.exe\History.folder.dat
c:\pondalex.exe\iexplore.exe
c:\pondalex.exe\image001.gif
c:\pondalex.exe\Imefile.dat
c:\pondalex.exe\katch.cmd
c:\pondalex.exe\katchNT-OS
c:\pondalex.exe\KBJunctions00
c:\pondalex.exe\Kill-All.cmd
c:\pondalex.exe\kmd.dat
c:\pondalex.exe\Lang.bat
c:\pondalex.exe\List-B.bat
c:\pondalex.exe\List-C.bat
c:\pondalex.exe\lnkread.vbs
c:\pondalex.exe\localappdata.folder.dat
c:\pondalex.exe\LocalService.dat
c:\pondalex.exe\LocalServiceNetworkRestricted.dat
c:\pondalex.exe\LocalSettings.folder.dat
c:\pondalex.exe\LocalSystemNetworkRestricted.dat
c:\pondalex.exe\max_.dat
c:\pondalex.exe\mbr.3XE
c:\pondalex.exe\mbr.chk
c:\pondalex.exe\md5sum.pif
c:\pondalex.exe\MoveIt.bat
c:\pondalex.exe\mtee.3XE
c:\pondalex.exe\MUI
c:\pondalex.exe\Music.folder.dat
c:\pondalex.exe\MWindows.dat
c:\pondalex.exe\mynul.dat
c:\pondalex.exe\mypictures.folder.dat
c:\pondalex.exe\N_\10330
c:\pondalex.exe\N_\10417
c:\pondalex.exe\N_\10665
c:\pondalex.exe\N_\11895
c:\pondalex.exe\N_\12426
c:\pondalex.exe\N_\14348
c:\pondalex.exe\N_\15536
c:\pondalex.exe\N_\17374
c:\pondalex.exe\N_\1897
c:\pondalex.exe\N_\191
c:\pondalex.exe\N_\1917
c:\pondalex.exe\N_\19431
c:\pondalex.exe\N_\20592
c:\pondalex.exe\N_\22421
c:\pondalex.exe\N_\23280
c:\pondalex.exe\N_\23631
c:\pondalex.exe\N_\24184
c:\pondalex.exe\N_\24787
c:\pondalex.exe\N_\26157
c:\pondalex.exe\N_\26335
c:\pondalex.exe\N_\26394
c:\pondalex.exe\N_\26692
c:\pondalex.exe\N_\27171
c:\pondalex.exe\N_\28881
c:\pondalex.exe\N_\30026
c:\pondalex.exe\N_\30401
c:\pondalex.exe\N_\3390
c:\pondalex.exe\N_\4715
c:\pondalex.exe\N_\6600
c:\pondalex.exe\N_\8314
c:\pondalex.exe\N_\8325
c:\pondalex.exe\N_\8610
c:\pondalex.exe\N_\cfdummy00
c:\pondalex.exe\N_\CmdLine00
c:\pondalex.exe\ncmd.com
c:\pondalex.exe\ND_.bat
c:\pondalex.exe\ND_64.bat
c:\pondalex.exe\ndis_combofix.dat
c:\pondalex.exe\NetHood.folder.dat
c:\pondalex.exe\netsvc.bad.dat
c:\pondalex.exe\netsvc.dat
c:\pondalex.exe\NetworkService.dat
c:\pondalex.exe\NirCmd.3XE
c:\pondalex.exe\NircmdB.exe
c:\pondalex.exe\NirCmdC.3XE
c:\pondalex.exe\NIRKMD.3XE
c:\pondalex.exe\NlsLanguageDefault
c:\pondalex.exe\notifykeys.dat
c:\pondalex.exe\notifykeysB.dat
c:\pondalex.exe\NT-OS.cmd
c:\pondalex.exe\NULL
c:\pondalex.exe\OsId.txt
c:\pondalex.exe\OSid.vbs
c:\pondalex.exe\pausep.3XE
c:\pondalex.exe\pend.txt
c:\pondalex.exe\personal.folder.dat
c:\pondalex.exe\pev.3XE
c:\pondalex.exe\PEV.exe
c:\pondalex.exe\pevb.3XE
c:\pondalex.exe\Pictures.folder.dat
c:\pondalex.exe\PING.3XE
c:\pondalex.exe\Policies.dat
c:\pondalex.exe\Pondalex.user.cf
c:\pondalex.exe\powp.dat
c:\pondalex.exe\PreDIR
c:\pondalex.exe\Prep.inf
c:\pondalex.exe\PrintHood.folder.dat
c:\pondalex.exe\Profiles.Folder.dat
c:\pondalex.exe\Profiles.Folder.folder.dat
c:\pondalex.exe\progfile.dat
c:\pondalex.exe\programs.folder.dat
c:\pondalex.exe\Purity.dat
c:\pondalex.exe\PV.3XE
c:\pondalex.exe\pv.com
c:\pondalex.exe\rar_sfx.cmd
c:\pondalex.exe\RCLink.dat
c:\pondalex.exe\RcVer00
c:\pondalex.exe\Recent.folder.dat
c:\pondalex.exe\REGDACL.sed
c:\pondalex.exe\RegDo.sed
c:\pondalex.exe\region.dat
c:\pondalex.exe\RegScan.cmd
c:\pondalex.exe\RegScan64.cmd
c:\pondalex.exe\REGT.3XE
c:\pondalex.exe\Resident.txt
c:\pondalex.exe\restore_pt.dat
c:\pondalex.exe\restore_pt.vbs
c:\pondalex.exe\Rkey.cmd
c:\pondalex.exe\rmbr.3XE
c:\pondalex.exe\rogues.dat
c:\pondalex.exe\ROUTE.3XE
c:\pondalex.exe\run.sed
c:\pondalex.exe\run2.sed
c:\pondalex.exe\Rust.str
c:\pondalex.exe\s0rt.3XE
c:\pondalex.exe\safeboot.dat
c:\pondalex.exe\safeboot.def.dat
c:\pondalex.exe\sed.3XE
c:\pondalex.exe\SendTo.folder.dat
c:\pondalex.exe\SetEnvmt.bat
c:\pondalex.exe\setpath.3XE
c:\pondalex.exe\SetPath.bat
c:\pondalex.exe\setpath_N.cmd
c:\pondalex.exe\SF.exe
c:\pondalex.exe\sfx.cmd
c:\pondalex.exe\SnapShot.cmd
c:\pondalex.exe\SRestore.cmd
c:\pondalex.exe\srizbi.md5
c:\pondalex.exe\Start_dat
c:\pondalex.exe\startmenu.folder.dat
c:\pondalex.exe\startup.folder.dat
c:\pondalex.exe\SuppScan.cmd
c:\pondalex.exe\svc_wht.dat
c:\pondalex.exe\SvcDrv.vbs
c:\pondalex.exe\svchost.dat
c:\pondalex.exe\swreg.3XE
c:\pondalex.exe\swsc.3XE
c:\pondalex.exe\swxcacls.3XE
c:\pondalex.exe\SysPath.dat
c:\pondalex.exe\system_ini.dat
c:\pondalex.exe\tail.3XE
c:\pondalex.exe\Temp.dat
c:\pondalex.exe\templates.folder.dat
c:\pondalex.exe\toolbar.sed
c:\pondalex.exe\unhand.dat
c:\pondalex.exe\Update-CF.cmd
c:\pondalex.exe\v_wht.dat
c:\pondalex.exe\VerCF.bat
c:\pondalex.exe\VikPev00
c:\pondalex.exe\Vikpev01
c:\pondalex.exe\VInfo
c:\pondalex.exe\VInfo2
c:\pondalex.exe\VINFO3
c:\pondalex.exe\Vipev.dat
c:\pondalex.exe\ViPev00
c:\pondalex.exe\ViPev01
c:\pondalex.exe\Vista.krl
c:\pondalex.exe\Vista.mac
c:\pondalex.exe\vistaMcode.dat
c:\pondalex.exe\vistareg.dat
c:\pondalex.exe\vRun_DLL
c:\pondalex.exe\vun.dat
c:\pondalex.exe\vundonames.dat
c:\pondalex.exe\VwinTemp.dacl
c:\pondalex.exe\w_sock.dll
c:\pondalex.exe\w7Mcode.dat
c:\pondalex.exe\whiteAll.dat
c:\pondalex.exe\whitedir.dat
c:\pondalex.exe\whitedirCreated.dat
c:\pondalex.exe\Wmi_rem.vbs
c:\pondalex.exe\xpmcode.dat
c:\pondalex.exe\XPSBoot.reg
c:\pondalex.exe\zDomain.dat
c:\pondalex.exe\zhsvc.dat
c:\pondalex.exe\zip.3XE
c:\pondalex.exe\Zlob01
c:\programdata\erFWlu6VTzaxlf
c:\programdata\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
c:\programdata\vlc-1.0.1-win32.exe
c:\programdata\vlc-1.0.2-win32.exe
c:\programdata\vlc-1.0.5-win32.exe
c:\programdata\vlc-1.1.1-win32.exe
c:\programdata\vlc-1.1.2-win32.exe
c:\programdata\vlc-1.1.3-win32.exe
c:\programdata\vlc-1.1.4-win32.exe
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\Pondalex\AppData\Roaming\vso_ts_preview.xml
c:\users\Pondalex\Desktop\System Check.lnk
c:\users\Pondalex\Documents\~WRD0003.tmp
c:\users\Pondalex\Documents\~WRD0546.tmp
c:\users\Pondalex\Documents\~WRD2442.tmp
c:\users\Pondalex\Documents\~WRD3709.tmp
c:\users\Pondalex\Documents\~WRL0365.tmp
c:\users\Pondalex\Documents\~WRL0564.tmp
c:\users\Pondalex\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB45409$
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\stapo.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 16:14 . 2012-02-11 16:21 -------- d-----w- c:\users\Pondalex\AppData\Local\temp
2012-02-11 16:14 . 2012-02-11 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 15:30 . 2012-02-11 15:34 -------- d-----w- C:\pondalex.exe15177p
2012-02-11 07:09 . 2012-02-11 15:06 -------- d-----w- C:\pondalex.exe20417p
2012-02-11 04:40 . 2012-02-11 04:40 -------- d--h--w- c:\windows\PIF
2012-02-10 04:33 . 2012-02-10 04:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 05:07 . 2012-02-09 05:07 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-09 05:07 . 2012-02-09 05:07 -------- d-----w- c:\users\Pondalex\AppData\Roaming\FixTDSS
2012-02-08 03:43 . 2012-02-08 03:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 03:39 . 2012-02-08 03:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 03:40 . 2012-02-07 04:48 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-02-07 03:23 . 2012-02-07 03:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-05 05:25 . 2012-02-05 05:26 -------- d-----w- c:\users\Pondalex\AppData\Roaming\GetRightToGo
2012-02-05 03:17 . 2012-02-05 03:17 -------- d-----w- c:\programdata\WindowsSearch
2012-02-05 01:33 . 2012-02-05 01:33 -------- d-----w- c:\program files\ARO 2012
2012-02-02 02:13 . 2012-02-04 22:32 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Ota
2012-02-02 02:13 . 2012-02-04 06:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Nelyu
2012-01-30 03:50 . 2012-01-31 04:14 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gtk-2.0
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\AppData\Local\GNU
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\.kde
2012-01-30 01:15 . 2012-01-31 04:20 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gnupg
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\programdata\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\program files\GNU
2012-01-29 23:53 . 2012-01-30 00:01 -------- d-----w- c:\program files\container
2012-01-29 23:50 . 2012-01-29 23:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\TrueCrypt
2012-01-29 23:45 . 2012-01-29 23:45 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-29 23:45 . 2012-01-29 23:45 -------- d-----w- c:\program files\TrueCrypt
2012-01-28 18:33 . 2012-01-28 18:34 -------- d-----w- c:\users\Pondalex\AppData\Local\Facebook
2012-01-24 04:56 . 2012-02-07 04:20 -------- d-----w- c:\users\Pondalex\tor
2012-01-15 10:05 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 10:05 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 10:05 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 10:05 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 10:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 10:05 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:36 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2011-12-15 19:34 . 2011-12-15 19:34 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2008-10-16 22:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 20:38 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 18:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 20:38 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 20:38 66560 ----a-w- c:\windows\system32\packager.dll
2010-03-31 03:43 . 2001-04-02 08:49 423936 ----a-w- c:\program files\Conversor.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 21:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-05-16 54664]
"Facebook Update"="c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-14 30192]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Pondalex\AppData\Local\vghd\bin\vghd.exe [2011-9-4 1640448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-15 292240]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-06 16:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
2009-03-27 15:29 177488 ----a-w- c:\program files\eAcceleration\Station\station.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-26 01:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
- c:\windows\system32\msfeedssync.exe [2011-04-05 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CamfrogServer60 - c:\program files\Camfrog\Camfrog Server 6.0\CamfrogServer.exe
HKLM-Run-hxmihOGCcujDAx.exe - c:\programdata\hxmihOGCcujDAx.exe
SafeBoot-42417034.sys
MSConfigStartUp-BitTorrent DNA - c:\program files\DNA\btdna.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
MSConfigStartUp-webscan - c:\program files\Acceleration Software\Anti-Virus\stopsignav.exe
AddRemove-Excel Join (Merge, Combine) Multiple Sheets & Fi~0B6A6C16_is1 - c:\program files\Excel Join (Merge
AddRemove-KidLogger_is1 - c:\program files\KidLogger\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 09:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\users\Pondalex\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\07\01\04\06*\10?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(9780)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atiesrxx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\programdata\TVersity\Media Server\MediaServer.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\ehome\mcupdate.EXE
.
**************************************************************************
.
Completion time: 2012-02-11 09:28:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 16:28
ComboFix2.txt 2009-03-21 23:45
.
Pre-Run: 429,268,246,528 bytes free
Post-Run: 429,700,005,888 bytes free
.
- - End Of File - - 58EEB1FEFE0C855BBE4C83C27D836081

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::

Folder::
C:\pondalex.exe15177p
C:\pondalex.exe20417p

DirLook::
c:\users\Pondalex\AppData\Roaming\Ota
c:\users\Pondalex\AppData\Roaming\Nelyu

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]

Registry::

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[nautilus808]

ComboFix 12-02-10.03 - Pondalex 02/11/2012 10:26:41.3.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1904 [GMT -7:00]
Running from: c:\users\Pondalex\Desktop\pondalex.exe.exe
Command switches used :: c:\users\Pondalex\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\pondalex.exe15177p
c:\pondalex.exe15177p\023.dat
c:\pondalex.exe15177p\023v.dat
c:\pondalex.exe15177p\appdata.folder.dat
c:\pondalex.exe15177p\appinit.bad
c:\pondalex.exe15177p\asp.str
c:\pondalex.exe15177p\Assoc.cmd
c:\pondalex.exe15177p\attr.dat
c:\pondalex.exe15177p\ATTRIB.3XE
c:\pondalex.exe15177p\autorun_inf.dat
c:\pondalex.exe15177p\autorun_infB.dat
c:\pondalex.exe15177p\av.cmd
c:\pondalex.exe15177p\av.vbs
c:\pondalex.exe15177p\AWF.cmd
c:\pondalex.exe15177p\badclsid
c:\pondalex.exe15177p\BFE.dat
c:\pondalex.exe15177p\Boot-Rk.cmd
c:\pondalex.exe15177p\Boot.bat
c:\pondalex.exe15177p\BootDrv.vbs
c:\pondalex.exe15177p\borlander_file.dat
c:\pondalex.exe15177p\borlander_folder.dat
c:\pondalex.exe15177p\c.bat
c:\pondalex.exe15177p\cache.folder.dat
c:\pondalex.exe15177p\Catch-sub.cmd
c:\pondalex.exe15177p\catchme.3XE
c:\pondalex.exe15177p\Catchme.tmp
c:\pondalex.exe15177p\CCS.bat
c:\pondalex.exe15177p\CF-Script.cmd
c:\pondalex.exe15177p\CF11092.3XE
c:\pondalex.exe15177p\Cfiles.dat
c:\pondalex.exe15177p\Cfolders.dat
c:\pondalex.exe15177p\CHCP.bat
c:\pondalex.exe15177p\ClistB.dat
c:\pondalex.exe15177p\clsid.c
c:\pondalex.exe15177p\clsid.dat
c:\pondalex.exe15177p\Combobatch.bat
c:\pondalex.exe15177p\ComboFix-Download.3XE
c:\pondalex.exe15177p\ConEnv.sed
c:\pondalex.exe15177p\Cookies.folder.dat
c:\pondalex.exe15177p\Create.cmd
c:\pondalex.exe15177p\Creg.dat
c:\pondalex.exe15177p\CregC.cmd
c:\pondalex.exe15177p\CregC.dat
c:\pondalex.exe15177p\CregC_.dat
c:\pondalex.exe15177p\CSCRIPT.3XE
c:\pondalex.exe15177p\d-del_A.dat
c:\pondalex.exe15177p\d-delA.dat
c:\pondalex.exe15177p\dd.3XE
c:\pondalex.exe15177p\ddsDo.sed
c:\pondalex.exe15177p\DelClsid.bat
c:\pondalex.exe15177p\DelClsid64.bat
c:\pondalex.exe15177p\desktop.folder.dat
c:\pondalex.exe15177p\DisclaimED.dat
c:\pondalex.exe15177p\dll_whitelist.dat
c:\pondalex.exe15177p\dnd.dat
c:\pondalex.exe15177p\DPF.str
c:\pondalex.exe15177p\Drive.folder.dat
c:\pondalex.exe15177p\DriveFile.dat
c:\pondalex.exe15177p\Drives.dat
c:\pondalex.exe15177p\DrvRun.vbs
c:\pondalex.exe15177p\dumphive.3XE
c:\pondalex.exe15177p\embedded.sed
c:\pondalex.exe15177p\en-US\ATTRIB.3XE.mui
c:\pondalex.exe15177p\en-US\CF11092.3XE.mui
c:\pondalex.exe15177p\en-US\cmd.3XE.mui
c:\pondalex.exe15177p\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe15177p\en-US\iexplore.exe
c:\pondalex.exe15177p\en-US\PING.3XE.mui
c:\pondalex.exe15177p\en-US\REGT.3XE.mui
c:\pondalex.exe15177p\en-US\ROUTE.3XE.mui
c:\pondalex.exe15177p\Env.sed
c:\pondalex.exe15177p\ERDNT.e_e
c:\pondalex.exe15177p\ERDNTDOS.LOC
c:\pondalex.exe15177p\ERDNTWIN.LOC
c:\pondalex.exe15177p\ERUNT.3XE
c:\pondalex.exe15177p\erunt.dat
c:\pondalex.exe15177p\ERUNT.LOC
c:\pondalex.exe15177p\Exe.reg
c:\pondalex.exe15177p\extract.3XE
c:\pondalex.exe15177p\f_system
c:\pondalex.exe15177p\favorites.folder.dat
c:\pondalex.exe15177p\FD-SV.cmd
c:\pondalex.exe15177p\FdsvOK
c:\pondalex.exe15177p\ffdefstr.dll
c:\pondalex.exe15177p\FileKill.3XE
c:\pondalex.exe15177p\files.pif
c:\pondalex.exe15177p\Fin.dat
c:\pondalex.exe15177p\FIND3M.bat
c:\pondalex.exe15177p\FIXLSP.bat
c:\pondalex.exe15177p\FKMGen.cmd
c:\pondalex.exe15177p\ForeignWht
c:\pondalex.exe15177p\GetHive.cmd
c:\pondalex.exe15177p\GOLDUN.DAT
c:\pondalex.exe15177p\grep.3XE
c:\pondalex.exe15177p\gsar.3XE
c:\pondalex.exe15177p\handle.3XE
c:\pondalex.exe15177p\hidec.3XE
c:\pondalex.exe15177p\history.bat
c:\pondalex.exe15177p\History.folder.dat
c:\pondalex.exe15177p\iexplore.exe
c:\pondalex.exe15177p\image001.gif
c:\pondalex.exe15177p\Imefile.dat
c:\pondalex.exe15177p\katch.cmd
c:\pondalex.exe15177p\Kill-All.cmd
c:\pondalex.exe15177p\kmd.dat
c:\pondalex.exe15177p\Lang.bat
c:\pondalex.exe15177p\List-B.bat
c:\pondalex.exe15177p\List-C.bat
c:\pondalex.exe15177p\lnkread.vbs
c:\pondalex.exe15177p\localappdata.folder.dat
c:\pondalex.exe15177p\LocalService.dat
c:\pondalex.exe15177p\LocalServiceNetworkRestricted.dat
c:\pondalex.exe15177p\LocalSettings.folder.dat
c:\pondalex.exe15177p\LocalSystemNetworkRestricted.dat
c:\pondalex.exe15177p\max_.dat
c:\pondalex.exe15177p\max_drivertocheck
c:\pondalex.exe15177p\mbr.3XE
c:\pondalex.exe15177p\mbr.chk
c:\pondalex.exe15177p\md5sum.pif
c:\pondalex.exe15177p\MoveIt.bat
c:\pondalex.exe15177p\mtee.3XE
c:\pondalex.exe15177p\MUI
c:\pondalex.exe15177p\Music.folder.dat
c:\pondalex.exe15177p\MWindows.dat
c:\pondalex.exe15177p\mynul.dat
c:\pondalex.exe15177p\mypictures.folder.dat
c:\pondalex.exe15177p\N_\10254
c:\pondalex.exe15177p\N_\10302
c:\pondalex.exe15177p\N_\10341
c:\pondalex.exe15177p\N_\10363
c:\pondalex.exe15177p\N_\10396
c:\pondalex.exe15177p\N_\10525
c:\pondalex.exe15177p\N_\10676
c:\pondalex.exe15177p\N_\10884
c:\pondalex.exe15177p\N_\11171
c:\pondalex.exe15177p\N_\11230
c:\pondalex.exe15177p\N_\11541
c:\pondalex.exe15177p\N_\11622
c:\pondalex.exe15177p\N_\11626
c:\pondalex.exe15177p\N_\11832
c:\pondalex.exe15177p\N_\11908
c:\pondalex.exe15177p\N_\12092
c:\pondalex.exe15177p\N_\12104
c:\pondalex.exe15177p\N_\12398
c:\pondalex.exe15177p\N_\12488
c:\pondalex.exe15177p\N_\12900
c:\pondalex.exe15177p\N_\13142
c:\pondalex.exe15177p\N_\13273
c:\pondalex.exe15177p\N_\13390
c:\pondalex.exe15177p\N_\13431
c:\pondalex.exe15177p\N_\13546
c:\pondalex.exe15177p\N_\13555
c:\pondalex.exe15177p\N_\13700
c:\pondalex.exe15177p\N_\13829
c:\pondalex.exe15177p\N_\13837
c:\pondalex.exe15177p\N_\13954
c:\pondalex.exe15177p\N_\14052
c:\pondalex.exe15177p\N_\15262
c:\pondalex.exe15177p\N_\15274
c:\pondalex.exe15177p\N_\15430
c:\pondalex.exe15177p\N_\156
c:\pondalex.exe15177p\N_\15669
c:\pondalex.exe15177p\N_\1567
c:\pondalex.exe15177p\N_\15726
c:\pondalex.exe15177p\N_\1578
c:\pondalex.exe15177p\N_\15919
c:\pondalex.exe15177p\N_\16000
c:\pondalex.exe15177p\N_\16029
c:\pondalex.exe15177p\N_\16042
c:\pondalex.exe15177p\N_\16051
c:\pondalex.exe15177p\N_\16053
c:\pondalex.exe15177p\N_\16265
c:\pondalex.exe15177p\N_\16312
c:\pondalex.exe15177p\N_\16438
c:\pondalex.exe15177p\N_\16454
c:\pondalex.exe15177p\N_\166
c:\pondalex.exe15177p\N_\16806
c:\pondalex.exe15177p\N_\17145
c:\pondalex.exe15177p\N_\17159
c:\pondalex.exe15177p\N_\17332
c:\pondalex.exe15177p\N_\1747
c:\pondalex.exe15177p\N_\176
c:\pondalex.exe15177p\N_\1779
c:\pondalex.exe15177p\N_\17894
c:\pondalex.exe15177p\N_\17920
c:\pondalex.exe15177p\N_\18028
c:\pondalex.exe15177p\N_\183
c:\pondalex.exe15177p\N_\18303
c:\pondalex.exe15177p\N_\18436
c:\pondalex.exe15177p\N_\1851
c:\pondalex.exe15177p\N_\18596
c:\pondalex.exe15177p\N_\1878
c:\pondalex.exe15177p\N_\18922
c:\pondalex.exe15177p\N_\19075
c:\pondalex.exe15177p\N_\19088
c:\pondalex.exe15177p\N_\19406
c:\pondalex.exe15177p\N_\19440
c:\pondalex.exe15177p\N_\19478
c:\pondalex.exe15177p\N_\19584
c:\pondalex.exe15177p\N_\19954
c:\pondalex.exe15177p\N_\20140
c:\pondalex.exe15177p\N_\20175
c:\pondalex.exe15177p\N_\2024
c:\pondalex.exe15177p\N_\20258
c:\pondalex.exe15177p\N_\20333
c:\pondalex.exe15177p\N_\20350
c:\pondalex.exe15177p\N_\20481
c:\pondalex.exe15177p\N_\20535
c:\pondalex.exe15177p\N_\20554
c:\pondalex.exe15177p\N_\20791
c:\pondalex.exe15177p\N_\20945
c:\pondalex.exe15177p\N_\2114
c:\pondalex.exe15177p\N_\21850
c:\pondalex.exe15177p\N_\21893
c:\pondalex.exe15177p\N_\21965
c:\pondalex.exe15177p\N_\22036
c:\pondalex.exe15177p\N_\22099
c:\pondalex.exe15177p\N_\22348
c:\pondalex.exe15177p\N_\22531
c:\pondalex.exe15177p\N_\22919
c:\pondalex.exe15177p\N_\22953
c:\pondalex.exe15177p\N_\23040
c:\pondalex.exe15177p\N_\23260
c:\pondalex.exe15177p\N_\23281
c:\pondalex.exe15177p\N_\23372
c:\pondalex.exe15177p\N_\23407
c:\pondalex.exe15177p\N_\2341
c:\pondalex.exe15177p\N_\23702
c:\pondalex.exe15177p\N_\23782
c:\pondalex.exe15177p\N_\23907
c:\pondalex.exe15177p\N_\24237
c:\pondalex.exe15177p\N_\2550
c:\pondalex.exe15177p\N_\2592
c:\pondalex.exe15177p\N_\2599
c:\pondalex.exe15177p\N_\26003
c:\pondalex.exe15177p\N_\26594
c:\pondalex.exe15177p\N_\26711
c:\pondalex.exe15177p\N_\26723
c:\pondalex.exe15177p\N_\26727
c:\pondalex.exe15177p\N_\26758
c:\pondalex.exe15177p\N_\26841
c:\pondalex.exe15177p\N_\27067
c:\pondalex.exe15177p\N_\27505
c:\pondalex.exe15177p\N_\27620
c:\pondalex.exe15177p\N_\28212
c:\pondalex.exe15177p\N_\28347
c:\pondalex.exe15177p\N_\28612
c:\pondalex.exe15177p\N_\28643
c:\pondalex.exe15177p\N_\28907
c:\pondalex.exe15177p\N_\28917
c:\pondalex.exe15177p\N_\28967
c:\pondalex.exe15177p\N_\28995
c:\pondalex.exe15177p\N_\29440
c:\pondalex.exe15177p\N_\29582
c:\pondalex.exe15177p\N_\29922
c:\pondalex.exe15177p\N_\30286
c:\pondalex.exe15177p\N_\30499
c:\pondalex.exe15177p\N_\3052
c:\pondalex.exe15177p\N_\30714
c:\pondalex.exe15177p\N_\30760
c:\pondalex.exe15177p\N_\30836
c:\pondalex.exe15177p\N_\31038
c:\pondalex.exe15177p\N_\31170
c:\pondalex.exe15177p\N_\31191
c:\pondalex.exe15177p\N_\31423
c:\pondalex.exe15177p\N_\31527
c:\pondalex.exe15177p\N_\3162
c:\pondalex.exe15177p\N_\31878
c:\pondalex.exe15177p\N_\32066
c:\pondalex.exe15177p\N_\32142
c:\pondalex.exe15177p\N_\32523
c:\pondalex.exe15177p\N_\32608
c:\pondalex.exe15177p\N_\32633
c:\pondalex.exe15177p\N_\32734
c:\pondalex.exe15177p\N_\3347
c:\pondalex.exe15177p\N_\3472
c:\pondalex.exe15177p\N_\3485
c:\pondalex.exe15177p\N_\3607
c:\pondalex.exe15177p\N_\3733
c:\pondalex.exe15177p\N_\392
c:\pondalex.exe15177p\N_\3933
c:\pondalex.exe15177p\N_\3996
c:\pondalex.exe15177p\N_\4170
c:\pondalex.exe15177p\N_\4395
c:\pondalex.exe15177p\N_\4466
c:\pondalex.exe15177p\N_\4538
c:\pondalex.exe15177p\N_\4810
c:\pondalex.exe15177p\N_\4872
c:\pondalex.exe15177p\N_\4899
c:\pondalex.exe15177p\N_\5008
c:\pondalex.exe15177p\N_\5107
c:\pondalex.exe15177p\N_\5126
c:\pondalex.exe15177p\N_\5291
c:\pondalex.exe15177p\N_\5402
c:\pondalex.exe15177p\N_\5430
c:\pondalex.exe15177p\N_\5431
c:\pondalex.exe15177p\N_\5671
c:\pondalex.exe15177p\N_\5722
c:\pondalex.exe15177p\N_\5754
c:\pondalex.exe15177p\N_\5867
c:\pondalex.exe15177p\N_\5942
c:\pondalex.exe15177p\N_\5968
c:\pondalex.exe15177p\N_\5985
c:\pondalex.exe15177p\N_\6224
c:\pondalex.exe15177p\N_\6691
c:\pondalex.exe15177p\N_\6919
c:\pondalex.exe15177p\N_\7012
c:\pondalex.exe15177p\N_\7145
c:\pondalex.exe15177p\N_\7198
c:\pondalex.exe15177p\N_\7262
c:\pondalex.exe15177p\N_\7369
c:\pondalex.exe15177p\N_\7686
c:\pondalex.exe15177p\N_\8072
c:\pondalex.exe15177p\N_\8224
c:\pondalex.exe15177p\N_\8413
c:\pondalex.exe15177p\N_\8708
c:\pondalex.exe15177p\N_\9000
c:\pondalex.exe15177p\N_\9091
c:\pondalex.exe15177p\N_\924
c:\pondalex.exe15177p\N_\9300
c:\pondalex.exe15177p\N_\9356
c:\pondalex.exe15177p\N_\9451
c:\pondalex.exe15177p\N_\9469
c:\pondalex.exe15177p\N_\9656
c:\pondalex.exe15177p\N_\9718
c:\pondalex.exe15177p\N_\9743
c:\pondalex.exe15177p\N_\9840
c:\pondalex.exe15177p\N_\987
c:\pondalex.exe15177p\N_\9950
c:\pondalex.exe15177p\N_\cfdummy00
c:\pondalex.exe15177p\N_\CmdLine00
c:\pondalex.exe15177p\ncmd.com
c:\pondalex.exe15177p\ND_.bat
c:\pondalex.exe15177p\ND_64.bat
c:\pondalex.exe15177p\ndis_combofix.dat
c:\pondalex.exe15177p\NetHood.folder.dat
c:\pondalex.exe15177p\netsvc.bad.dat
c:\pondalex.exe15177p\netsvc.dat
c:\pondalex.exe15177p\NetworkService.dat
c:\pondalex.exe15177p\NirCmd.3XE
c:\pondalex.exe15177p\NircmdB.exe
c:\pondalex.exe15177p\NirCmdC.3XE
c:\pondalex.exe15177p\NIRKMD.3XE
c:\pondalex.exe15177p\NlsLanguageDefault
c:\pondalex.exe15177p\notifykeys.dat
c:\pondalex.exe15177p\notifykeysB.dat
c:\pondalex.exe15177p\NT-OS.cmd
c:\pondalex.exe15177p\NULL
c:\pondalex.exe15177p\OsId.txt
c:\pondalex.exe15177p\OSid.vbs
c:\pondalex.exe15177p\pausep.3XE
c:\pondalex.exe15177p\pend.txt
c:\pondalex.exe15177p\personal.folder.dat
c:\pondalex.exe15177p\pev.3XE
c:\pondalex.exe15177p\PEV.exe
c:\pondalex.exe15177p\pevb.3XE
c:\pondalex.exe15177p\Pictures.folder.dat
c:\pondalex.exe15177p\PING.3XE
c:\pondalex.exe15177p\Policies.dat
c:\pondalex.exe15177p\Pondalex.user.cf
c:\pondalex.exe15177p\powp.dat
c:\pondalex.exe15177p\PreDIR
c:\pondalex.exe15177p\Prep.inf
c:\pondalex.exe15177p\PrintHood.folder.dat
c:\pondalex.exe15177p\Profiles.Folder.dat
c:\pondalex.exe15177p\Profiles.Folder.folder.dat
c:\pondalex.exe15177p\progfile.dat
c:\pondalex.exe15177p\programs.folder.dat
c:\pondalex.exe15177p\Purity.dat
c:\pondalex.exe15177p\PV.3XE
c:\pondalex.exe15177p\pv.com
c:\pondalex.exe15177p\rar_sfx.cmd
c:\pondalex.exe15177p\RBoot.dat
c:\pondalex.exe15177p\RCLink.dat
c:\pondalex.exe15177p\RcVer00
c:\pondalex.exe15177p\Recent.folder.dat
c:\pondalex.exe15177p\REGDACL.sed
c:\pondalex.exe15177p\RegDo.sed
c:\pondalex.exe15177p\region.dat
c:\pondalex.exe15177p\RegScan.cmd
c:\pondalex.exe15177p\RegScan64.cmd
c:\pondalex.exe15177p\REGT.3XE
c:\pondalex.exe15177p\Resident.txt
c:\pondalex.exe15177p\restore_pt.dat
c:\pondalex.exe15177p\restore_pt.vbs
c:\pondalex.exe15177p\RkDetectA_HDCntrl.dat
c:\pondalex.exe15177p\Rkey.cmd
c:\pondalex.exe15177p\rmbr.3XE
c:\pondalex.exe15177p\rogues.dat
c:\pondalex.exe15177p\ROUTE.3XE
c:\pondalex.exe15177p\run.sed
c:\pondalex.exe15177p\run2.sed
c:\pondalex.exe15177p\Rust.str
c:\pondalex.exe15177p\s0rt.3XE
c:\pondalex.exe15177p\safeboot.dat
c:\pondalex.exe15177p\safeboot.def.dat
c:\pondalex.exe15177p\sed.3XE
c:\pondalex.exe15177p\SendTo.folder.dat
c:\pondalex.exe15177p\SetEnvmt.bat
c:\pondalex.exe15177p\setpath.3XE
c:\pondalex.exe15177p\SetPath.bat
c:\pondalex.exe15177p\setpath_N.cmd
c:\pondalex.exe15177p\SF.exe
c:\pondalex.exe15177p\sfx.cmd
c:\pondalex.exe15177p\SnapShot.cmd
c:\pondalex.exe15177p\SRestore.cmd
c:\pondalex.exe15177p\srizbi.md5
c:\pondalex.exe15177p\Start_dat
c:\pondalex.exe15177p\startmenu.folder.dat
c:\pondalex.exe15177p\startup.folder.dat
c:\pondalex.exe15177p\SuppScan.cmd
c:\pondalex.exe15177p\svc_wht.dat
c:\pondalex.exe15177p\SvcDrv.vbs
c:\pondalex.exe15177p\svchost.dat
c:\pondalex.exe15177p\swreg.3XE
c:\pondalex.exe15177p\swsc.3XE
c:\pondalex.exe15177p\swxcacls.3XE
c:\pondalex.exe15177p\SysPath.dat
c:\pondalex.exe15177p\system_ini.dat
c:\pondalex.exe15177p\tail.3XE
c:\pondalex.exe15177p\Temp.dat
c:\pondalex.exe15177p\templates.folder.dat
c:\pondalex.exe15177p\toolbar.sed
c:\pondalex.exe15177p\unhand.dat
c:\pondalex.exe15177p\Update-CF.cmd
c:\pondalex.exe15177p\v_wht.dat
c:\pondalex.exe15177p\VerCF.bat
c:\pondalex.exe15177p\VikPev00
c:\pondalex.exe15177p\Vikpev01
c:\pondalex.exe15177p\VInfo
c:\pondalex.exe15177p\VInfo2
c:\pondalex.exe15177p\VINFO3
c:\pondalex.exe15177p\Vipev.dat
c:\pondalex.exe15177p\ViPev00
c:\pondalex.exe15177p\ViPev01
c:\pondalex.exe15177p\Vista.krl
c:\pondalex.exe15177p\Vista.mac
c:\pondalex.exe15177p\vistaMcode.dat
c:\pondalex.exe15177p\vistareg.dat
c:\pondalex.exe15177p\vRun_DLL
c:\pondalex.exe15177p\vun.dat
c:\pondalex.exe15177p\vundonames.dat
c:\pondalex.exe15177p\VwinTemp.dacl
c:\pondalex.exe15177p\w_sock.dll
c:\pondalex.exe15177p\w7Mcode.dat
c:\pondalex.exe15177p\whiteAll.dat
c:\pondalex.exe15177p\whitedir.dat
c:\pondalex.exe15177p\whitedirCreated.dat
c:\pondalex.exe15177p\Wmi_rem.vbs
c:\pondalex.exe15177p\xpmcode.dat
c:\pondalex.exe15177p\XPSBoot.reg
c:\pondalex.exe15177p\zDomain.dat
c:\pondalex.exe15177p\zhsvc.dat
c:\pondalex.exe15177p\zip.3XE
c:\pondalex.exe15177p\Zlob01
C:\pondalex.exe20417p
c:\pondalex.exe20417p\023.dat
c:\pondalex.exe20417p\023v.dat
c:\pondalex.exe20417p\appdata.folder.dat
c:\pondalex.exe20417p\appinit.bad
c:\pondalex.exe20417p\asp.str
c:\pondalex.exe20417p\Assoc.cmd
c:\pondalex.exe20417p\attr.dat
c:\pondalex.exe20417p\ATTRIB.3XE
c:\pondalex.exe20417p\autorun_inf.dat
c:\pondalex.exe20417p\autorun_infB.dat
c:\pondalex.exe20417p\av.cmd
c:\pondalex.exe20417p\av.vbs
c:\pondalex.exe20417p\AWF.cmd
c:\pondalex.exe20417p\badclsid
c:\pondalex.exe20417p\BFE.dat
c:\pondalex.exe20417p\Boot-Rk.cmd
c:\pondalex.exe20417p\Boot.bat
c:\pondalex.exe20417p\BootDrv.vbs
c:\pondalex.exe20417p\borlander_file.dat
c:\pondalex.exe20417p\borlander_folder.dat
c:\pondalex.exe20417p\c.bat
c:\pondalex.exe20417p\cache.folder.dat
c:\pondalex.exe20417p\Catch-sub.cmd
c:\pondalex.exe20417p\catchme.3XE
c:\pondalex.exe20417p\Catchme.tmp
c:\pondalex.exe20417p\CCS.bat
c:\pondalex.exe20417p\CF-Script.cmd
c:\pondalex.exe20417p\CF11370.3XE
c:\pondalex.exe20417p\Cfiles.dat
c:\pondalex.exe20417p\Cfolders.dat
c:\pondalex.exe20417p\CHCP.bat
c:\pondalex.exe20417p\ClistB.dat
c:\pondalex.exe20417p\clsid.c
c:\pondalex.exe20417p\clsid.dat
c:\pondalex.exe20417p\Combobatch.bat
c:\pondalex.exe20417p\ComboFix-Download.3XE
c:\pondalex.exe20417p\ConEnv.sed
c:\pondalex.exe20417p\Cookies.folder.dat
c:\pondalex.exe20417p\Create.cmd
c:\pondalex.exe20417p\Creg.dat
c:\pondalex.exe20417p\CregC.cmd
c:\pondalex.exe20417p\CregC.dat
c:\pondalex.exe20417p\CregC_.dat
c:\pondalex.exe20417p\CSCRIPT.3XE
c:\pondalex.exe20417p\d-del_A.dat
c:\pondalex.exe20417p\d-delA.dat
c:\pondalex.exe20417p\dd.3XE
c:\pondalex.exe20417p\ddsDo.sed
c:\pondalex.exe20417p\DelClsid.bat
c:\pondalex.exe20417p\DelClsid64.bat
c:\pondalex.exe20417p\desktop.folder.dat
c:\pondalex.exe20417p\DisclaimED.dat
c:\pondalex.exe20417p\dll_whitelist.dat
c:\pondalex.exe20417p\dnd.dat
c:\pondalex.exe20417p\DPF.str
c:\pondalex.exe20417p\Drive.folder.dat
c:\pondalex.exe20417p\DriveFile.dat
c:\pondalex.exe20417p\Drives.dat
c:\pondalex.exe20417p\DrvRun.vbs
c:\pondalex.exe20417p\dumphive.3XE
c:\pondalex.exe20417p\embedded.sed
c:\pondalex.exe20417p\en-US\ATTRIB.3XE.mui
c:\pondalex.exe20417p\en-US\CF11370.3XE.mui
c:\pondalex.exe20417p\en-US\cmd.3XE.mui
c:\pondalex.exe20417p\en-US\CSCRIPT.3XE.mui
c:\pondalex.exe20417p\en-US\iexplore.exe
c:\pondalex.exe20417p\en-US\PING.3XE.mui
c:\pondalex.exe20417p\en-US\REGT.3XE.mui
c:\pondalex.exe20417p\en-US\ROUTE.3XE.mui
c:\pondalex.exe20417p\Env.sed
c:\pondalex.exe20417p\ERDNT.e_e
c:\pondalex.exe20417p\ERDNTDOS.LOC
c:\pondalex.exe20417p\ERDNTWIN.LOC
c:\pondalex.exe20417p\ERUNT.3XE
c:\pondalex.exe20417p\erunt.dat
c:\pondalex.exe20417p\ERUNT.LOC
c:\pondalex.exe20417p\Exe.reg
c:\pondalex.exe20417p\extract.3XE
c:\pondalex.exe20417p\f_system
c:\pondalex.exe20417p\favorites.folder.dat
c:\pondalex.exe20417p\FD-SV.cmd
c:\pondalex.exe20417p\FdsvOK
c:\pondalex.exe20417p\ffdefstr.dll
c:\pondalex.exe20417p\FileKill.3XE
c:\pondalex.exe20417p\files.pif
c:\pondalex.exe20417p\Fin.dat
c:\pondalex.exe20417p\FIND3M.bat
c:\pondalex.exe20417p\FIXLSP.bat
c:\pondalex.exe20417p\FKMGen.cmd
c:\pondalex.exe20417p\ForeignWht
c:\pondalex.exe20417p\GetHive.cmd
c:\pondalex.exe20417p\GOLDUN.DAT
c:\pondalex.exe20417p\grep.3XE
c:\pondalex.exe20417p\gsar.3XE
c:\pondalex.exe20417p\handle.3XE
c:\pondalex.exe20417p\hidec.3XE
c:\pondalex.exe20417p\history.bat
c:\pondalex.exe20417p\History.folder.dat
c:\pondalex.exe20417p\iexplore.exe
c:\pondalex.exe20417p\image001.gif
c:\pondalex.exe20417p\Imefile.dat
c:\pondalex.exe20417p\katch.cmd
c:\pondalex.exe20417p\Kill-All.cmd
c:\pondalex.exe20417p\kmd.dat
c:\pondalex.exe20417p\Lang.bat
c:\pondalex.exe20417p\List-B.bat
c:\pondalex.exe20417p\List-C.bat
c:\pondalex.exe20417p\lnkread.vbs
c:\pondalex.exe20417p\localappdata.folder.dat
c:\pondalex.exe20417p\LocalService.dat
c:\pondalex.exe20417p\LocalServiceNetworkRestricted.dat
c:\pondalex.exe20417p\LocalSettings.folder.dat
c:\pondalex.exe20417p\LocalSystemNetworkRestricted.dat
c:\pondalex.exe20417p\max_.dat
c:\pondalex.exe20417p\max_drivertocheck
c:\pondalex.exe20417p\mbr.3XE
c:\pondalex.exe20417p\mbr.chk
c:\pondalex.exe20417p\md5sum.pif
c:\pondalex.exe20417p\MoveIt.bat
c:\pondalex.exe20417p\mtee.3XE
c:\pondalex.exe20417p\MUI
c:\pondalex.exe20417p\Music.folder.dat
c:\pondalex.exe20417p\MWindows.dat
c:\pondalex.exe20417p\mynul.dat
c:\pondalex.exe20417p\mypictures.folder.dat
c:\pondalex.exe20417p\N_\10025
c:\pondalex.exe20417p\N_\10056
c:\pondalex.exe20417p\N_\1006
c:\pondalex.exe20417p\N_\10093
c:\pondalex.exe20417p\N_\10234
c:\pondalex.exe20417p\N_\10325
c:\pondalex.exe20417p\N_\10647
c:\pondalex.exe20417p\N_\10667
c:\pondalex.exe20417p\N_\1069
c:\pondalex.exe20417p\N_\10744
c:\pondalex.exe20417p\N_\10801
c:\pondalex.exe20417p\N_\10818
c:\pondalex.exe20417p\N_\10848
c:\pondalex.exe20417p\N_\10921
c:\pondalex.exe20417p\N_\10942
c:\pondalex.exe20417p\N_\1098
c:\pondalex.exe20417p\N_\11282
c:\pondalex.exe20417p\N_\11379
c:\pondalex.exe20417p\N_\11406
c:\pondalex.exe20417p\N_\11429
c:\pondalex.exe20417p\N_\1157
c:\pondalex.exe20417p\N_\1165
c:\pondalex.exe20417p\N_\11846
c:\pondalex.exe20417p\N_\11851
c:\pondalex.exe20417p\N_\1193
c:\pondalex.exe20417p\N_\12002
c:\pondalex.exe20417p\N_\12004
c:\pondalex.exe20417p\N_\1209
c:\pondalex.exe20417p\N_\1221
c:\pondalex.exe20417p\N_\12212
c:\pondalex.exe20417p\N_\12391
c:\pondalex.exe20417p\N_\1242
c:\pondalex.exe20417p\N_\12468
c:\pondalex.exe20417p\N_\12470
c:\pondalex.exe20417p\N_\1250
c:\pondalex.exe20417p\N_\126
c:\pondalex.exe20417p\N_\12837
c:\pondalex.exe20417p\N_\12929
c:\pondalex.exe20417p\N_\13001
c:\pondalex.exe20417p\N_\13007
c:\pondalex.exe20417p\N_\13163
c:\pondalex.exe20417p\N_\13184
c:\pondalex.exe20417p\N_\13201
c:\pondalex.exe20417p\N_\13213
c:\pondalex.exe20417p\N_\13324
c:\pondalex.exe20417p\N_\13428
c:\pondalex.exe20417p\N_\13450
c:\pondalex.exe20417p\N_\1375
c:\pondalex.exe20417p\N_\13790
c:\pondalex.exe20417p\N_\13965
c:\pondalex.exe20417p\N_\14001
c:\pondalex.exe20417p\N_\14105
c:\pondalex.exe20417p\N_\14130
c:\pondalex.exe20417p\N_\14190
c:\pondalex.exe20417p\N_\14423
c:\pondalex.exe20417p\N_\14498
c:\pondalex.exe20417p\N_\14524
c:\pondalex.exe20417p\N_\14662
c:\pondalex.exe20417p\N_\14681
c:\pondalex.exe20417p\N_\14714
c:\pondalex.exe20417p\N_\1475
c:\pondalex.exe20417p\N_\14753
c:\pondalex.exe20417p\N_\14765
c:\pondalex.exe20417p\N_\14883
c:\pondalex.exe20417p\N_\14934
c:\pondalex.exe20417p\N_\14996
c:\pondalex.exe20417p\N_\15025
c:\pondalex.exe20417p\N_\15069
c:\pondalex.exe20417p\N_\15277
c:\pondalex.exe20417p\N_\15341
c:\pondalex.exe20417p\N_\15357
c:\pondalex.exe20417p\N_\15371
c:\pondalex.exe20417p\N_\15385
c:\pondalex.exe20417p\N_\15518
c:\pondalex.exe20417p\N_\15626
c:\pondalex.exe20417p\N_\15771
c:\pondalex.exe20417p\N_\15893
c:\pondalex.exe20417p\N_\159
c:\pondalex.exe20417p\N_\15940
c:\pondalex.exe20417p\N_\16043
c:\pondalex.exe20417p\N_\16088
c:\pondalex.exe20417p\N_\16094
c:\pondalex.exe20417p\N_\16132
c:\pondalex.exe20417p\N_\16278
c:\pondalex.exe20417p\N_\1631
c:\pondalex.exe20417p\N_\16576
c:\pondalex.exe20417p\N_\16664
c:\pondalex.exe20417p\N_\16693
c:\pondalex.exe20417p\N_\16695
c:\pondalex.exe20417p\N_\16775
c:\pondalex.exe20417p\N_\16776
c:\pondalex.exe20417p\N_\16780
c:\pondalex.exe20417p\N_\16952
c:\pondalex.exe20417p\N_\16980
c:\pondalex.exe20417p\N_\17078
c:\pondalex.exe20417p\N_\17294
c:\pondalex.exe20417p\N_\17298
c:\pondalex.exe20417p\N_\17326
c:\pondalex.exe20417p\N_\17389
c:\pondalex.exe20417p\N_\17539
c:\pondalex.exe20417p\N_\17547
c:\pondalex.exe20417p\N_\17626
c:\pondalex.exe20417p\N_\17799
c:\pondalex.exe20417p\N_\17821
c:\pondalex.exe20417p\N_\17899
c:\pondalex.exe20417p\N_\18154
c:\pondalex.exe20417p\N_\18181
c:\pondalex.exe20417p\N_\18204
c:\pondalex.exe20417p\N_\18374
c:\pondalex.exe20417p\N_\1842
c:\pondalex.exe20417p\N_\18456
c:\pondalex.exe20417p\N_\18460
c:\pondalex.exe20417p\N_\18475
c:\pondalex.exe20417p\N_\18502
c:\pondalex.exe20417p\N_\18525
c:\pondalex.exe20417p\N_\18619
c:\pondalex.exe20417p\N_\18737
c:\pondalex.exe20417p\N_\1876
c:\pondalex.exe20417p\N_\18844
c:\pondalex.exe20417p\N_\18880
c:\pondalex.exe20417p\N_\18957
c:\pondalex.exe20417p\N_\19250
c:\pondalex.exe20417p\N_\19307
c:\pondalex.exe20417p\N_\19366
c:\pondalex.exe20417p\N_\19376
c:\pondalex.exe20417p\N_\19437
c:\pondalex.exe20417p\N_\1947
c:\pondalex.exe20417p\N_\19480
c:\pondalex.exe20417p\N_\19491
c:\pondalex.exe20417p\N_\19561
c:\pondalex.exe20417p\N_\19594
c:\pondalex.exe20417p\N_\19771
c:\pondalex.exe20417p\N_\19910
c:\pondalex.exe20417p\N_\20042
c:\pondalex.exe20417p\N_\20116
c:\pondalex.exe20417p\N_\20171
c:\pondalex.exe20417p\N_\20212
c:\pondalex.exe20417p\N_\20310
c:\pondalex.exe20417p\N_\20434
c:\pondalex.exe20417p\N_\20905
c:\pondalex.exe20417p\N_\20909
c:\pondalex.exe20417p\N_\21167
c:\pondalex.exe20417p\N_\21326
c:\pondalex.exe20417p\N_\2136
c:\pondalex.exe20417p\N_\21416
c:\pondalex.exe20417p\N_\21447
c:\pondalex.exe20417p\N_\21566
c:\pondalex.exe20417p\N_\21751
c:\pondalex.exe20417p\N_\21762
c:\pondalex.exe20417p\N_\21883
c:\pondalex.exe20417p\N_\22120
c:\pondalex.exe20417p\N_\22157
c:\pondalex.exe20417p\N_\22198
c:\pondalex.exe20417p\N_\22201
c:\pondalex.exe20417p\N_\22369
c:\pondalex.exe20417p\N_\22379
c:\pondalex.exe20417p\N_\22397
c:\pondalex.exe20417p\N_\22524
c:\pondalex.exe20417p\N_\22630
c:\pondalex.exe20417p\N_\22665
c:\pondalex.exe20417p\N_\22707
c:\pondalex.exe20417p\N_\22764
c:\pondalex.exe20417p\N_\22862
c:\pondalex.exe20417p\N_\22877
c:\pondalex.exe20417p\N_\22898
c:\pondalex.exe20417p\N_\2293
c:\pondalex.exe20417p\N_\23036
c:\pondalex.exe20417p\N_\2320
c:\pondalex.exe20417p\N_\23358
c:\pondalex.exe20417p\N_\23391
c:\pondalex.exe20417p\N_\23406
c:\pondalex.exe20417p\N_\23466
c:\pondalex.exe20417p\N_\23660
c:\pondalex.exe20417p\N_\23791
c:\pondalex.exe20417p\N_\23819
c:\pondalex.exe20417p\N_\23957
c:\pondalex.exe20417p\N_\24105
c:\pondalex.exe20417p\N_\2429
c:\pondalex.exe20417p\N_\24371
c:\pondalex.exe20417p\N_\2445
c:\pondalex.exe20417p\N_\24494
c:\pondalex.exe20417p\N_\24559
c:\pondalex.exe20417p\N_\24641
c:\pondalex.exe20417p\N_\24731
c:\pondalex.exe20417p\N_\24807
c:\pondalex.exe20417p\N_\24895
c:\pondalex.exe20417p\N_\24964
c:\pondalex.exe20417p\N_\25128
c:\pondalex.exe20417p\N_\25188
c:\pondalex.exe20417p\N_\25192
c:\pondalex.exe20417p\N_\25195
c:\pondalex.exe20417p\N_\25265
c:\pondalex.exe20417p\N_\25347
c:\pondalex.exe20417p\N_\25438
c:\pondalex.exe20417p\N_\25622
c:\pondalex.exe20417p\N_\25644
c:\pondalex.exe20417p\N_\25972
c:\pondalex.exe20417p\N_\26045
c:\pondalex.exe20417p\N_\26050
c:\pondalex.exe20417p\N_\26133
c:\pondalex.exe20417p\N_\26194
c:\pondalex.exe20417p\N_\26247
c:\pondalex.exe20417p\N_\26501
c:\pondalex.exe20417p\N_\26558
c:\pondalex.exe20417p\N_\26606
c:\pondalex.exe20417p\N_\26749
c:\pondalex.exe20417p\N_\26810
c:\pondalex.exe20417p\N_\26914
c:\pondalex.exe20417p\N_\26999
c:\pondalex.exe20417p\N_\27107
c:\pondalex.exe20417p\N_\27169
c:\pondalex.exe20417p\N_\27187
c:\pondalex.exe20417p\N_\27260
c:\pondalex.exe20417p\N_\27284
c:\pondalex.exe20417p\N_\27294
c:\pondalex.exe20417p\N_\27329
c:\pondalex.exe20417p\N_\27370
c:\pondalex.exe20417p\N_\27435
c:\pondalex.exe20417p\N_\27492
c:\pondalex.exe20417p\N_\27781
c:\pondalex.exe20417p\N_\27806
c:\pondalex.exe20417p\N_\27807
c:\pondalex.exe20417p\N_\27890
c:\pondalex.exe20417p\N_\2794
c:\pondalex.exe20417p\N_\28081
c:\pondalex.exe20417p\N_\28106
c:\pondalex.exe20417p\N_\28216
c:\pondalex.exe20417p\N_\28385
c:\pondalex.exe20417p\N_\28491
c:\pondalex.exe20417p\N_\28578
c:\pondalex.exe20417p\N_\28592
c:\pondalex.exe20417p\N_\28681
c:\pondalex.exe20417p\N_\28748
c:\pondalex.exe20417p\N_\2890
c:\pondalex.exe20417p\N_\28914
c:\pondalex.exe20417p\N_\28941
c:\pondalex.exe20417p\N_\28945
c:\pondalex.exe20417p\N_\29032
c:\pondalex.exe20417p\N_\29095
c:\pondalex.exe20417p\N_\29157
c:\pondalex.exe20417p\N_\29364
c:\pondalex.exe20417p\N_\29383
c:\pondalex.exe20417p\N_\29412
c:\pondalex.exe20417p\N_\29490
c:\pondalex.exe20417p\N_\29536
c:\pondalex.exe20417p\N_\29618
c:\pondalex.exe20417p\N_\29753
c:\pondalex.exe20417p\N_\29841
c:\pondalex.exe20417p\N_\29911
c:\pondalex.exe20417p\N_\29964
c:\pondalex.exe20417p\N_\30061
c:\pondalex.exe20417p\N_\30115
c:\pondalex.exe20417p\N_\30230
c:\pondalex.exe20417p\N_\30421
c:\pondalex.exe20417p\N_\30566
c:\pondalex.exe20417p\N_\30671
c:\pondalex.exe20417p\N_\30674
c:\pondalex.exe20417p\N_\30808
c:\pondalex.exe20417p\N_\31126
c:\pondalex.exe20417p\N_\31130
c:\pondalex.exe20417p\N_\31132
c:\pondalex.exe20417p\N_\31196
c:\pondalex.exe20417p\N_\31449
c:\pondalex.exe20417p\N_\31574
c:\pondalex.exe20417p\N_\31578
c:\pondalex.exe20417p\N_\31699
c:\pondalex.exe20417p\N_\31703
c:\pondalex.exe20417p\N_\31727
c:\pondalex.exe20417p\N_\31923
c:\pondalex.exe20417p\N_\32170
c:\pondalex.exe20417p\N_\32182
c:\pondalex.exe20417p\N_\3220
c:\pondalex.exe20417p\N_\3243
c:\pondalex.exe20417p\N_\32463
c:\pondalex.exe20417p\N_\32502
c:\pondalex.exe20417p\N_\32571
c:\pondalex.exe20417p\N_\3263
c:\pondalex.exe20417p\N_\32632
c:\pondalex.exe20417p\N_\3270
c:\pondalex.exe20417p\N_\32732
c:\pondalex.exe20417p\N_\329
c:\pondalex.exe20417p\N_\3296
c:\pondalex.exe20417p\N_\3298
c:\pondalex.exe20417p\N_\3329
c:\pondalex.exe20417p\N_\341
c:\pondalex.exe20417p\N_\3449
c:\pondalex.exe20417p\N_\3502
c:\pondalex.exe20417p\N_\3570
c:\pondalex.exe20417p\N_\3767
c:\pondalex.exe20417p\N_\3928
c:\pondalex.exe20417p\N_\4000
c:\pondalex.exe20417p\N_\4058
c:\pondalex.exe20417p\N_\4098
c:\pondalex.exe20417p\N_\4136
c:\pondalex.exe20417p\N_\44
c:\pondalex.exe20417p\N_\4437
c:\pondalex.exe20417p\N_\4580
c:\pondalex.exe20417p\N_\4708
c:\pondalex.exe20417p\N_\4766
c:\pondalex.exe20417p\N_\4823
c:\pondalex.exe20417p\N_\4840
c:\pondalex.exe20417p\N_\4896
c:\pondalex.exe20417p\N_\5009
c:\pondalex.exe20417p\N_\5047
c:\pondalex.exe20417p\N_\5089
c:\pondalex.exe20417p\N_\5333
c:\pondalex.exe20417p\N_\5580
c:\pondalex.exe20417p\N_\5774
c:\pondalex.exe20417p\N_\5926
c:\pondalex.exe20417p\N_\6250
c:\pondalex.exe20417p\N_\6268
c:\pondalex.exe20417p\N_\6382
c:\pondalex.exe20417p\N_\643
c:\pondalex.exe20417p\N_\6646
c:\pondalex.exe20417p\N_\6729
c:\pondalex.exe20417p\N_\6817
c:\pondalex.exe20417p\N_\6821
c:\pondalex.exe20417p\N_\6844
c:\pondalex.exe20417p\N_\6869
c:\pondalex.exe20417p\N_\6900
c:\pondalex.exe20417p\N_\6956
c:\pondalex.exe20417p\N_\7153
c:\pondalex.exe20417p\N_\7168
c:\pondalex.exe20417p\N_\7202
c:\pondalex.exe20417p\N_\7214
c:\pondalex.exe20417p\N_\7370
c:\pondalex.exe20417p\N_\7532
c:\pondalex.exe20417p\N_\7663
c:\pondalex.exe20417p\N_\7667
c:\pondalex.exe20417p\N_\7801
c:\pondalex.exe20417p\N_\7986
c:\pondalex.exe20417p\N_\8000
c:\pondalex.exe20417p\N_\8045
c:\pondalex.exe20417p\N_\8090
c:\pondalex.exe20417p\N_\8120
c:\pondalex.exe20417p\N_\8171
c:\pondalex.exe20417p\N_\8200
c:\pondalex.exe20417p\N_\8265
c:\pondalex.exe20417p\N_\8308
c:\pondalex.exe20417p\N_\8376
c:\pondalex.exe20417p\N_\8378
c:\pondalex.exe20417p\N_\8612
c:\pondalex.exe20417p\N_\8679
c:\pondalex.exe20417p\N_\8832
c:\pondalex.exe20417p\N_\8853
c:\pondalex.exe20417p\N_\8956
c:\pondalex.exe20417p\N_\897
c:\pondalex.exe20417p\N_\9100
c:\pondalex.exe20417p\N_\9129
c:\pondalex.exe20417p\N_\9274
c:\pondalex.exe20417p\N_\9280
c:\pondalex.exe20417p\N_\9385
c:\pondalex.exe20417p\N_\9496
c:\pondalex.exe20417p\N_\9570
c:\pondalex.exe20417p\N_\9635
c:\pondalex.exe20417p\N_\964
c:\pondalex.exe20417p\N_\9640
c:\pondalex.exe20417p\N_\9739
c:\pondalex.exe20417p\N_\9784
c:\pondalex.exe20417p\N_\9798
c:\pondalex.exe20417p\N_\9819
c:\pondalex.exe20417p\N_\99
c:\pondalex.exe20417p\N_\9915
c:\pondalex.exe20417p\N_\9917
c:\pondalex.exe20417p\N_\cfdummy00
c:\pondalex.exe20417p\N_\CmdLine00
c:\pondalex.exe20417p\ncmd.com
c:\pondalex.exe20417p\ND_.bat
c:\pondalex.exe20417p\ND_64.bat
c:\pondalex.exe20417p\ndis_combofix.dat
c:\pondalex.exe20417p\NetHood.folder.dat
c:\pondalex.exe20417p\netsvc.bad.dat
c:\pondalex.exe20417p\netsvc.dat
c:\pondalex.exe20417p\NetworkService.dat
c:\pondalex.exe20417p\NirCmd.3XE
c:\pondalex.exe20417p\NircmdB.exe
c:\pondalex.exe20417p\NirCmdC.3XE
c:\pondalex.exe20417p\NIRKMD.3XE
c:\pondalex.exe20417p\NlsLanguageDefault
c:\pondalex.exe20417p\notifykeys.dat
c:\pondalex.exe20417p\notifykeysB.dat
c:\pondalex.exe20417p\NT-OS.cmd
c:\pondalex.exe20417p\NULL
c:\pondalex.exe20417p\OsId.txt
c:\pondalex.exe20417p\OSid.vbs
c:\pondalex.exe20417p\pausep.3XE
c:\pondalex.exe20417p\pend.txt
c:\pondalex.exe20417p\personal.folder.dat
c:\pondalex.exe20417p\pev.3XE
c:\pondalex.exe20417p\PEV.exe
c:\pondalex.exe20417p\pevb.3XE
c:\pondalex.exe20417p\Pictures.folder.dat
c:\pondalex.exe20417p\PING.3XE
c:\pondalex.exe20417p\Policies.dat
c:\pondalex.exe20417p\Pondalex.user.cf
c:\pondalex.exe20417p\powp.dat
c:\pondalex.exe20417p\PreDIR
c:\pondalex.exe20417p\Prep.inf
c:\pondalex.exe20417p\PrintHood.folder.dat
c:\pondalex.exe20417p\Profiles.Folder.dat
c:\pondalex.exe20417p\Profiles.Folder.folder.dat
c:\pondalex.exe20417p\progfile.dat
c:\pondalex.exe20417p\programs.folder.dat
c:\pondalex.exe20417p\Purity.dat
c:\pondalex.exe20417p\PV.3XE
c:\pondalex.exe20417p\pv.com
c:\pondalex.exe20417p\rar_sfx.cmd
c:\pondalex.exe20417p\RBoot.dat
c:\pondalex.exe20417p\RCLink.dat
c:\pondalex.exe20417p\RcVer00
c:\pondalex.exe20417p\Recent.folder.dat
c:\pondalex.exe20417p\REGDACL.sed
c:\pondalex.exe20417p\RegDo.sed
c:\pondalex.exe20417p\region.dat
c:\pondalex.exe20417p\RegScan.cmd
c:\pondalex.exe20417p\RegScan64.cmd
c:\pondalex.exe20417p\REGT.3XE
c:\pondalex.exe20417p\Resident.txt
c:\pondalex.exe20417p\restore_pt.dat
c:\pondalex.exe20417p\restore_pt.vbs
c:\pondalex.exe20417p\RkDetectA_HDCntrl.dat
c:\pondalex.exe20417p\Rkey.cmd
c:\pondalex.exe20417p\rmbr.3XE
c:\pondalex.exe20417p\rogues.dat
c:\pondalex.exe20417p\ROUTE.3XE
c:\pondalex.exe20417p\run.sed
c:\pondalex.exe20417p\run2.sed
c:\pondalex.exe20417p\Rust.str
c:\pondalex.exe20417p\s0rt.3XE
c:\pondalex.exe20417p\safeboot.dat
c:\pondalex.exe20417p\safeboot.def.dat
c:\pondalex.exe20417p\sed.3XE
c:\pondalex.exe20417p\SendTo.folder.dat
c:\pondalex.exe20417p\SetEnvmt.bat
c:\pondalex.exe20417p\setpath.3XE
c:\pondalex.exe20417p\SetPath.bat
c:\pondalex.exe20417p\setpath_N.cmd
c:\pondalex.exe20417p\SF.exe
c:\pondalex.exe20417p\sfx.cmd
c:\pondalex.exe20417p\SnapShot.cmd
c:\pondalex.exe20417p\SRestore.cmd
c:\pondalex.exe20417p\srizbi.md5
c:\pondalex.exe20417p\Start_dat
c:\pondalex.exe20417p\startmenu.folder.dat
c:\pondalex.exe20417p\startup.folder.dat
c:\pondalex.exe20417p\SuppScan.cmd
c:\pondalex.exe20417p\svc_wht.dat
c:\pondalex.exe20417p\SvcDrv.vbs
c:\pondalex.exe20417p\svchost.dat
c:\pondalex.exe20417p\swreg.3XE
c:\pondalex.exe20417p\swsc.3XE
c:\pondalex.exe20417p\swxcacls.3XE
c:\pondalex.exe20417p\SysPath.dat
c:\pondalex.exe20417p\system_ini.dat
c:\pondalex.exe20417p\tail.3XE
c:\pondalex.exe20417p\Temp.dat
c:\pondalex.exe20417p\templates.folder.dat
c:\pondalex.exe20417p\toolbar.sed
c:\pondalex.exe20417p\unhand.dat
c:\pondalex.exe20417p\Update-CF.cmd
c:\pondalex.exe20417p\v_wht.dat
c:\pondalex.exe20417p\VerCF.bat
c:\pondalex.exe20417p\VikPev00
c:\pondalex.exe20417p\Vikpev01
c:\pondalex.exe20417p\VInfo
c:\pondalex.exe20417p\VInfo2
c:\pondalex.exe20417p\VINFO3
c:\pondalex.exe20417p\Vipev.dat
c:\pondalex.exe20417p\ViPev00
c:\pondalex.exe20417p\ViPev01
c:\pondalex.exe20417p\Vista.krl
c:\pondalex.exe20417p\Vista.mac
c:\pondalex.exe20417p\vistaMcode.dat
c:\pondalex.exe20417p\vistareg.dat
c:\pondalex.exe20417p\vRun_DLL
c:\pondalex.exe20417p\vun.dat
c:\pondalex.exe20417p\vundonames.dat
c:\pondalex.exe20417p\VwinTemp.dacl
c:\pondalex.exe20417p\w_sock.dll
c:\pondalex.exe20417p\w7Mcode.dat
c:\pondalex.exe20417p\whiteAll.dat
c:\pondalex.exe20417p\whitedir.dat
c:\pondalex.exe20417p\whitedirCreated.dat
c:\pondalex.exe20417p\Wmi_rem.vbs
c:\pondalex.exe20417p\xpmcode.dat
c:\pondalex.exe20417p\XPSBoot.reg
c:\pondalex.exe20417p\zDomain.dat
c:\pondalex.exe20417p\zhsvc.dat
c:\pondalex.exe20417p\zip.3XE
c:\pondalex.exe20417p\Zlob01
c:\users\Pondalex\Desktop\Internet Explorer.lnk
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-11 17:38 . 2012-02-11 17:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-11 16:28 . 2012-02-11 17:38 -------- d-----w- c:\users\Pondalex\AppData\Local\temp
2012-02-11 04:40 . 2012-02-11 04:40 -------- d--h--w- c:\windows\PIF
2012-02-10 04:33 . 2012-02-10 04:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 05:07 . 2012-02-09 05:07 26872 ----a-w- c:\windows\system32\drivers\FixTDSS.sys
2012-02-09 05:07 . 2012-02-09 05:07 -------- d-----w- c:\users\Pondalex\AppData\Roaming\FixTDSS
2012-02-08 03:43 . 2012-02-08 03:42 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-08 03:39 . 2012-02-08 03:39 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-07 03:40 . 2012-02-07 04:48 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-02-07 03:23 . 2012-02-07 03:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-02-05 05:25 . 2012-02-05 05:26 -------- d-----w- c:\users\Pondalex\AppData\Roaming\GetRightToGo
2012-02-05 03:17 . 2012-02-05 03:17 -------- d-----w- c:\programdata\WindowsSearch
2012-02-05 01:33 . 2012-02-05 01:33 -------- d-----w- c:\program files\ARO 2012
2012-02-02 02:13 . 2012-02-04 22:32 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Ota
2012-02-02 02:13 . 2012-02-04 06:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\Nelyu
2012-01-30 03:50 . 2012-01-31 04:14 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gtk-2.0
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\AppData\Local\GNU
2012-01-30 01:33 . 2012-01-30 01:33 -------- d-----w- c:\users\Pondalex\.kde
2012-01-30 01:15 . 2012-01-31 04:20 -------- d-----w- c:\users\Pondalex\AppData\Roaming\gnupg
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\programdata\GNU
2012-01-30 01:15 . 2012-01-30 01:15 -------- d-----w- c:\program files\GNU
2012-01-29 23:53 . 2012-01-30 00:01 -------- d-----w- c:\program files\container
2012-01-29 23:50 . 2012-01-29 23:54 -------- d-----w- c:\users\Pondalex\AppData\Roaming\TrueCrypt
2012-01-29 23:45 . 2012-01-29 23:45 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-01-29 23:45 . 2012-01-29 23:45 -------- d-----w- c:\program files\TrueCrypt
2012-01-28 18:33 . 2012-01-28 18:34 -------- d-----w- c:\users\Pondalex\AppData\Local\Facebook
2012-01-24 04:56 . 2012-02-07 04:20 -------- d-----w- c:\users\Pondalex\tor
2012-01-15 10:05 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-15 10:05 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-15 10:05 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-15 10:05 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-15 10:05 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-15 10:05 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 04:36 . 2008-01-21 02:23 503864 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-01-04 14:28 . 2012-01-04 14:28 16128 ----a-w- c:\windows\system32\drivers\gtkdrv.sys
2011-12-15 19:34 . 2011-12-15 19:34 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 22:24 . 2008-10-16 22:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-11 20:38 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-13 18:58 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 20:23 . 2012-01-11 20:38 1205064 ----a-w- c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-11 20:38 66560 ----a-w- c:\windows\system32\packager.dll
2010-03-31 03:43 . 2001-04-02 08:49 423936 ----a-w- c:\program files\Conversor.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\Pondalex\AppData\Roaming\Nelyu ----
.
.
---- Directory of c:\users\Pondalex\AppData\Roaming\Ota ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
2010-10-10 21:51 3906656 ----a-w- c:\program files\TVersitybar\tbTVer.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 04:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
"{66bd2442-241b-44cd-8c7a-b51037053cdb}"= "c:\program files\TVersitybar\tbTVer.dll" [2010-10-10 3906656]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz2.dll" [2010-10-18 3908192]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-06 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
"AROReminder"="c:\program files\ARO 2012\ARO.exe" [2012-01-06 2552688]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"Camfrog"="c:\program files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" [2011-05-16 54664]
"Facebook Update"="c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-01-28 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"MS Shell Services"="c:\program files\KidLogger\Kidlogger.exe" [2011-02-10 428344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-06-14 30192]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\users\Pondalex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\users\Pondalex\AppData\Local\vghd\bin\vghd.exe [2011-9-4 1640448]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HD Writer.lnk - c:\program files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2011-8-15 292240]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-06 16:10 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 07:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 08:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]
2009-03-27 15:29 177488 ----a-w- c:\program files\eAcceleration\Station\station.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-05-26 01:31 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2359270729-473054158-1944764805-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-28 18:33]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-28 04:31]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000Core.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2359270729-473054158-1944764805-1000UA.job
- c:\users\Pondalex\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 08:59]
.
2012-02-06 c:\windows\Tasks\User_Feed_Synchronization-{480410F6-6C9D-4125-B8CE-8A1BB0B19D14}.job
- c:\windows\system32\msfeedssync.exe [2011-04-05 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: Interfaces\{E51B9B62-F667-49E2-9FBB-5E27E22E0B87}: NameServer = 192.168.2.1
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 10:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-11 10:41:52
ComboFix-quarantined-files.txt 2012-02-11 17:41
ComboFix2.txt 2012-02-11 16:28
ComboFix3.txt 2009-03-21 23:45
.
Pre-Run: 429,699,264,512 bytes free
Post-Run: 429,514,674,176 bytes free
.
- - End Of File - - 9B2B0054E56204E58333557A1B9E6CAB

 

[Broni]

Very well.

How is computer doing overall?

Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

[nautilus808]

computer is doing well overall. Just no internet . Will update after running malwarebytes

 

[Broni]

When done with MBAM....

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[nautilus808]

wrong log.....

 

[nautilus808]

Farbar Service Scanner Version: 10-02-2012
Ran by Pondalex (administrator) on 11-02-2012 at 12:03:35
Running from "C:\Users\Pondalex\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[nautilus808]

malwarebytes was 28 days old. i was not able to update it. is this important?

 

[nautilus808]

Internet still does not work. I think there maybe a hardware settings issue as I was messing with things last week when i was trying to fix this alone

 

[nautilus808]

A few days ago, rkill made a registry editor shortcut on my desktop called rk-proxy. Should i add this to the registry?

 

[Broni]

Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.

Post new FSS log.

 

[nautilus808]

Farbar Service Scanner Version: 10-02-2012
Ran by Pondalex (administrator) on 11-02-2012 at 12:49:33
Running from "C:\Users\Pondalex\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[nautilus808]

this command was not recognized:
netsh winsock reset catalog