There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
adware audio bios blue screen boot bsod card computer crash dell driver drivers error excel firefox freeze google hard drive hardware hijackthis install internet laptop linux malware network no sound outlook problem reboot recovery redirect router screen server slow sound speakers spyware startup trojan usb video virus vista windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Solved: zapchast.reg (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
cmpep2's Avatar
Junior Member with 4 posts.
  
Join Date: Jun 2007
29-Jun-2007, 06:48 PM #1
Solved: zapchast.reg
Hi guys.

Somehow I seem to have contracted this Trojan. I've done a full system MacAfee check, and ran numerous Spyware and Adware removal programs, but every time I reboot, McAfee gives me the news that a.bat has been cleaned of zapchast.reg, so I guess I'm not rid of it.

My HJT log is;

Logfile of HijackThis v1.99.1
Scan saved at 23:45:40, on 29/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\winupdate.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdate] winupdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\RunServices: [winupdate] winupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


Any help would be greatly appreciated!
Register for free to hide this ad!
Cheeseball81's Avatar
Moderator with 74,169 posts.
  
Join Date: Mar 2004
Location: New York
29-Jun-2007, 06:53 PM #2
Hi and welcome

Download the Trial version of Superantispyware Pro (SAS):
http://www.superantispyware.com/supe....html?rid=3132


Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new Hijack This log.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
cmpep2's Avatar
Junior Member with 4 posts.
  
Join Date: Jun 2007
29-Jun-2007, 07:13 PM #3
Many thanks for your swift reply.

SUPERAntiSpyware didn't seem to find anything, and on rebooting, McAfee still found zpachast.reg. SUPERAntiSpyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2007 at 00:02 AM

Application Version : 3.9.1008

Core Rules Database Version : 3143
Trace Rules Database Version: 1159

Scan type : Complete Scan
Total Scan Time : 00:05:00

Memory items scanned : 389
Memory threats detected : 0
Registry items scanned : 6193
Registry threats detected : 0
File items scanned : 2998
File threats detected : 0

New hjt:

Logfile of HijackThis v1.99.1
Scan saved at 00:12:31, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\winupdate.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winupdate] winupdate.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\RunServices: [winupdate] winupdate.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

I dunno if the SAS didnt find anything as I'd recently ran Adware programs or whatever. I picked a good time to contract my virus - why do the problems alays come when you're hard up against a deadline?! Again - many thanks if you can help.
cmpep2's Avatar
Junior Member with 4 posts.
  
Join Date: Jun 2007
30-Jun-2007, 06:23 AM #4
A-ha!

I thought it was odd SAS didnt throw anything up, so I re-ran it when I woke up this morning. Found a lot.

SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/30/2007 at 10:56 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:19:19

Memory items scanned : 384
Memory threats detected : 0
Registry items scanned : 6183
Registry threats detected : 2
File items scanned : 133892
File threats detected : 163

Trojan.WinUpdate
[winupdate] C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
[winupdate] C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
C:\WINDOWS\Prefetch\WINUPDATE.EXE-0F50C4F5.pf

Adware.Tracking Cookie
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@msnaccountservices.112.2o7[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-iwantoneofthose.hitbox[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-bbc.hitbox[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@kaboose.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@spamblockerutility[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@sexstoriespost[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@sportsad.adbureau[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@uk[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@server.iad.liveperson[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@azoogleads[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adserver.nathell[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@cgi-bin[3].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tradedoubler[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@azjmp[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adrevolver[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.mediamayhemcorp[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@2o7[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@realmedia[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@a[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@fastclick[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@bs.serving-sys[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@atdmt[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tacoda[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@advertising[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@stat.onestat[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@xiti[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.i-am-bored[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@cpvfeed[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adrevolver[3].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@serving-sys[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@apmebf[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@mediaplex[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tremor.adbureau[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.comprabanner[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adbrite[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@statcounter[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-answers.hitbox[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.poweradvertising[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.pointroll[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ad.yieldmanager[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@revsci[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tracking.summitmedia.co[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@stats1.reliablestats[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@bluestreak[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@sdc.rbistats[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adopt.euroclick[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@mediaservices.myspace[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@perf.overture[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@partypoker[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@atwola[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adrevolver[4].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.burstnet[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@cgi-bin[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@casinolasvegas[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@zedo[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@msnportal.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@3.adbrite[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ad1.emediate[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@casalemedia[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.glispa[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@as-us.falkag[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@trafficmp[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adserve.v-store.co[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.addynamix[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@banner.32vegas[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.burstbeacon[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@roiservice[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@cgi-bin[4].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-idgentertainment.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adopt.hbmediapro[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@overture[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adopt.specificclick[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@s[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@microsoftoffice.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@bizrate.co[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adtech[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@phpmv2[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@statse.webtrendslive[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@interclick[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@questionmarket[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@doubleclick[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@91338698[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adultfriendfinder[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-techtarget.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@studenti.adbureau[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@recipe[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@paypal.112.2o7[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads2.firingsquad[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@wtipstricks.122.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@65921[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-bskyb.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@revenue[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@spylog[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@as1.falkag[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ads.adbrite[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@toplist[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@clickbank[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tripod[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@screensavers[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@cassava[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.free-counter.co[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ad.bannerconnect[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@counter.hitslink[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ebooksrus2.tripod[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adverts.digitalspy.co[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@targetnet[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@rotator.adjuggler[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@1064831818[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@try.starware[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@rambler[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@888[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@65913[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@nfluk[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@nfl-london-2007[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@1063224005[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-newscientist.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-legacy.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.sexstoriespost[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@anat.tacoda[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@try.screensavers[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@microsoftgamestudio.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@argos.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tribalfusion[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@i.screensavers[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@1069870899[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@yadro[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@anad.tacoda[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@pwc[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@65121[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@adrevenue[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@specificclick[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@1071221989[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@elsevier-com[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@banner.casinolasvegas[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@h.starware[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@local[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ostg.112.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@tracking.web2corp[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@e2.emediate[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@1069823229[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@247realmedia[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-sigames.hitbox[2].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@www.888[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@livenation.122.2o7[1].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@ehg-dig.hitbox[3].txt
C:\Documents and Settings\Phil Pearson\Cookies\phil pearson@stats[1].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@adopt.hbmediapro[1].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@ads.mininova[1].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@apmebf[2].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@ath.belnk[2].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@belnk[1].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@dist.belnk[2].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@hurricanedigitalmedia[2].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@stats.channel4[1].txt
C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil pearson@usenext[2].txt

Trojan.Windows/32
C:\WINDOWS\SYSTEM32\WINDOWS.EXE
C:\WINDOWS\Prefetch\WINDOWS.EXE-21AD1048.pf

New hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 11:21:34, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
C:\Program Files\btbb_wcm\McciTrayApp.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

Upon rebooting after SAS dealt with what it found - McAfee didn't find zapcharst.reg in a.bat. Maybe it's been gotten rid of? Or maybe I'm over optimistic..
Cheeseball81's Avatar
Moderator with 74,169 posts.
  
Join Date: Mar 2004
Location: New York
30-Jun-2007, 03:27 PM #5
It looks okay now. Anymore problems or detections?
cmpep2's Avatar
Junior Member with 4 posts.
  
Join Date: Jun 2007
30-Jun-2007, 05:40 PM #6
Nope - seems all fixed up. Many thanks for your help - for whatever reason SAS seemed to work better than the handful of other programs I ran. I had visions of my Thesis going up in a puff of smoke! When I get employed, I'll be sure to make a small donation.
Cheeseball81's Avatar
Moderator with 74,169 posts.
  
Join Date: Mar 2004
Location: New York
30-Jun-2007, 11:07 PM #7


Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer.

Turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.
__________________
Microsoft MVP/Windows - Consumer Security
If we've helped you, please donate to TSG
Closed Thread Bookmark and Share

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!

« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 02:50 PM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.