ComboFix 10-09-23.01 - me 24/09/2010 20:09:05.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.456 [GMT 1:00]
Running from: c:\documents and settings\me\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is infected!!
c:\windows\explorer.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-24 19:00 . 2008-04-14 04:42 507904 ----a-w- c:\windows\system32\dllcache\winlogon.exe
2010-09-24 19:00 . 2008-04-14 04:42 1033728 ----a-w- c:\windows\system32\dllcache\explorer.exe
2010-09-24 16:17 . 2010-09-24 16:21 -------- d-----w- C:\MRU
2010-09-24 13:38 . 2010-09-24 13:48 -------- d-----w- C:\sp3
2010-09-23 16:14 . 2010-09-23 16:15 -------- d-----w- c:\program files\QuickTime
2010-09-22 16:38 . 2010-09-22 16:38 109128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 17:37 . 2010-09-21 17:37 -------- d-----w- c:\documents and settings\me\Application Data\VDownloader
2010-09-21 17:37 . 2010-09-21 17:37 -------- d-----w- c:\program files\VDownloader
2010-09-20 22:41 . 2010-09-20 22:42 -------- d-----w- c:\documents and settings\me\Application Data\DivX
2010-09-20 22:38 . 2010-09-21 15:15 -------- d-----w- c:\program files\DivX
2010-09-20 22:37 . 2010-09-20 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-15 17:37 . 2010-09-15 17:37 -------- d-----w- c:\program files\Trend Micro
2010-09-15 15:31 . 2010-09-15 17:36 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-09-11 16:06 . 2010-09-11 16:06 -------- d-----w- c:\documents and settings\me\Local Settings\Application Data\Sony
2010-09-11 16:03 . 2010-09-11 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-09-11 16:02 . 2010-09-11 16:03 -------- d-----w- c:\program files\Sony
2010-09-11 16:01 . 2010-09-11 16:06 -------- d-----w- c:\documents and settings\me\Application Data\Sony
2010-09-09 21:46 . 2010-09-09 21:46 -------- d-----w- c:\windows\system32\tempdir
2010-09-09 21:46 . 2009-03-18 13:54 1103360 ----a-w- c:\windows\system32\cidfont.dll
2010-09-09 21:46 . 2005-05-31 02:25 1503232 ----a-w- c:\windows\system32\ptj.exe
2010-09-09 21:46 . 2007-06-27 15:15 4369408 ----a-w- c:\windows\system32\pdftk.exe
2010-09-09 21:46 . 2010-09-09 22:57 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2010-09-09 21:24 . 2010-09-09 21:30 -------- d-----w- c:\program files\PDF To Image Converter
2010-09-09 16:29 . 2010-09-09 17:36 -------- d-----w- c:\documents and settings\me\Application Data\Inscriptio
2010-09-09 16:22 . 2010-09-09 16:23 -------- d-----w- c:\program files\Burn CD Now
2010-09-02 17:00 . 2010-09-02 17:00 -------- d-----w- c:\program files\iPod
2010-09-02 17:00 . 2010-09-02 17:01 -------- d-----w- c:\program files\iTunes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 23:03 . 2010-09-20 22:42 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-09-20 22:59 . 2010-09-20 22:37 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-20 20:53 . 2009-11-02 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-09-17 03:54 . 2009-12-22 21:46 122 ----a-w- c:\documents and settings\me\Application Data\wklnhst.dat
2010-09-17 01:38 . 2010-08-20 23:10 -------- d-----w- c:\documents and settings\me\Application Data\vlc
2010-09-16 02:22 . 2009-11-03 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-15 17:37 . 2010-09-15 17:37 388096 ----a-r- c:\documents and settings\me\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-09 19:24 . 2010-05-24 21:02 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-08 10:50 . 2009-11-03 00:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 15:12 . 2010-08-15 11:30 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-12-22 00:16 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-12-22 00:16 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-12-22 00:16 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-12-22 00:16 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-12-22 00:16 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2009-12-22 00:16 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2009-12-22 00:16 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2009-12-22 00:16 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-07 01:20 . 2010-04-10 19:01 -------- d-----w- c:\documents and settings\me\Application Data\dvdcss
2010-09-04 17:52 . 2009-12-10 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-09-02 17:00 . 2010-07-08 21:23 -------- d-----w- c:\program files\Common Files\Apple
2010-09-02 16:24 . 2010-09-02 16:24 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-08-19 23:49 . 2010-05-15 22:59 -------- d-----w- c:\program files\PCFriendly
2010-08-18 19:00 . 2010-08-18 19:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-18 18:57 . 2010-04-07 20:19 -------- d-----w- c:\program files\Java
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-17 13:17 . 2008-04-25 20:33 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 19:21 . 2009-11-02 23:55 -------- d-----w- c:\program files\Microsoft Works
2010-08-08 18:29 . 2010-08-08 18:29 503808 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-794ccc99-n\msvcp71.dll
2010-08-08 18:29 . 2010-08-08 18:29 499712 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-794ccc99-n\jmc.dll
2010-08-08 18:29 . 2010-08-08 18:29 61440 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16d4c80e-n\decora-sse.dll
2010-08-08 18:29 . 2010-08-08 18:29 348160 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-794ccc99-n\msvcr71.dll
2010-08-08 18:29 . 2010-08-08 18:29 12800 ----a-w- c:\documents and settings\me\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-16d4c80e-n\decora-d3d.dll
2010-07-29 20:23 . 2010-05-24 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-07-29 19:36 . 2010-04-03 12:06 -------- d-----w- c:\documents and settings\me\Application Data\FlashgetSetup
2010-07-29 19:36 . 2010-05-24 19:29 3688936 ----a-w- c:\documents and settings\me\Application Data\FlashgetSetup\fgcn_7.exe
2010-07-22 15:49 . 2008-04-25 20:33 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-11-02 23:44 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 04:00 . 2010-04-26 14:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2008-04-25 20:33 149504 ----a-w- c:\windows\system32\schannel.dll
2009-11-02 23:59 . 2009-11-02 23:59 75 --sh--r- c:\windows\CT4CET.bin
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . E19C45BCC472139C279C6E0BFE303511 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 116813FA40809C0181496E0C6964E4B7 . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
[-] 2008-04-14 . D1697857D70DE75D05082538FE042DFD . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . D2CA345B03BC15942ECE02AFF8717E85 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-09 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-05-11 24576]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"O2DA"="c:\program files\O2 Assistant\bin\sprtcmd.exe" [2010-04-23 206120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-11-02 23:55 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Documents and Settings\\me\\Application Data\\FlashgetSetup\\fgmini.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [03/11/2009 00:51 14248]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [03/04/2010 17:54 64288]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/12/2009 01:16 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/12/2009 01:16 17744]
R2 sprtsvc_O2DA;SupportSoft Sprocket Service (O2DA);c:\program files\O2 Assistant\bin\sprtsvc.exe [23/04/2010 15:04 206120]
R2 tgsrvc_O2DA;SupportSoft Repair Service (O2DA);c:\program files\O2 Assistant\bin\tgsrvc.exe [23/04/2010 15:04 185640]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [03/11/2009 00:57 143840]
R3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [03/11/2009 02:18 134144]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [03/11/2009 02:18 133632]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [03/11/2009 02:18 272256]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [03/11/2009 02:18 162816]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1352832]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [03/11/2009 02:17 1684736]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [22/01/2010 23:52 102656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-09-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:54]
2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
2010-09-17 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-24 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Download all by FlashGet3 - c:\documents and settings\me\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\me\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: kuaiche.com\software
Trusted Zone: o2.co.uk\*.broadband
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 20:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\me\LOCALS~1\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(868)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-24 20:58:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 19:58
Pre-Run: 40,171,466,752 bytes free
Post-Run: 40,124,633,088 bytes free
- - End Of File - - 0CA8B2428305E28DFAA787A3E9F91C99