Little Green Monsters

[schwa75]

I keep getting green words that lead to some sort of "sponsor link" this is the URL that it displays (http://69.42.87.218/cgi-bin/ezlclk.fcgi?id=9954). I was wondering if maybe someone could help me remove it from my comp...ty in advance. This is my hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:01:18 AM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\progra~1\softwin\bitdef~2\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~2\bdswitch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPRV10.EXE
C:\DOCUME~1\JASONB~1.SCH\LOCALS~1\Temp\Rar$EX00.73 1\HijackThis.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\progra~1\softwin\bitdef~2\bdmcon.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\wisptis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.mec.i.midamerican.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r4.attbi.com;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtP DF.dll
O2 - BHO: (no name) - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - (no file)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsh70.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtP DF.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~2\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~2\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~2\bdswitch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt3_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://www.comcastsupport.com/sdccom...ad/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {0D3983A9-4E29-4F33-8313-DA22B29D3F87} (QuickBooks Online Edition Utilities Class v6) - https://accounting.quickbooks.com/v10.099/qboax6.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab27571.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minib...ansporter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/120e0d3ef16e057...zip/RdxIE6.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132810731991
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.getdway.com/dwayready/dpcsysinfo.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://rtc1.webresponse.one.microsof.../TLIEFlash.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab27571.cab
O16 - DPF: {C3C9CB67-F453-479A-9AB0-94AE65F2EB2F} (QuickBooks Online Edition Import Utilities Class v3) - https://accounting.quickbooks.com/v10.099/qboimax3.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab27758.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/web.../java/RntX.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/dj/qdiagh.cab?306
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yaho...bio5_1_3_0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Thanks for any help anyone can give!

[WhatYouWant]

Welcome to CTH, schwa75.

Before we start working with your log, you are running Hijack This from a temporary location. If we leave it where it is, backups will not be saved so lets move the file to it's own folder in C:\Program Files.

To do this, go here:
http://www.cybertechhelp.com/download/file/move-hijack-this

and download Move_HijackThis.vbs to your Desktop.

Doubleclick on Move_hijackthis.vbs to run it. If you get a warning about a malicious script, please ignore that and allow this to run. This file was written by Mosaic1. She is a Hijack Advisor here and an expert in malware removal.

When the script has finished running, it will start Hijackthis from its new location in C:\Program Files\Hijackthis\hijackthis.exe. To run Hijack This next time, please go to C:\Programs Files or use the Run box.

----------------------------------------------

Download the trial version of Ewido Security Suite from here.

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido (there should be an icon on your desktop doubleclick it). The program will now go to the main screen. You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet.

Close Internet Explorer and any open windows and run Hijack This again. Check the below entries and click on Fix Checked:


O2 - BHO: (no name) - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - (no file)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - C:\WINDOWS\system32\nsh70.dll

O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Close HijackThis and navigate to C:\Windows\Downloaded Program Files and delete all you dont need.

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts).

Run Ewido now. Click on Scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido.

Post back a new HijackThis log as well as the Ewido one, please.

[schwa75]

Ok, here we go...

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:43 PM, on 2/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\progra~1\softwin\bitdef~2\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\progra~1\softwin\bitdef~2\bdnagent.exe
C:\progra~1\softwin\bitdef~2\bdswitch.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.mec.i.midamerican.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.r4.attbi.com;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Bart Station] C:\Program Files\ISP40\hta\station.sbrt
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder\OrderReminder. exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BDMCon] c:\progra~1\softwin\bitdef~2\bdmcon.exe
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\progra~1\softwin\bitdef~2\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~2\bdswitch.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Handspring\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://rtc1.webresponse.one.microsof.../TLIEFlash.CAB
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

edwido log to follow [too big to fit ]

[schwa75]

ewdio log Part 1

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:27:58 PM, 2/22/2006
+ Report-Checksum: B85EED7C

+ Scan result:

HKLM\SOFTWARE\Classes\BHO.Adware -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Adware.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CLSID -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider\CurVer -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\BHO.Hider.1 -> Adware.Ezula : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.amo -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.amo\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.amo\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.amo.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.iiittt -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.iiittt\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.iiittt\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.iiittt.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.momo -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.momo\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.momo\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.momo.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.ohb -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.ohb\CLSID -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.ohb\CurVer -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\trfdsk.ohb.1 -> Adware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Netstat -> Adware.Ezula : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{55BE9F0D-6CAF-4C3E-B125-5A13A8C9D0EC} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3 -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3\eeennn -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3\kkws -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3\ppops -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3\reel -> Adware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-162025716-2106517767-3757435101-1005\Software\_rtneg3\ssites -> Adware.Begin2Search : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@a.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ads.enliven[1].txt -> TrackingCookie.Enliven : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@baby.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@download.com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-accenture.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-amtransair.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-aol.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-aon.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-attenza.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-attworldnet.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-bizjournals.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-bmwna.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-cafepress.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-chrysler.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-citrixonline.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-comcast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-dexmediainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-interval.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-j2.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-olympus.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-pennwell.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-peoplepc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-register.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-researchinmotion.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-sonyelec.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-sonyny.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-summitprojects.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-trilegiant.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg-zentropypartners.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@ehg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@gator[2].txt -> TrackingCookie.Gator : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@phg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup

[schwa75]

C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@www3.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@xxxcounter[2].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Cookies\jason b. schwartz@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@ehg-amtransair.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jason B. Schwartz\Local Settings\Temp\Cookies\jason b. schwartz@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@banner.clubdi cecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@clubdicecasin o[1].txt -> TrackingCookie.Clubdicecasino : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-attworldnet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-autodesk.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-bizjournals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-citrixonline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-legalzoom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-pennwell.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@ehg-register.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@questionmarke t[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@servedby.adve rtising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@server.iad.li veperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\jschwartz\Cookies\jschwartz@web4.realtrac ker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@7search[2].txt -> TrackingCookie.7search : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@baby.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@blp.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@centrport[2].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wfkygpdjggp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjk4khajwlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjkoepcjscq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjl4qjd5cbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjliondjolp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjnycnajmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@e-2dj6wjnygpd5cep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-attworldnet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-autozone.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-directv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-newsinternational.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-professionalequipment.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@ehg-yamahamotors.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@rccl.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@spinbox[1].txt -> TrackingCookie.Spinbox : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Matt Bishop\Cookies\matt bishop@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20060222-114951-849.dll -> Adware.Beginto : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP866\A0167465.exe -> Adware.Beginto : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP867\A0167546.dll -> Adware.Beginto : Cleaned with backup

[schwa75]

ewdio log (last part)

C:\WINDOWS\SYSTEM32\b2search.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsjF.dll -> Adware.EZula : Cleaned with backup


::Report End

[WhatYouWant]

OK. How is running the computer now?

[schwa75]

The mal ware is gone. The only thing going on now is under Processes, I have "System Idle Process" running >90% of CPU, causing system slowdowns, fans running all the time, etc. Don't know if the issues are releated.

Thanks for all the help!

[WhatYouWant]

You're welcome schwa75

About System Idle Process: its the inactivity of the processor. See here:
http://forum.osnn.net/showthread.php?t=783

[schwa75]

Thanks Stonangel.

The system seems to have quited down this morning - was running cideamon.exe (sp??). I read it was some type of indexing program. I let it run all night and now the system seems quite normal.

This is a great forum! Thanks again!

[WhatYouWant]

You're welcome