[crimsoncuda]

Here you go:

Logfile of HijackThis v1.99.1
Scan saved at 9:04:17 PM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\toshiba\ivp\ISM\pinger.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ISM\pinger.exe /run
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1115312308842
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

-----About:Buster log------

Scanned at: 8:07:59 PM on: 5/28/2005


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:58:26 PM, 5/28/2005
+ Report-Checksum: 4B030F71

+ Date of database: 5/29/2005
+ Version of scan engine: v3.0

+ Duration: 42 min
+ Scanned Files: 53569
+ Speed: 20.83 Files/Second
+ Infected files: 23
+ Removed files: 23
+ Files put in quarantine: 23
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\

+ Scan result:
C:\Program Files\Common Files\Java\flenclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Common Files\Java\flnclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Common Files\Java\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\Program Files\Common Files\zzqm\zzqmp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\Program Files\Fln\flnclean.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\Fln\Uninst.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\Program Files\tvs\tvs_re_inst.exe -> Spyware.TopMoxie -> Cleaned with backup
C:\WINDOWS\system32\atiupdate5.exe -> Spyware.Adtomi.e -> Cleaned with backup
C:\WINDOWS\system32\bde3d_refp3.dll -> Spyware.BrillianDigital -> Cleaned with backup
C:\WINDOWS\system32\calsdr.exe -> TrojanDropper.Small.ff -> Cleaned with backup
C:\WINDOWS\system32\chktrust.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\fcxfqyad.exe -> TrojanDropper.Agent.ii -> Cleaned with backup
C:\WINDOWS\system32\flsmngr.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\instsrv.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\kavdfwru.exe -> TrojanDropper.Agent.ka -> Cleaned with backup
C:\WINDOWS\system32\kxvkkmby.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\lcinstaller.exe -> Spyware.WinAD -> Cleaned with backup
C:\WINDOWS\system32\nliyxefk.exe -> Spyware.Quaq -> Cleaned with backup
C:\WINDOWS\system32\spoolsrv32.exe -> Spyware.FindSpy.e -> Cleaned with backup
C:\WINDOWS\system32\srpcsrv32.dll -> TrojanDownloader.Adload.g -> Cleaned with backup
C:\WINDOWS\system32\termbdfc.dll -> Backdoor.Srvlite -> Cleaned with backup
C:\WINDOWS\system32\tv2.dll -> TrojanDropper.Miewer.a -> Cleaned with backup
C:\WINDOWS\system32\xrxpesxo.exe -> TrojanDropper.Small.wv -> Cleaned with backup


::Report End

[Advertisements]

How is it running?

[coachwife6]

How is it running?

[crimsoncuda]

It seems to be running good. However, one thing I've noticed is that my Internet Explorer has two Yahoo! companion search toolbars. How do I get rid of those?

[coachwife6]

Run Hijack This and put a check mark next to it.

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll

[crimsoncuda]

Thank you very much for your help, I don't know how you find the time to help all these people, but we're all very grateful for people like you. I don't have much money to give because we're saving up for the wedding, but I'll be sending you a donation shortly.

[coachwife6]

Thank you very much. It was not necessary, but very much appreciated. I'm glad I could be of assistance. I feel as if it is one of my missions in life.

Is everything running OK?

I hope you have a blessed wedding and an even more blessed marriage.

Congratulations! Your system is CLEAN

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.
1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox .
2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.