Hi again,
after I ran CKScanner I ran TDSSKiller (I hope that is what you ment by RKill). Then I tried the Script with Combofix (zzz.exe) again. Now I can not start any programs. The error message is:
Illegal operation attempted on a registry key that has been marked for deletion.
Here is the Combofix log 2:
ComboFix 10-12-04.06 - Siim 12/07/2010 0:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1257.372.1033.18.2046.1142 [GMT 2:00]
Running from: c:\users\Siim\Desktop\zzz.exe
Command switches used :: c:\users\Siim\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\system32\drivers\aklmktks.sys"
"c:\windows\system32\drivers\cscllkfd.sys"
"c:\windows\system32\drivers\diqxquwj.sys"
"c:\windows\system32\drivers\gvzqshwl.sys"
"c:\windows\system32\drivers\hqckmixp.sys"
"c:\windows\system32\drivers\kplshmcg.sys"
"c:\windows\system32\drivers\kroover.exe"
"c:\windows\system32\drivers\qkzfskxq.sys"
"c:\windows\system32\drivers\rdtveihw.sys"
"c:\windows\system32\drivers\rengfkpj.sys"
"c:\windows\system32\drivers\sshgmxaq.sys"
"c:\windows\system32\drivers\xbkpptki.sys"
"c:\windows\system32\drivers\xpynmcif.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\spool\prtprocs\w32x86\sst5A65.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_aklmktks
-------\Service_cscllkfd
-------\Service_diqxquwj
-------\Service_gvzqshwl
-------\Service_hqckmixp
-------\Service_kplshmcg
-------\Service_kroover
-------\Service_qkzfskxq
-------\Service_rdtveihw
-------\Service_rengfkpj
-------\Service_sshgmxaq
-------\Service_xbkpptki
-------\Service_xpynmcif
((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.
2010-12-06 22:36 . 2010-12-06 22:37 -------- d-----w- c:\users\postgres.Siim-PC\AppData\Local\temp
2010-12-06 22:36 . 2010-12-06 22:36 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-06 22:36 . 2010-12-06 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-06 18:42 . 2010-11-16 10:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1EC5C0D-5D51-47F8-B340-C0442E106F48}\mpengine.dll
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\ArcSoft
2010-12-03 16:17 . 2010-12-03 16:17 -------- d-----w- c:\users\Siim\AppData\Roaming\HP SimpleSave Application
2010-12-01 20:18 . 2010-12-01 20:18 -------- d-----w- c:\program files\ESET
2010-11-28 14:54 . 2010-11-28 14:54 -------- d-----w- c:\program files\Conduit
2010-11-28 14:53 . 2010-11-28 14:54 -------- d-----w- c:\program files\BitTorrentBar
2010-11-26 17:56 . 2010-11-26 17:56 -------- d-----w- c:\program files\Net Studio
2010-11-26 01:03 . 2010-11-26 01:03 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG10
2010-11-26 01:01 . 2010-11-26 01:01 -------- d--h--w- c:\programdata\Common Files
2010-11-26 00:59 . 2010-12-05 22:52 -------- d-----w- c:\programdata\AVG10
2010-11-26 00:50 . 2010-12-05 19:55 -------- d-----w- c:\programdata\MFAData
2010-11-26 00:43 . 2010-11-26 00:44 -------- d-----w- c:\users\Siim\AppData\Roaming\QuickScan
2010-11-26 00:39 . 2010-11-26 00:39 -------- d-----w- c:\users\Siim\AppData\Roaming\AVG9
2010-11-25 12:00 . 2010-11-25 12:00 -------- d-----w- c:\users\Siim\AppData\Local\Installer2336
2010-11-25 03:13 . 2010-11-25 03:13 -------- d-----w- c:\users\Siim\POKKER
2010-11-24 23:24 . 2010-11-24 23:24 -------- d-----w- c:\users\Siim\Program Files
2010-11-24 14:42 . 2001-10-28 14:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2010-11-24 14:42 . 1998-06-23 22:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2010-11-24 14:42 . 2010-11-24 14:43 -------- d-----w- c:\program files\PDFCreator
2010-11-24 14:42 . 1998-07-05 22:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2010-11-24 14:36 . 2010-11-24 14:36 -------- d-----w- c:\programdata\ReviverSoft
2010-11-24 14:35 . 2010-11-24 14:36 -------- d-----w- c:\users\Siim\AppData\Local\OpenCandy
2010-11-24 14:35 . 2010-11-24 14:35 -------- d-----w- c:\users\Siim\AppData\Roaming\OpenCandy
2010-11-24 14:33 . 2010-11-24 14:38 -------- d-----w- c:\program files\Acro Software
2010-11-23 07:05 . 2010-11-23 07:05 -------- d-----w- c:\program files\PokerStove
2010-11-22 15:59 . 2010-11-22 18:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-22 15:59 . 2010-11-22 15:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-15 14:06 . 2010-11-15 14:07 -------- d-----w- c:\users\Siim\AppData\Local\Installer1104
2010-11-15 12:33 . 2010-11-30 22:04 -------- d-----w- c:\program files\TableNinja
2010-11-15 09:59 . 2010-11-15 09:59 -------- d-----w- c:\users\Siim\AppData\Local\Installer5828
2010-11-14 15:29 . 2010-12-06 18:43 -------- d-----w- c:\users\Siim\Tracing
2010-11-14 11:06 . 2010-11-14 11:06 -------- d-----w- C:\PcSetup
2010-11-13 14:01 . 2010-11-13 14:01 229376 ----a-w- c:\windows\system32\drivers\sst5A89.sys
2010-11-13 14:01 . 2010-11-13 14:01 0 ----a-w- c:\windows\system32\drivers\sst5A89.tmp
2010-11-10 17:13 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-08 14:43 . 2010-11-08 14:46 -------- d-----w- C:\I
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-14 11:06 . 2009-04-07 18:15 47360 ----a-w- c:\users\Siim\AppData\Roaming\pcouffin.sys
2010-10-19 08:41 . 2009-10-02 22:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-22 22:47 . 2010-09-22 22:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-13 13:56 . 2010-10-14 12:19 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 06:01 . 2010-10-14 12:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57 . 2010-10-14 12:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57 . 2010-10-14 12:18 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56 . 2010-10-14 12:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56 . 2010-10-14 12:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04 . 2010-10-14 12:18 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26 . 2010-10-14 12:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25 . 2010-10-14 12:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57C571FD-3CE1-4699-9AE3-22C129EE35AD}]
2010-02-04 08:38 153056 ----a-w- c:\windows\System32\idcertremoval.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-10-18 3908192]
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-07 323392]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Google Update"="c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-10-26 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SigmatelSysTrayApp"="sttray.exe" [2010-05-04 303104]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-26 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Spyder3Utility.lnk - c:\program files\Datacolor\Spyder3Express\Utility\Spyder3Utility.exe [2009-8-11 6798714]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-11-24 23:24 323392 ----a-w- c:\users\Siim\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-03-11 09:44 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-03-20 14:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-04-11 12:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EasyViz Automatic Update;EasyViz Automatic Update;c:\program files\EasyViz 3.0\evauh.exe [2009-12-07 856728]
R3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2008-09-08 12288]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-11-11 717296]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-29 176128]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-09-19 65536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000Core.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]
2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2637077607-2722662537-2985405444-1000UA.job
- c:\users\Siim\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-26 18:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ee/uInternet Settings,ProxyOverride = *.local
IE: {{BFBE0C3A-BD72-4d5e-8058-E9494F00C005} - c:\program files\PokerStars.EE\PokerStarsUpdate.exe
TCP: {21B2A37A-B9E1-401E-97F9-4AC0D8E37E82} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL -
hxxp://www.google.com/search?btnG=Google+Search&q=FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npidcard.dll
FF - plugin: c:\users\Siim\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Siim\AppData\Roaming\Mozilla\Firefox\Profiles\uvw3lqsw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-12-07 00:39
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,3d,4f,ca,46,df,51,41,b2,9f,20,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\sttray.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-12-07 00:46:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 22:46
ComboFix2.txt 2010-12-05 19:42
Pre-Run: 56,109,760,512 bytes free
Post-Run: 55,962,177,536 bytes free
- - End Of File - - FA7C92E5AD273BB92728147F4C8715A1