Originally Posted by
PuntoSporting
O2 - BHO: (no name) - {72AC6865-B1D3-4C32-A27B-4B3BF04DE655} - C:\DOCUME~1\MMian\LOCALS~1\Temp\tacsmw.dat
O2 - BHO: (no name) - {F32F8ECD-6CF3-459D-82F2-9738392C85A8} - C:\DOCUME~1\MMian\LOCALS~1\Temp\tacsmw.dat
O4 - HKLM\..\Run: [svcps] C:\WINDOWS\Web\svcps.exe
O4 - HKLM\..\Run: [wmscat] C:\WINDOWS\AppPatch\wmscat.exe
O4 - HKLM\..\Run: [*wmscat] C:\WINDOWS\AppPatch\wmscat.exe
O4 - HKLM\..\RunOnce: [*wmscat] C:\WINDOWS\AppPatch\wmscat.exe rerun
Right, i'm puttin me money on that
wmscat.exe the lil c**t what it is... when i get rid of it usin Hijack this, it just comes back, if i "end process" from Task Manager it flashes back up straight away, about 9MB in size.
Spybot doesnt pick it up tho, however it does pick up "ATLEvents" which is somethin that i do not know about.
Hmmm...