Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Smitfraud Infection


  • Please log in to reply
5 replies to this topic

#1 BKling

BKling

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 10 February 2008 - 03:12 AM

I just started getting random pop-ups on a new install of Win XP MCE. Upon investigation I found out it is "SmitFraud." I've spent the entire day reading through forums and trying all sorts of tools all to no avail. I've got the following programs in an attempt to rid myself of this pest: AVG Anti-Virus 7.5, AVG Anti-Spyware 7.5, AdAware 2007, Spybot S&D, SpywareDoctor, and HijackThis! I've followed the prep guide and ran Panda and the other online scans which returned nothing. The only thing that is showing up on anything is the file core.cache.dsk located in C:\WINDOWS\system32\drivers. Only Spybot and SpywareDoctor detect the file. There are no registry entries or any other traces of it that is detected with anything but it still keeps reappearing. I have exhausted my personal abilities and am seeking help. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:49 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis!\analyse2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\UltraTV\QuickTV.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6720 bytes

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 10 February 2008 - 03:30 AM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Download Combofix to your Desktop.
Double click combofix.exe
Follow the prompts that are displayed.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt. Post that in your next reply.

Please include the Combofix log and a new HijackThis log in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 BKling

BKling
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 10 February 2008 - 10:53 AM

Combo Fix log:

ComboFix 08-02.05.3 - Admin 2008-02-10 10:38:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1362 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\MSPCLOCKK.sys
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\MSPCLOCKK.sys
C:\WINDOWS\system32\msssc.dll

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSPCLOCKK
-------\MSPCLOCKK


((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-10 02:14 . 2008-02-10 02:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-10 02:14 . 2008-02-10 02:14 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-10 02:14 . 2008-02-10 02:14 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-10 02:14 . 2008-02-10 02:14 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-10 01:12 . 2008-02-10 02:36 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-10 01:12 . 2008-02-10 10:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-10 01:12 . 2008-02-10 01:12 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\PC Tools
2008-02-10 01:12 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-10 01:12 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-10 01:12 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-10 01:12 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-09 23:57 . 2008-02-10 00:28 1,512 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-09 23:53 . 2008-02-10 02:29 <DIR> d-------- C:\Documents and Settings\Admin\SmitfraudFix
2008-02-09 23:21 . 2008-02-09 23:21 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-09 22:41 . 2008-02-09 22:42 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-02-09 22:28 . 2008-02-09 23:09 165 --a------ C:\WINDOWS\wininit.ini
2008-02-09 21:39 . 2008-02-09 21:39 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Grisoft
2008-02-09 21:33 . 2008-02-10 02:36 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-09 21:33 . 2008-02-09 23:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-09 21:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-09 20:28 . 2008-02-09 20:29 <DIR> d-------- C:\Program Files\UltraTV
2008-02-09 20:28 . 2008-02-10 03:11 <DIR> d-------- C:\Program Files\HijackThis!
2008-02-09 20:27 . 2008-02-09 20:27 306,688 --a------ C:\WINDOWS\system32\drivers\A88xEnc.sys
2008-02-09 20:24 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-02-09 20:22 . 2008-02-09 20:22 <DIR> d-------- C:\Program Files\ASUS
2008-02-09 20:22 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 20:20 . 2008-02-09 20:20 <DIR> d-------- C:\Documents and Settings\Admin\WINDOWS
2008-02-09 20:19 . 2004-01-28 03:21 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-02-09 20:19 . 2008-02-09 20:19 2,833 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-02-09 19:58 . 2008-02-09 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-02-09 19:57 . 2008-02-09 19:58 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-02-09 19:08 . 2008-02-09 19:08 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-09 19:08 . 2008-02-09 19:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-09 19:07 . 2008-02-09 19:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-09 18:44 . 2008-02-09 18:44 <DIR> d-------- C:\Program Files\QuickTime
2008-02-09 18:44 . 2008-02-09 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-09 18:43 . 2008-02-09 18:43 <DIR> d-------- C:\Program Files\Apple Software Update
2008-02-09 18:43 . 2008-02-09 18:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-02-09 17:53 . 2008-02-09 17:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-02-09 17:53 . 2008-02-09 21:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-09 17:53 . 2008-02-09 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-02-09 17:53 . 2008-02-10 01:07 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2008-02-09 17:53 . 2008-02-09 17:53 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-02-09 17:53 . 2008-02-09 17:53 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-02-09 17:46 . 2008-02-09 17:46 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Nero
2008-02-09 17:44 . 2008-02-09 17:44 <DIR> d-------- C:\Program Files\Nero
2008-02-09 17:44 . 2008-02-09 17:45 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-02-09 17:44 . 2008-02-09 17:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-09 17:30 . 2008-02-09 17:30 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-09 17:25 . 2008-02-10 10:43 <DIR> d-------- C:\Program Files\Trillian
2008-02-09 17:20 . 2008-02-09 17:24 <DIR> d-------- C:\Program Files\Winamp
2008-02-09 17:20 . 2008-02-09 17:20 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-02-09 17:03 . 2008-02-09 17:03 <DIR> d-------- C:\wmdownloads
2008-02-09 15:42 . 2008-02-10 02:34 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-09 15:41 . 2008-02-09 15:41 <DIR> d-------- C:\Program Files\MSBuild
2008-02-09 15:37 . 2008-02-09 16:01 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-09 15:36 . 2008-02-09 15:36 <DIR> d-------- C:\WINDOWS\SiS
2008-02-09 15:36 . 2008-02-09 15:36 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-09 15:36 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-09 14:30 . 2008-02-09 14:30 <DIR> d-------- C:\WINDOWS\VirtualEar
2008-02-09 14:30 . 2008-02-09 14:30 <DIR> d-------- C:\Program Files\Analog Devices
2008-02-09 14:28 . 2008-02-09 14:28 1,167 --a------ C:\WINDOWS\mozver.dat
2008-02-09 13:32 . 2008-02-09 13:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Earthsim
2008-02-09 13:28 . 2008-02-09 13:28 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Talkback
2008-02-09 13:28 . 2008-02-09 13:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 13:17 . 2008-02-09 13:17 <DIR> d-------- C:\Program Files\utorrent
2008-02-09 13:17 . 2008-02-10 01:32 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-02-09 13:08 . 2008-02-09 13:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-09 13:06 . 2008-02-09 13:06 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-09 13:05 . 2008-02-09 13:09 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-09 13:04 . 2007-10-10 18:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-02-09 13:04 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-02-09 13:04 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-02-09 13:04 . 2007-10-10 18:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-02-09 13:04 . 2007-10-10 18:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-02-09 13:04 . 2007-10-10 18:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-02-09 13:04 . 2007-10-10 18:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-02-09 13:04 . 2007-10-10 18:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-02-09 13:04 . 2007-10-10 05:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-09 13:01 . 2008-02-09 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-02-09 13:01 . 2008-02-09 13:01 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\ATI
2008-02-09 13:01 . 2008-02-09 13:01 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 01:27 98,304 ----a-w C:\WINDOWS\system32\PreviewAud_182.exe
2008-02-10 01:27 6,912 ----a-w C:\WINDOWS\system32\drivers\A88xXBar.sys
2008-02-10 01:27 45,056 ----a-w C:\WINDOWS\system32\IOCtl880.dll
2008-02-10 01:27 45,056 ----a-w C:\WINDOWS\system32\AVerAPI_182.DLL
2008-02-10 01:27 31,744 ----a-w C:\WINDOWS\system32\drivers\A88xTune.sys
2008-02-10 01:27 249,344 ----a-w C:\WINDOWS\system32\drivers\A88xVCap.sys
2008-02-10 01:27 11,264 ----a-w C:\WINDOWS\system32\drivers\A88xaud.sys
2008-02-10 00:49 --------- d-----w C:\Program Files\Steam
2008-02-10 00:15 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-02-10 00:15 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-02-10 00:15 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-09 19:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 17:57 --------- d-----w C:\Program Files\ATI Technologies
2008-02-09 17:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-09 17:41 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-02-09 17:28 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-09 17:26 --------- d-----w C:\Program Files\Windows Plus
2008-02-09 17:18 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-21 03:53 2,843,136 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-12-21 03:09 368,640 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2007-12-21 03:08 272,384 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2007-12-21 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2007-12-21 02:59 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2007-12-21 02:59 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2007-12-21 02:59 147,456 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2007-12-21 02:59 122,880 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2007-12-21 02:58 122,880 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2007-12-21 02:57 512,000 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2007-12-21 02:56 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2007-12-21 02:53 9,826,304 ----a-w C:\WINDOWS\system32\atioglx2.dll
2007-12-21 02:47 3,120,640 ----a-w C:\WINDOWS\system32\ati3duag.dll
2007-12-21 02:36 1,661,696 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2007-12-21 02:24 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2007-12-21 02:20 5,435,392 ----a-w C:\WINDOWS\system32\atioglxx.dll
2007-12-21 02:20 385,024 ----a-w C:\WINDOWS\system32\atikvmag.dll
2007-12-21 02:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2007-12-21 02:17 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-12-21 02:15 159,744 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2007-12-21 02:11 499,712 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2007-12-21 02:05 593,920 ------w C:\WINDOWS\system32\ati2sgag.exe
2007-12-14 03:02 40,360 ----a-w C:\WINDOWS\system32\drivers\InCDRm.sys
2007-12-14 03:02 38,952 ----a-w C:\WINDOWS\system32\drivers\InCDPass.sys
2007-12-14 03:02 238,888 ----a-w C:\WINDOWS\NuNInst.exe
2007-12-14 03:02 17,448 ----a-w C:\WINDOWS\system32\drivers\InCDrec.sys
2007-12-14 03:02 128,424 ----a-w C:\WINDOWS\system32\drivers\InCDfs.sys
2007-12-14 00:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-13 12:05 531,248 ----a-w C:\WINDOWS\system32\es.scr
2007-12-04 14:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 23:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-11-11 01:26 55,296 ----a-w C:\WINDOWS\system32\iesetup.dll
2007-11-11 01:26 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2007-11-11 01:26 413,696 ----a-w C:\WINDOWS\system32\vbscript.dll
2007-11-11 01:26 40,960 ----a-w C:\WINDOWS\system32\licmgr10.dll
2007-11-11 01:26 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll
2007-11-11 01:26 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2007-11-11 01:26 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2007-11-11 01:26 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2007-11-11 01:26 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2007-11-11 01:26 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2007-11-11 01:26 1,580,544 ----a-w C:\WINDOWS\system32\sfcfiles.dll
2007-11-11 01:25 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll
2007-11-11 01:25 71,680 ----a-w C:\WINDOWS\system32\admparse.dll
2007-11-11 01:25 17,408 ----a-w C:\WINDOWS\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@={8D2223A2-B3C6-4e32-B096-CDD11F628C60}

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 22:02 96552 --a------ C:\Program Files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-01-01 00:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [2007-12-13 22:02 2048808]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [2007-12-13 22:02 1082152]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-02-09 17:53 579072]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-02-09 17:53 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2007-12-11 1873280]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
QuickTV.lnk - C:\Program Files\UltraTV\QuickTV.exe [2003-12-05 22:28:32 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R2 NeroRegInCDSrv;Nero Registry InCD Service;C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 22:02]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2006-02-14 16:02]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-09 23:43:49 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 10:46:45
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2008-02-10 10:49:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-10 15:49:04
.
2008-02-09 18:10:29 --- E O F ---

**************************************************************************
**************************************************************************
**************************************************************************

New HijackThis! log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\UltraTV\QuickTV.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis!\analyse2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: QuickTV.lnk = C:\Program Files\UltraTV\QuickTV.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6859 bytes

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 10 February 2008 - 04:22 PM

Please run a scan with Kaspersky Online Scanner.
You will be promted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and then begin downloading the latest definition files.
Once the files have been downloaded click on Next.
Select a target to scan; click on My Computer.
The scan will take a while so be patient and let it run.
Once the scan is complete choose the option to Save as Text; they will be needed later.

I'd like to see the log in your reply, please.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 BKling

BKling
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:17 PM

Posted 10 February 2008 - 06:45 PM

I accidentally saved it as an HTML file so I'll attach it as such. Nothing showed up relating to SmitFraud, finally! I haven't had a pop-up all day. Already cleared the system restore and began deleting tools.

Attached Files


Edited by BKling, 10 February 2008 - 06:46 PM.


#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 12 February 2008 - 04:14 PM

Can I have a little information about how things seem to be running now, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users