Ok, I'm at a friends PC and have tried to remove some annoying spyware.
Hijackthis Log:
Logfile of HijackThis v1.97.7
Scan saved at 02:50:18, on 08/30/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.e
xe
C:\WINDOWS\system32\winlog
on.exe
C:\WINDOWS\system32\servic
es.exe
C:\WINDOWS\system32\lsass.
exe
C:\WINDOWS\system32\svchos
t.exe
C:\WINDOWS\System32\svchos
t.exe
C:\WINDOWS\system32\spools
v.exe
j:\PROGRA~1\Grisoft\AVG6\a
vgserv.exe
C:\WINDOWS\System32\nvsvc3
2.exe
C:\WINDOWS\Explorer.EXE
J:\Program Files\Grisoft\AVG6\avgcc32
.exe
J:\Program Files\iTunes\iTunesHelper.
exe
C:\WINDOWS\System32\ctfmon
.exe
C:\WINDOWS\System32\devldr
32.exe
J:\Program Files\iPod\bin\iPodService
.exe
J:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\wuaucl
t.exe
C:\WINDOWS\System32\wuaucl
t.exe
C:\Documents and Settings\Dale Miller\Desktop\HijackThis.
exe
R1 - HKCU\Software\Microsoft\In
ternet Explorer\SearchURL,(Defaul
t) =
http://search.yahoo.com/search?p=%sR0 - HKCU\Software\Microsoft\In
ternet Explorer\Main,Local Page =
www.yahoo.co.ukO2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7
695ECA0567
0} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-7
84B7D6BE0B
3} - i:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH
elper.ocx
O2 - BHO: (no name) - {136a9d1d-1f4b-43d4-8359-6
f238244925
5} - (no file)
O2 - BHO: (no name) - {1F48AA48-C53A-4E21-85E7-A
C7CC6B5FFB
2} - C:\WINDOWS\mscgbc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-0
0A0C908246
7} - C:\WINDOWS\System32\msdxm.
ocx
O4 - HKLM\..\Run: [AVG_CC] J:\Program Files\Grisoft\AVG6\avgcc32
.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.
dll,NvStar
tup
O4 - HKLM\..\Run: [iTunesHelper] J:\Program Files\iTunes\iTunesHelper.
exe
O4 - HKLM\..\Run: [SBHC] C:\Program Files\SuperBar\sbhc.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\tcposmod.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon
.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Alarm Master.lnk = J:\Program Files\BrigSoft\AlarmMaster
\AlarmMast
er.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = J:\Program Files\blueyonder IST\bin\matcli.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C
0A14556272
C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {14B87622-7E19-4EA8-93B3-9
7215F77A6B
C} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cabO16 - DPF: {30528230-99F7-4BB4-88D8-F
A1D4F56A2A
B} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst0309.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4
DFAD1796A8
D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-2
2031317559
2} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab30149.cabO16 - DPF: {CAFEEFAC-0014-0001-0002-A
BCDEFFEDCB
A} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
4455354000
0} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F
4CA977D564
3} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab30149.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0
090271D4F8
8} (Yahoo! Companion) -
http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-5
87CAF3EE8C
6} (MSN Chat Control 4.5) -
http://chat.msn.com/bin/msnchat45.cabI tried using Lavasoft Adaware to remove most objects but there are 2 problems:
1) When scanning, windows pops up a box saying something about "System RPC Failed" and it will reboot thwe system in 1 minute. this usually means the scan can't be finished. If I abort the scan at the current time and clean all files already scanned, it takes out WinSock. This kills all internet access and the only way to restore it is to restore the quarantined files in Adaware. Any suggestions greatly appreciated.
500 points is because it's coming up to 3am and I'd like to get home some time soon so, answers with alacrity please 8-D
