1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Pls help! Infostealer gampass virus

Discussion in 'Malware and Virus Removal Archive' started by one278, 2008/08/12.

  1. 2008/08/12
    one278

    one278 Inactive Thread Starter

    Joined:
    2008/08/12
    Messages:
    16
    Likes Received:
    0
    [Resolved]Pls help! Infostealer gampass virus

    Sysmantec AntiVirus Notification keep popping out everytime when i on my comp.:( This is how it says:

    Scan type:Realtime Protection Scan
    Event:Virus found!
    Virus name:Infostealer.Gampass
    File:C\WINDOWS\system32\karnaeghDrv.dll
    Locationn:C\WINDOWS\system32
    Computer:USER
    User:chong
    Action taken:Clean failed:Quarantine failed:Access denied
    Date found:Tue Aug 12 15:17:35 2008
    Thanks
     
    one278,
    #1
  2. 2008/08/12
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi one278
    Welcome to Windowsbbs.:)

    Please do this in the order given.

    Download ComboFix from Here to your Desktop.

    It's best to disable realtime protection applications as they sometimes interfere with the tool.
    Check this link for any applicable programs you may have.
    • Close all open programs and windows
    • Double click combofix.exe and follow the prompts.
    • Vista users right click Combofix.exe and select Run As Administrator.
    • When finished, it shall produce a log for you. Post the Combofix log
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall

    Note - ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

    Note - Combofix makes some changes when run to prevent autorun/autoplay of ALL CDs, floppies and USB devices, to assist with malware removal & increase security. If this is an issue or makes it difficult for you to use those devices, please ask how to reset it.

    Now this.

    Download a copy of HijackThis installer from here and save it to your Desktop.

    1. Save HJTInstall.exe to your desktop.
    2. Double-click on the HJTintall.exe icon on your desktop.
      (Let it install to the default location C:\Program Files\Hijackthis)
    3. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
    4. Put a check by Create a desktop icon and then click Next again.
    5. Continue to follow the rest of the prompts from there.
    6. At the final dialogue box click Finish and it will launch HijackThis.
    7. Click on the Do a system scan and save a log file button.
      (It will scan and the log should open in Notepad.)
    8. Click on "Edit" > "Select All" to highlight the entire Notepad contents.
    9. Then click on "Edit" > "Copy ".
    10. Come back here to this thread and Paste the log in your next reply.
      (Right-click in the message body field and select "Paste ".)
    CAUTION: DO NOT have HijackThis "fix" anything without carefully following expert guidance. Otherwise, you might render your computer unstable or even unbootable. Most of what HijackThis finds will be harmless or even required.

    Please post the Combofix log and the HJT log.

    Thanks
    Geri
     
    Geri,
    #2


  3. to hide this advert.

  4. 2008/08/13
    one278

    one278 Inactive Thread Starter

    Joined:
    2008/08/12
    Messages:
    16
    Likes Received:
    0
    Hi Geri
    Below are my HJT Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:50:43 PM, on 8/13/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\PrevxCSI\prevxcsi.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\PrevxCSI\prevxcsi.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.singnet.com.sg:8080
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - http://info.channelnewsasia.com/bb/templates/subSilver/images/icon_minipost.gif

    --
    End of file - 5822 bytes

    MY COMBO Log
    ComboFix 08-08-12.01 - Chong 2008-08-13 16:39:19.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.556 [GMT 8:00]
    Running from: C:\Documents and Settings\Chong\Desktop\ComboFix.exe
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2008-07-13 to 2008-08-13 )))))))))))))))))))))))))))))))
    .

    2008-08-11 20:54 . 2008-08-11 21:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-11 20:53 . 2008-08-11 20:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-08-11 20:53 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-08-11 18:23 . 2008-08-11 18:23 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
    2008-08-11 18:22 . 2008-08-11 18:22 <DIR> d-------- C:\Program Files\PrevxCSI
    2008-08-11 18:22 . 2008-08-13 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
    2008-08-11 16:37 . 2008-08-11 16:37 58,863,582 --a------ C:\SYM_REGISTRY_BACKUP.reg
    2008-07-14 16:03 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-07-14 16:03 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-07-14 16:02 . 2008-07-14 16:02 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-07-14 16:02 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-13 08:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-13 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-13 08:09 --------- d-----w C:\Program Files\Symantec_Client_Security
    2008-08-13 08:07 --------- d-----w C:\Program Files\Symantec
    2008-08-13 08:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-13 08:02 --------- d-----w C:\Program Files\SaxoCM
    2008-08-13 07:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-07-14 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-14 09:02 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-07-14 01:58 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-05 03:30 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-05 03:30 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-05 03:30 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-06-28 08:29 --------- d-----w C:\Documents and Settings\Chong\Application Data\febooti software
    2008-06-28 08:24 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-28 08:10 --------- d-----w C:\Program Files\febooti ieZoom
    2008-06-28 08:00 --------- d-----w C:\Program Files\Zoom Tool
    2008-06-28 07:18 --------- d-----w C:\Program Files\ZoomAView
    2008-06-28 06:54 --------- d-----w C:\Program Files\Imgv32
    2008-06-27 07:55 --------- d-----w C:\Program Files\Font Xplorer
    2008-06-26 03:48 --------- d-----w C:\Program Files\AVG
    2008-06-26 03:48 --------- d-----w C:\Documents and Settings\Chong\Application Data\AVGTOOLBAR
    2008-06-26 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-16 12:31 --------- d-----w C:\Documents and Settings\Chong\Application Data\SaxoCM
    2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 11:29 68856]
    "ParetoLogic Anti-Spyware "= "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-10-25 02:59 2643312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "WheelMouse "= "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2005-09-29 10:25 176128]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-03-07 22:19 282624]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
    "nwiz "= "nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 11:29:18 125624]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{C60A0B68-1F3A-A1D2-C909-9A11A016D21A} "= "C:\WINDOWS\system32\KarnaeghDrv.dll" [2000-02-02 08:01 49152]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\MSN Messenger\\msncall.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
    "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe "=
    "C:\\Program Files\\ChartNexus\\chartnexus.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
    "C:\\WINDOWS\\system32\\dpvsetup.exe "=

    R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-11 18:23]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 11:30]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 11:30]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 11:30]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 11:30]
    R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-11 18:22]
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2005-09-21 16:27]
    S3 dump_wmimmc;dump_wmimmc;C:\Program Files\WIZET\MapleStory\GameGuard\dump_wmimmc.sys []

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contents of the 'Scheduled Tasks' folder

    2006-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 17:36]

    2008-08-05 C:\WINDOWS\Tasks\Pareto UNS.job
    - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []

    2007-10-06 C:\WINDOWS\Tasks\XoftSpy.job
    - C:\Program Files\XoftSpy\XoftSpy.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    HKLM-Run-vptray - C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.com.sg/
    R1 -: HKCU-Internet Settings,ProxyServer = www.singnet.com.sg:8080
    O8 -: E&xport to Microsoft Excel


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-13 16:41:08
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-08-13 16:42:50
    ComboFix-quarantined-files.txt 2008-08-13 08:42:38

    Pre-Run: 73,327,714,304 bytes free
    Post-Run: 73,588,105,216 bytes free

    133 --- E O F --- 2008-08-08 15:01:20
     
    one278,
    #3
  5. 2008/08/13
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi one278
    OK please do this.

    Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

    Filename: CFScript.txt
    Save As Type: All Files (*.*)

    Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button.
    Click here to see how to use CFScript.txt
    Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log and another fresh HijackThis log.

    Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.

    Code:
    File::
C:\WINDOWS\system32\KarnaeghDrv.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
 "{C60A0B68-1F3A-A1D2-C909-9A11A016D21A} "=-
    Please post the combofix log.

    Let me know if you are still getting the warning.

    Thanks
    Geri
     
    Geri,
    #4
  6. 2008/08/14
    one278

    one278 Inactive Thread Starter

    Joined:
    2008/08/12
    Messages:
    16
    Likes Received:
    0
    Hi Geri
    Yes,I still get the warning from CSI Scan:confused:
    Fresh combo log & HJT log

    ComboFix 08-08-12.01 - Chong 2008-08-14 16:43:29.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.549 [GMT 8:00]
    Running from: C:\Documents and Settings\Chong\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Chong\Desktop\CFScript.txt
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    C:\WINDOWS\system32\KarnaeghDrv.dll
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\KarnaeghDrv.dll

    .
    ((((((((((((((((((((((((( Files Created from 2008-07-14 to 2008-08-14 )))))))))))))))))))))))))))))))
    .

    2008-08-13 16:49 . 2008-08-13 16:49 <DIR> d-------- C:\Program Files\Trend Micro
    2008-08-11 20:54 . 2008-08-11 21:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-08-11 20:53 . 2008-08-11 20:53 <DIR> d-------- C:\Program Files\Common Files\Download Manager
    2008-08-11 20:53 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2008-08-11 18:23 . 2008-08-11 18:23 17,408 --a------ C:\WINDOWS\system32\drivers\pxark.sys
    2008-08-11 18:22 . 2008-08-11 18:22 <DIR> d-------- C:\Program Files\PrevxCSI
    2008-08-11 18:22 . 2008-08-13 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
    2008-08-11 16:37 . 2008-08-11 16:37 58,863,582 --a------ C:\SYM_REGISTRY_BACKUP.reg
    2008-07-14 16:03 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-07-14 16:03 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-07-14 16:02 . 2008-07-14 16:02 <DIR> d-------- C:\Documents and Settings\Administrator
    2008-07-14 16:02 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-08-14 08:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
    2008-08-13 08:30 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-08-13 08:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-08-13 08:09 --------- d-----w C:\Program Files\Symantec_Client_Security
    2008-08-13 08:07 --------- d-----w C:\Program Files\Symantec
    2008-08-13 08:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
    2008-08-13 08:02 --------- d-----w C:\Program Files\SaxoCM
    2008-07-14 09:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-07-14 09:02 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-07-14 01:58 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-05 03:30 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
    2008-07-05 03:30 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
    2008-07-05 03:30 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
    2008-06-28 08:29 --------- d-----w C:\Documents and Settings\Chong\Application Data\febooti software
    2008-06-28 08:24 --------- d-----w C:\Program Files\Windows Live Toolbar
    2008-06-28 08:10 --------- d-----w C:\Program Files\febooti ieZoom
    2008-06-28 08:00 --------- d-----w C:\Program Files\Zoom Tool
    2008-06-28 07:18 --------- d-----w C:\Program Files\ZoomAView
    2008-06-28 06:54 --------- d-----w C:\Program Files\Imgv32
    2008-06-27 07:55 --------- d-----w C:\Program Files\Font Xplorer
    2008-06-26 03:48 --------- d-----w C:\Program Files\AVG
    2008-06-26 03:48 --------- d-----w C:\Documents and Settings\Chong\Application Data\AVGTOOLBAR
    2008-06-26 03:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
    2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-16 12:31 --------- d-----w C:\Documents and Settings\Chong\Application Data\SaxoCM
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]
    "swg "= "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 11:29 68856]
    "ParetoLogic Anti-Spyware "= "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" [2007-10-25 02:59 2643312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
    "WheelMouse "= "C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe" [2005-09-29 10:25 176128]
    "QuickTime Task "= "C:\Program Files\QuickTime\qttask.exe" [2007-03-07 22:19 282624]
    "NvCplDaemon "= "C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 14:16 5058560]
    "nwiz "= "nwiz.exe" [2003-10-06 14:16 741376 C:\WINDOWS\system32\nwiz.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe "= "C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 20:00 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
    Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-07 11:29:18 125624]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs "=avgrsstx.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe "=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
    "C:\\Program Files\\MSN Messenger\\msncall.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe "=
    "C:\\Program Files\\Java\\jre1.5.0_11\\bin\\javaw.exe "=
    "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\javaw.exe "=
    "C:\\Program Files\\ChartNexus\\chartnexus.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
    "C:\\WINDOWS\\system32\\dpvsetup.exe "=

    R0 pxark;pxark;C:\WINDOWS\system32\drivers\pxark.sys [2008-08-11 18:23]
    R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-05 11:30]
    R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-05 11:30]
    R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-05 11:30]
    R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-05 11:30]
    R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-08-11 18:22]
    S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2005-09-21 16:27]
    S3 dump_wmimmc;dump_wmimmc;C:\Program Files\WIZET\MapleStory\GameGuard\dump_wmimmc.sys []
    .
    Contents of the 'Scheduled Tasks' folder

    2006-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-09-19 17:36]

    2008-08-05 C:\WINDOWS\Tasks\Pareto UNS.job
    - C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe []

    2007-10-06 C:\WINDOWS\Tasks\XoftSpy.job
    - C:\Program Files\XoftSpy\XoftSpy.exe []
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-08-14 16:46:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Completion time: 2008-08-14 16:50:31 - machine was rebooted [Chong]
    ComboFix-quarantined-files.txt 2008-08-14 08:50:26
    ComboFix2.txt 2008-08-13 08:42:51

    Pre-Run: 73,609,216,000 bytes free
    Post-Run: 73,602,826,240 bytes free

    138 --- E O F --- 2008-08-08 15:01:20


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:57:18 PM, on 8/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\PrevxCSI\prevxcsi.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\PrevxCSI\prevxcsi.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENSG/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.singnet.com.sg:8080
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
    O3 - Toolbar: febooti ie&Zoom - {605F5EB4-E40B-4000-BD60-70CF5494ED9F} - C:\Program Files\febooti ieZoom\ieZoom.dll
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) - http://mail.lycos.com/hanmail-ax/AttachMail.cab
    O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: CSIScanner - Prevx - C:\Program Files\PrevxCSI\prevxcsi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - http://info.channelnewsasia.com/bb/templates/subSilver/images/icon_minipost.gif

    --
    End of file - 5869 bytes
     
    one278,
    #5
  7. 2008/08/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi
    Please do this.

    Click Start>Run in the run box copy and paste or type ComboFix /u then hit Enter to uninstall ComboFix and remove the files/folders it created. This action will also reset the System Restore points, removing the infected files there as well.


    Download ATF Cleaner by Atribune and save it to your Desktop.
    This is a good tool to get rid of the temporary garbage you pick up while surfing the net.
    Double click ATF-Cleaner.exe to run the program.
    Check the boxes to the left of:

    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache
    Recycle bin

    The rest are optional - if you want it to remove everything check "Select All ".
    Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.


    Please do an online scan with Kaspersky WebScanner

    Click on "Accept" If your pop "“up blocker blocks any windows from opening.

    Click Run on the window that opens.
    Windows Vista users you must open the web browser using the Run as Administrator command.
    • The program will launch and then begin downloading the latest definition files:
    • Under Scan on the left side.Click on My Computer
    • This will start the program and scan your system.
    • Click the "Scan Report" On the left side.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Click the Save Report As button, and in the Browse dialog box, type a name for the scan report file that you want to create and select its type Text file. Click OK to save the file.:
    • Save the text file to your desktop.
    • Copy and paste that information in your next post.

    Please post the Kaspersky results.

    Thanks
    Geri
     
    Geri,
    #6
  8. 2008/08/14
    one278

    one278 Inactive Thread Starter

    Joined:
    2008/08/12
    Messages:
    16
    Likes Received:
    0
    Hi Geri
    Looks clean:cool:so my computer is clean and safe now? thanks!

    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7 REPORT
    Thursday, August 14, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Thursday, August 14, 2008 12:59:47
    Records in database: 1093196
    --------------------------------------------------------------------------------

    Scan settings:
    Scan using the following database: extended
    Scan archives: yes
    Scan mail databases: yes

    Scan area - My Computer:
    A:\
    C:\
    D:\

    Scan statistics:
    Files scanned: 46321
    Threat name: 0
    Infected objects: 0
    Suspicious objects: 0
    Duration of the scan: 00:54:24

    No malware has been detected. The scan area is clean.

    The selected area was scanned.
     
    one278,
    #7
  9. 2008/08/14
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi one278
    Yes Kaspersky says it's clean. please do a scan with the program you use that was giving you the warning and make sure you don't get the warning any more.

    Let me know.

    Thanks
    Geri
     
    Geri,
    #8
  10. 2008/08/15
    one278

    one278 Inactive Thread Starter

    Joined:
    2008/08/12
    Messages:
    16
    Likes Received:
    0
    Hi Geri
    Yes i dont get the warning anymore,so everything is fine now?Thanks
     
    one278,
    #9
  11. 2008/08/15
    Geri Lifetime Subscription

    Geri Inactive Alumni

    Joined:
    2003/03/02
    Messages:
    4,580
    Likes Received:
    7
    Hi one278
    You're welcome.

    Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Spyware and Virus Removal Forums.
    http://www.windowsbbs.com/showthread.php?t=67958

    I'll mark this one resolved.

    Surf Safely
    Geri
     
    Geri,
    #10

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...