1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: zapchast.reg

Discussion in 'Virus & Other Malware Removal' started by cmpep2, Jun 29, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. cmpep2

    cmpep2 Thread Starter

    Joined:
    Jun 29, 2007
    Messages:
    4
    Hi guys.

    Somehow I seem to have contracted this Trojan. I've done a full system MacAfee check, and ran numerous Spyware and Adware removal programs, but every time I reboot, McAfee gives me the news that a.bat has been cleaned of zapchast.reg, so I guess I'm not rid of it.

    My HJT log is;

    Logfile of HijackThis v1.99.1
    Scan saved at 23:45:40, on 29/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\system32\winupdate.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\svchost.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [winupdate] winupdate.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
    O4 - HKLM\..\RunServices: [winupdate] winupdate.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


    Any help would be greatly appreciated!
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome

    Download the Trial version of Superantispyware Pro (SAS):
    http://www.superantispyware.com/superantispyware.html?rid=3132


    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new Hijack This log.
     
  3. cmpep2

    cmpep2 Thread Starter

    Joined:
    Jun 29, 2007
    Messages:
    4
    Many thanks for your swift reply.

    SUPERAntiSpyware didn't seem to find anything, and on rebooting, McAfee still found zpachast.reg. SUPERAntiSpyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/30/2007 at 00:02 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3143
    Trace Rules Database Version: 1159

    Scan type : Complete Scan
    Total Scan Time : 00:05:00

    Memory items scanned : 389
    Memory threats detected : 0
    Registry items scanned : 6193
    Registry threats detected : 0
    File items scanned : 2998
    File threats detected : 0

    New hjt:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:12:31, on 30/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\winupdate.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [winupdate] winupdate.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
    O4 - HKLM\..\RunServices: [winupdate] winupdate.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    I dunno if the SAS didnt find anything as I'd recently ran Adware programs or whatever. I picked a good time to contract my virus - why do the problems alays come when you're hard up against a deadline?! Again - many thanks if you can help.
     
  4. cmpep2

    cmpep2 Thread Starter

    Joined:
    Jun 29, 2007
    Messages:
    4
    A-ha!

    I thought it was odd SAS didnt throw anything up, so I re-ran it when I woke up this morning. Found a lot.

    SAS log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 06/30/2007 at 10:56 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 02:19:19

    Memory items scanned : 384
    Memory threats detected : 0
    Registry items scanned : 6183
    Registry threats detected : 2
    File items scanned : 133892
    File threats detected : 163

    Trojan.WinUpdate
    [winupdate] C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
    C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
    [winupdate] C:\WINDOWS\SYSTEM32\WINUPDATE.EXE
    C:\WINDOWS\Prefetch\WINUPDATE.EXE-0F50C4F5.pf

    Adware.Tracking Cookie
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][3].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][3].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil pearso[email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][4].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][4].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][3].txt
    C:\Documents and Settings\Phil Pearson\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][2].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][1].txt
    C:\Documents and Settings\Phil Pearson\Local Settings\Temp\Cookies\phil [email protected][2].txt

    Trojan.Windows/32
    C:\WINDOWS\SYSTEM32\WINDOWS.EXE
    C:\WINDOWS\Prefetch\WINDOWS.EXE-21AD1048.pf

    New hjt log:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:21:34, on 30/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
    c:\program files\mcafee.com\vso\mcvsshld.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    c:\program files\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.6.0\bin\jusched.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    C:\Program Files\btbb_wcm\McciTrayApp.exe
    C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\Program Files\BT Home Hub\Help\bin\mpbtn.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fumbbl.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...b/*http://uk.docs.yahoo.com/info/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\BTHOME~1\Help\SMARTB~1\BTHelpNotifier.exe
    O4 - HKLM\..\Run: [btbb_wcm_McciTrayApp] C:\Program Files\btbb_wcm\McciTrayApp.exe
    O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ctfmon] C:\WINDOWS\system32\dlg\ctfmon.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
    O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\BT Broadband Talk Softphone\BTSoftphone.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BT Broadband Desktop Help.lnk = C:\Program Files\BT Home Hub\Help\bin\matcli.exe
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?6fd86af3eebf44e28fcdf9976952b2e
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?6fd86af3eebf44e28fcdf9976952b2e
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    Upon rebooting after SAS dealt with what it found - McAfee didn't find zapcharst.reg in a.bat. Maybe it's been gotten rid of? Or maybe I'm over optimistic..
     
  5. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    It looks okay now. Anymore problems or detections?
     
  6. cmpep2

    cmpep2 Thread Starter

    Joined:
    Jun 29, 2007
    Messages:
    4
    Nope - seems all fixed up. Many thanks for your help - for whatever reason SAS seemed to work better than the handful of other programs I ran. I had visions of my Thesis going up in a puff of smoke! When I get employed, I'll be sure to make a small donation. ;)
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    (y)

    Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.

    Restart your computer.

    Turn System Restore back on and create a restore point.

    To create a restore point:

    Single-click Start and point to All Programs.
    Mouse over Accessories, then System Tools, and select System Restore.
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

    You can mark your thread "Solved" from the Thread Tools drop down menu.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/590046

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice