Took me a while, but I got through everything that you said to do. Here are the logs that you asked me to post:
Logfile of HijackThis v1.99.1
Scan saved at 4:09:35 PM, on 05/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.mapleglobal.com/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: Yahoo! Graffiti -
http://download.game...ts/y/grt5_x.cabO16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://www.truedoc.c...ex/tdserver.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) -
http://www.powerflas...in/powerres.cabO16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://appldnld.m7z....iTunesSetup.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://www.shockwave...aploader_v5.cabO21 - SSODL: Civilization II Multiplayer Gold Edition - {138EFF43-E964-FBCE-88C4-23302C94BC96} - c:\program files\microprose software\civilization ii multiplayer gold edition\esayh32.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
===================================================
smitRem log file
version 2.3
by noahdfear
The current date is: 05/08/2005
The current time is: 14:35:40.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run Files Present
~~~ Program Files ~~~
SpySheriff
~~~ Shortcuts ~~~
Install.dat
~~~ Favorites ~~~
Online Pharmacy.url
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
desktop.html
~~~ Drive root ~~~
winstall.exe
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post-run Files Present
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Wininet.dll ~~~
CLEAN!

====================================================
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:15:06 PM, 05/08/2005
+ Report-Checksum: EFFCA48E
+ Scan result:
C:\Program Files\MicroProse Software\Civilization II Multiplayer Gold Edition\esayh32.dll -> TrojanDownloader.Murlo.ar : Ignored
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Adocean : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay s
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Lindsay Searles\Cookies\lindsay
[email protected][1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ARCU8G2W\load02[1].exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y9PDDAP0\loadppc[1].exe -> TrojanDropper.Small.abx : Cleaned with backup
C:\Program Files\Internet Explorer\wskkeuyy.exe -> TrojanDownloader.Delf.cb : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.RiskWare.Downloader.PopCap.a : Cleaned with backup
C:\WINDOWS\htmlsync.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\sys4947.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4948.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4949.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4951.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4952.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4953.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4954.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchosthook.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system32\abirvalg32.dll -> TrojanProxy.Small.cn : Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\WINDOWS\system32\isystem.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\ldriver.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\TCPService2.exe -> TrojanDownloader.Agent.kx : Cleaned with backup
C:\WINDOWS\system32\ucsi.exe -> TrojanDropper.Agent.hc : Cleaned with backup
C:\WINDOWS\system32\unhtmhlp.exe -> TrojanDropper.Small.wa : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanDropper.Small.acg : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux : Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\zlibc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
::Report End
====================================================
Incident Status Location
Adware:adware/xplugin No disinfected C:\WINDOWS\SYSTEM32\tksrv99.exe
Adware:adware/adsmart No disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/admess No disinfected C:\WINDOWS\SYSTEM32\WStart.dll
Adware:adware/mediatickets No disinfected Windows Registry
Adware:Adware/MediaTickets No disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
Adware:Adware/PurityScan No disinfected C:\WINDOWS\system32\Shex.exe
Adware:Adware/Adsmart No disinfected C:\WINDOWS\system32\vxgame6.exe
Virus:Trj/Agent.AFI Disinfected C:\WINDOWS\system32\vxh8jkdq2.exe
Adware:Adware/Admess No disinfected C:\WINDOWS\system32\WStart.dll
====================================================
Overall, my computer is acting MUCH better, and the SpySheriff problems seem to have been removed.
Thank you very much, the help was greatly appreciated. I definately couldn't have done that on my own.