OMG i'm about to rip my bleeping hair out!!!!!!!!!!!!!!
I am working on my other computer in attempt to get those files. Every single link you gave me is not responding on this other computer.. could this be something to do with my router? I was able to find ComboFix.exe from another site... but the XP SP2 Pro Bootdisk ENU i cannot find anywhere else, which means no recovery console for me. I have misplaced my XP pro disk at the moment but will work on getting that some time this weekend. So aggrivating... it shows that it has started these downloads but then it will sit there transfering a 4.4MB file forever with no transfer rate or estimated time for finish.
WHEW problem fixed with other PC. Rebooted after some Auto updates were through, and the files were able to be downloaded then.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:53 PM, on 8/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\bwcsrv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\system32\JMRaidTool.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone:
http://www.geekstogo.comO16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) -
http://site.ebrary.c...s/ebraryRdr.cabO16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) -
http://xiah.gamescam...GamesCampus.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1219797676031O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://cdn2.zone.msn...ro.cab53083.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://download.game...outLauncher.cabO23 - Service: BUFFALO Wireless Configuration Service (bwcsrv) - Unknown owner - C:\WINDOWS\system32\Drivers\bwcsrv.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7154 bytes
ComboFix 08-08-28.06 - Wade 2008-08-29 13:14:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1600 [GMT -5:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Wade\Application Data\inst.exe
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\#SharedObjects\N9658NA4\bin.clearspring.com
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\#SharedObjects\N9658NA4\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\#SharedObjects\N9658NA4\interclick.com
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\#SharedObjects\N9658NA4\interclick.com\ud.sol
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Wade\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Wade\new.txt
C:\test.txt
C:\WINDOWS\Install.txt
C:\WINDOWS\system32\launcher.exe
C:\WINDOWS\system32\macidwe.exe
C:\WINDOWS\system32\mywfhit.ini
C:\WINDOWS\system32\mywfhit.ini.tmp
C:\WINDOWS\system32\oduxftw.sys
C:\WINDOWS\system32\rtl60.bpl
C:\WINDOWS\system32\syspilog.pil
C:\WINDOWS\system32\tdxdowkc.exe
C:\WINDOWS\tawisys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_AFISICX
-------\Legacy_MACIDWE
-------\Legacy_NOXTCYR
-------\Legacy_PANDRV
-------\Legacy_ROXTCTM
-------\Legacy_SEUICTOL
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_TDXDOWKC
-------\Legacy_WSLDOEKD
-------\Service_6to4
-------\Service_macidwe
-------\Service_Pandrv
-------\Service_seuictol
-------\Service_tdxdowkc
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-29 )))))))))))))))))))))))))))))))
.
2008-08-28 17:28 . 2008-08-28 17:28 <DIR> d-------- C:\_OTMoveIt
2008-08-27 21:58 . 2008-08-27 21:58 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-27 20:19 . 2008-08-27 20:19 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-27 20:08 . 2008-08-27 20:08 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-08-27 19:50 . 2008-08-27 19:50 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-27 19:50 . 2008-08-27 19:50 <DIR> d-------- C:\Documents and Settings\Wade\Application Data\Malwarebytes
2008-08-27 19:50 . 2008-08-27 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 19:50 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 19:50 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-27 19:48 . 2008-08-27 19:48 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-27 19:44 . 2008-08-27 19:45 <DIR> d-------- C:\Program Files\ERUNT
2008-08-26 19:33 . 2008-08-26 19:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-26 19:33 . 2008-08-26 19:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-26 19:33 . 2008-08-26 19:33 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-26 19:33 . 2008-08-26 19:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-26 19:30 . 2008-08-26 19:30 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-26 19:10 . 2008-04-13 19:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-08-26 18:55 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-26 18:53 . 2008-07-18 22:09 25,800 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-26 11:40 . 2008-08-27 19:58 <DIR> d-------- C:\WINDOWS\system32\inf
2008-08-26 11:40 . 2008-08-27 20:00 14,848 --a------ C:\WINDOWS\system32\zordisa.dll
2008-08-16 12:51 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-08-16 12:49 . 2008-08-16 12:49 <DIR> d-------- C:\WINDOWS\Logs
2008-08-16 10:57 . 2008-08-29 08:57 <DIR> d-------- C:\Program Files\ShotOnline International
2008-08-14 19:11 . 2003-07-16 10:17 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2008-08-14 19:11 . 2004-12-31 01:43 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2008-08-14 19:10 . 2008-08-14 19:10 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 18:18 --------- d-----w C:\Program Files\lg_fwupdate
2008-08-28 23:04 --------- d-----w C:\Program Files\PokerStars
2008-08-28 22:26 --------- d-----w C:\Program Files\Viewpoint
2008-08-28 22:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-28 02:45 --------- d-----w C:\Program Files\BFG
2008-08-27 01:14 --------- d-----w C:\Program Files\NavNT
2008-08-23 21:38 --------- d-----w C:\Documents and Settings\Wade\Application Data\Vso
2008-07-01 23:19 --------- d-----w C:\Program Files\Common Files\Motive
2008-07-01 23:19 --------- d-----w C:\Program Files\ATT
2008-07-01 23:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-04-26 13:09 47,360 ----a-w C:\Documents and Settings\Wade\Application Data\pcouffin.sys
2004-10-01 20:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-02-08 15:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ABIT uGuruIII"="C:\Program Files\ABIT\uGuru\uGuru.exe" [2006-03-23 11:41 417792]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-10-31 11:59 73728]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-03-16 03:00 1397760]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2007-04-05 03:46 249856]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-05-11 11:47 151552]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-24 21:52 385024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-19 13:26 86016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30 81920]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-10 18:08 16342528 C:\WINDOWS\RTHDCPL.exe]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\PokerStars\\PokerStarsUpdate.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\ShotOnline International\\ShotOnline.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3680:TCP"= 3680:TCP:*:Disabled:Ares
"27158:TCP"= 27158:TCP:*:Disabled:BitComet 27158 TCP
"27158:UDP"= 27158:UDP:*:Disabled:BitComet 27158 UDP
"16180:TCP"= 16180:TCP:*:Disabled:BitComet 16180 TCP
"16180:UDP"= 16180:UDP:*:Disabled:BitComet 16180 UDP
R0 UGURU;UGURU;C:\WINDOWS\system32\drivers\uGuru.sys [2006-05-03 13:46]
R2 bwcdrv;BUFFALO Wireless Configuration;C:\WINDOWS\system32\DRIVERS\bwcdrv.sys [2003-12-21 03:21]
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 10:00]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-08-25 15:00]
S3 CBBCM43;BUFFALO WLI-CB-XXX Series Wireless LAN Adapter;C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-07-11 00:46]
S3 Memctl;Memctl;C:\Program Files\ABIT\FlashMenu\Memctl.sys [2001-11-29 19:49]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-PowerBar - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Wade\Application Data\Mozilla\Firefox\Profiles\wdcos58e.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-29 13:18:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\NavLogon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\drivers\BWCSRV.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-29 13:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 18:19:46
Pre-Run: 259,319,922,688 bytes free
Post-Run: 259,346,857,984 bytes free
190 --- E O F --- 2008-08-29 12:54:48
Yes i do use PokerStars
Edited by Q6600isabeast, 29 August 2008 - 04:06 PM.