Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virus Burster


  • Please log in to reply
2 replies to this topic

#1 RickyC

RickyC

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 29 October 2006 - 10:55 AM

Hi -

Please help.

I have managed to get infected with the Virus Burster annoying thing (I think it is a Zlob variant) that keeps popping up in my tray to tell me that I need virus software - when you click the balloon it takes you to Virus Burster website.

I have tried uninstalling, deleting and rebooting.
I have tried running Sophos anti virus, Ad Aware SE, Spybot S&D but it is still there.

Any help or advice gratefully received.

RC

Inspiron 9300
Windows XP

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:06:21 PM

Posted 29 October 2006 - 11:32 AM

BC has just issued a self-help guide for the removal of Virusburster:

http://www.bleepingcomputer.com/forums/t/70074/how-to-remove-virusburster-or-virusbursters-removal-instructions/

This will walk you step-by-step through the removal process.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 eaton9999

eaton9999

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:21 PM

Posted 08 November 2006 - 12:40 PM

Thank you for the info in this post. I was able to remove the Virusburster occurance by following it. Though I didn't find any of the keys nor files/folders to remove I was still successful. My HJT, RAPPORT and COMBOFIX logs are appended below.

If you are able to inspect my HJT file for anomalies still remaining I'd be grateful.

Thanks again!

+++
HJT LOGFILE FOLLOWS:

Logfile of HijackThis v1.99.1
Scan saved at 12:32:44 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Apache\bin\ApacheMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Apache\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Apache\bin\httpd.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Documents\downloads\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {274c0420-ebe0-4f1d-b473-edd1aa9b85dd} - C:\Program Files\iVideoCodec\isaddon.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [AVG7_RegCleaner] C:\PROGRA~1\Grisoft\AVG7\avgregcl.exe /BOOT
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe /NoDialog
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache\bin\ApacheMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1157063526545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1157074871078
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multicastmedia.com/common/m...MINIBrowser.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...866/mcfscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Program Files\Apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

+++++
RAPPORT LOGFILE FOLLOWS:

SmitFraudFix v2.119

Scan done at 11:56:31.17, Wed 11/08/2006
Run from C:\Documents and Settings\Dave\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}"="bonspells"

[HKEY_CLASSES_ROOT\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{11853d5f-f894-4cc7-bbc3-fc7a9dcfd896}\InProcServer32]
@="C:\WINDOWS\system32\okkmtv.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\okkmtv.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\okkmtv.dll -> Deleted


Deleting infected files

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\iVideoCodec\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End

+++++
COMBOFIX LOGFILE FOLLOWS:
Dave - 06-11-08 12:09:30.59 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Dave\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-08 to 2006-11-08 ))))))))))))))))))))))))))))))))))


2006-11-08 11:56 2,590 --a------ C:\WINDOWS\system32\tmp.reg
2006-10-31 21:46 18,816 --a------ C:\WINDOWS\system32\drivers\dvd43llh.sys
2006-10-20 08:13 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-10-20 08:13 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-20 08:13 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-08 12:07 -------- d-------- C:\Documents and Settings\Dave\Application Data\AVG7
2006-11-05 11:55 -------- d-------- C:\Program Files\Quicken
2006-11-05 11:46 -------- d-------- C:\Program Files\Common Files
2006-11-05 11:45 -------- d-------- C:\Program Files\Common Files\Palo Alto Software
2006-11-05 11:45 -------- d-------- C:\Documents and Settings\Dave\Application Data\Intuit
2006-11-05 11:40 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-05 11:40 -------- d-------- C:\Program Files\Common Files\Intuit
2006-11-05 10:44 -------- d-------- C:\Program Files\Apple Software Update
2006-10-31 21:46 -------- d-------- C:\Program Files\dvd43
2006-10-31 12:33 -------- d-------- C:\Documents and Settings\Dave\Application Data\Ahead
2006-10-31 12:29 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-31 12:23 -------- d-------- C:\Program Files\Common Files\Ahead
2006-10-31 12:16 -------- d-------- C:\Program Files\Nero
2006-10-31 12:14 -------- d-------- C:\Program Files\Ahead
2006-10-31 10:48 -------- d-------- C:\Program Files\DivX
2006-10-31 09:57 -------- d-------- C:\Documents and Settings\Dave\Application Data\VSO_HWE
2006-10-31 09:23 -------- d-------- C:\Program Files\X Software
2006-10-31 09:20 -------- d-------- C:\Documents and Settings\Dave\Application Data\Mozilla
2006-10-26 21:36 -------- d---s---- C:\Documents and Settings\Dave\Application Data\Microsoft
2006-10-20 08:15 -------- d-------- C:\Documents and Settings\Dave\Application Data\DivX
2006-10-18 10:26 -------- d-------- C:\Program Files\Netgear WGX102 Configuration Utility
2006-10-18 10:25 -------- d-------- C:\Program Files\QuickTime
2006-10-18 10:25 -------- d-------- C:\Program Files\iTunes
2006-10-18 10:25 -------- d-------- C:\Program Files\iPod
2006-10-10 09:39 -------- d-------- C:\Program Files\Better File Series
2006-10-06 09:49 -------- d-------- C:\Program Files\WinZip
2006-10-05 09:12 -------- d-------- C:\Program Files\MSECache
2006-10-05 09:12 -------- d-------- C:\Program Files\Microsoft Office
2006-10-05 09:12 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-03 09:40 -------- d-------- C:\Documents and Settings\Dave\Application Data\Help
2006-10-02 10:04 2837998 --a------ C:\Documents and Settings\Dave\Application Data\NMM-MetaData.db
2006-10-02 10:04 -------- d-------- C:\Documents and Settings\Dave\Application Data\Nokia Multimedia Player
2006-10-02 09:09 -------- d-------- C:\Documents and Settings\Dave\Application Data\Apple Computer
2006-09-30 10:53 -------- d-------- C:\Program Files\nLite
2006-09-29 09:53 -------- d-------- C:\Program Files\Smart Projects
2006-09-28 10:12 -------- d-------- C:\Documents and Settings\Dave\Application Data\DataLayer
2006-09-28 10:09 -------- d-------- C:\Documents and Settings\Dave\Application Data\Nokia
2006-09-28 10:07 -------- d-------- C:\Program Files\DIFX
2006-09-28 10:06 -------- d-------- C:\Program Files\Nokia
2006-09-28 10:06 -------- d-------- C:\Program Files\Common Files\PCSuite
2006-09-28 10:06 -------- d-------- C:\Program Files\Common Files\Nokia
2006-09-28 10:06 -------- d-------- C:\Documents and Settings\Dave\Application Data\PC Suite
2006-09-26 13:44 -------- d-------- C:\Program Files\PC MightyMax
2006-09-25 23:16 -------- d-------- C:\Program Files\Electronic Arts
2006-09-25 09:08 -------- d-------- C:\Program Files\Digital Immersion Software
2006-09-24 23:36 -------- d-------- C:\Documents and Settings\Dave\Application Data\WeatherStudio Desktop
2006-09-24 19:08 -------- d-------- C:\Program Files\RegCleaner
2006-09-22 22:54 -------- d-------- C:\Program Files\Apache
2006-09-20 11:22 -------- d-------- C:\Program Files\MySQL
2006-09-15 11:59 -------- d-------- C:\Documents and Settings\Dave\Application Data\Adobe
2006-09-13 00:01 1084416 --------- C:\WINDOWS\system32\msxml3.dll
2006-09-10 09:54 -------- d-------- C:\Program Files\FlexiSIGN-PRO 7.5v4
2006-09-08 09:03 47360 --a------ C:\WINDOWS\system32\drivers\Pcouffin.sys
2006-09-04 21:14 223 -rahs---- C:\MSDOS.SYS
2006-09-01 22:00 60416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-08-31 21:56 1418 --a------ C:\Documents and Settings\Dave\Application Data\AdobeDLM.log
2006-08-31 21:56 0 --a------ C:\Documents and Settings\Dave\Application Data\dm.ini
2006-08-31 17:16 0 -rahs---- C:\IO.SYS
2006-08-31 17:16 0 --a------ C:\CONFIG.SYS
2006-08-31 17:16 0 --a------ C:\AUTOEXEC.BAT
2006-08-31 01:09 62 --ahs---- C:\Documents and Settings\Dave\Application Data\desktop.ini
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PCSync2.exe /NoDialog"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgemc.exe"
"AVG7_RegCleaner"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgregcl.exe /BOOT"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"dvd43"="C:\\Program Files\\dvd43\\dvd43_tray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-11-08 12:11:34.92
C:\ComboFix.txt ... 06-11-08 12:11

+++END OF POST+++




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users