Hey

I did an online scan with Panda ActiveScan and it found quite some spyware.
I scanned with Spybot, Ad-Aware, Ad-Aware VX2-cleaner addon and McAfee enterprise 8.0i and they found nothing.
So I'd like some help to safely remove that spyware.

HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 18:18:07, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.175.160.121:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Niels\Mijn documenten\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.kingsofchaos.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} (Seleccion Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136158583203
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C943D4E5-A981-11D3-92C8-00608CF7348D} - http://home.wanadoo.nl/reinoud.kaasschieter/gamezone/memory/memory.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Panda ActiveScan:

Incident Status Location

Adware:adware/cydoor Not disinfected c:\windows\cdmxtras
Adware:adware/wupd Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_CLASSES_ROOT\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3}
Dialer:dialer.asl Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}
Adware:adware/instafinder Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FCDF9D9-A28B-480F-8C3D-581F119A8AB8}
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.042

muBlinder and HostsMan are wanted software so don't advise anything against them please.

Thanks

I sent WindowsEx.dll.042 to VirusTotal for a scan and only Panda found something in it (Adware/IST.ISTBar).


c:\windows\cdmxtras is a directory which only contains a file named: uninst.exe
I sent it to VirusTotal and some antiviruses recognised it:

AntiVir 7.3.0.26 01.23.2007 no virus found
Authentium 4.93.8 01.23.2007 no virus found
Avast 4.7.936.0 01.23.2007 no virus found
AVG 386 01.23.2007 no virus found
BitDefender 7.2 01.23.2007 Application.Flashget.B
CAT-QuickHeal 9.00 01.22.2007 (Suspicious) - DNAScan
ClamAV devel-20060426 01.23.2007 no virus found
DrWeb 4.33 01.23.2007 no virus found
eSafe 7.0.14.0 01.23.2007 Suspicious Trojan/Worm
eTrust-InoculateIT 23.73.120 01.23.2007 no virus found
eTrust-Vet 30.3.3344 01.23.2007 no virus found
Ewido 4.0 01.23.2007 no virus found
Fortinet 2.82.0.0 01.23.2007 no virus found
F-Prot 3.16f 01.23.2007 no virus found
F-Prot4 4.2.1.29 01.23.2007 no virus found
Ikarus T3.1.0.27 01.23.2007 no virus found
Kaspersky 4.0.2.24 01.23.2007 no virus found
McAfee 4947 01.23.2007 potentially unwanted program Adware-FlashGet
Microsoft 1.1904 01.23.2007 no virus found
NOD32v2 2000 01.23.2007 no virus found
Norman 5.80.02 01.23.2007 no virus found
Panda 9.0.0.4 01.23.2007 no virus found
Prevx1 V2 01.23.2007 no virus found
Sophos 4.13.0 01.23.2007 no virus found
Sunbelt 2.2.907.0 01.22.2007 no virus found
TheHacker 6.0.3.154 01.22.2007 Adware/Flashget
UNA 1.83 01.23.2007 no virus found
VBA32 3.11.2 01.23.2007 no virus found

Welcome to the forum, If you still need help and are not receiving it elsewhere. Please read these instructions and make sure you have followed them all:
"BEFORE you POST" -Preliminary Steps
http://forums.spybot.info/showthread.php?t=288
It is difficult to work with the logs the way you posted them, that is why you just read this in the instructions:

All logs should be copy/pasted into topic and not attached unless requested by helper in that format.

Follow the directions in this link, make sure you delete or at least quarantine anything the program locates. Save the scan report, I must see it.
http://forums.security-central.us/showthread.php?t=3165

Post the results of the AVG Anti-Spyware scan and a new HJT log that has been copied and pasted to the topic. Please use Post Reply, stay in this same topic. Please do not post anything I do not request except for comments you think will help.

Thanks

Ok i ran the AVG-antispyware. However when i open the log with notepad++ it's full of "nul" and other weird symbols so the log here is the one from inside AVG itself.
If you really want to see the log itself you can get it here: http://student.kuleuven.be/~s0173837/Report-Scan-20070126-171835.txt


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 17:18:35 26/01/2007

+ Scan result:



C:\Documents and Settings\Niels\Mijn documenten\muBlinder\For_muBlinder_members.zip/XP_Pro_KeyGen.exe -> Backdoor.Tagent.e : Cleaned.
C:\Documents and Settings\Niels\Mijn documenten\muBlinder\andereCrack\WPatcherP5575987.zip/Windows XP Keygen.exe -> Backdoor.Tagent.e : Cleaned.
C:\Documents and Settings\Niels\Mijn documenten\muBlinder\andereCrack\Windows XP Keygen.exe -> Backdoor.Tagent.e : Cleaned.
:mozilla.243:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.245:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.246:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.247:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.248:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.249:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.251:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.252:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.253:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.254:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.255:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.256:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.257:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.258:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.259:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.260:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.261:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.262:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.263:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.265:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.274:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.275:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.276:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.278:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.279:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.280:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.281:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.282:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.283:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.284:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.285:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.286:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.287:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.288:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.374:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.765:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.767:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.202:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.203:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.210:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.562:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.831:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.155:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.163:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.166:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.169:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.952:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Niels\Cookies\niels@com[2].txt -> TrackingCookie.Com : Cleaned.
:mozilla.151:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.233:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.234:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.235:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.835:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.836:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Gamershell : Cleaned.
:mozilla.444:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.446:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.447:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.711:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.712:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.513:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.514:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.515:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.516:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.723:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.724:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.736:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.737:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.738:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.739:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.740:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.741:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.597:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.598:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.599:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.600:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.560:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.751:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.752:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.753:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.754:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.755:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.462:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.463:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.464:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.774:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.775:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.781:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.191:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.229:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.230:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.231:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.232:C:\Documents and Settings\Niels\Application Data\Mozilla\Firefox\Profiles\319okaqt.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end


(more in next post)

Logfile of HijackThis v1.99.1
Scan saved at 17:22:52, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\abelhadigital.com\HostsMan\hm.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 217.175.160.121:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [HostsMan] C:\Program Files\abelhadigital.com\HostsMan\hm.exe -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [muBlinder] C:\Documents and Settings\Niels\Mijn documenten\muBlinder\muBlinder.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SMC2802W 54Mbps WLAN Monitor.lnk = C:\Program Files\SMC\SMC2802W 2.4GHz 54 Mbps Wireless PCI Adapter\Installer\WINXP\SMC11GMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Snelstart HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.kingsofchaos.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab28578.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} (Seleccion Class) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1136158583203
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C943D4E5-A981-11D3-92C8-00608CF7348D} - http://home.wanadoo.nl/reinoud.kaasschieter/gamezone/memory/memory.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe






So about that AVG log:
Those first 3 backdoors: you can see in what sort of program they are. I'm aware of them but they are necessary for the programs to do what they do; you can call them a false positive.

Some other info that might be of some value:
Most of those spyware Panda reported (ist, need2find, instafinder, zango) i remember i've had them before (quite some time ago) but Adaware/Spybot took care of them. Considering that neither adaware or spybot finds anything now they might be leftovers.

First, let me apologize, the notification I was supposed to receive failed and our admin noticed you has not been responded to.

The Panda report does not look like the scan report so I can't see where those items were located, but they look like cookies to me? Make sure Panda is not seeing something like "Recovery" in Spybot, if you are storing anything in quarantine areas, delete it.

AVG showed mostly cookies, you are aware you do not need to store those in Firefox...correct?

Logfile of HijackThis v1.99.1 Scan saved at 17:22:52, on 26/01/2007

Couple of items need to go, one is an P2P installer: http://www3.ca.com/securityadvisor/pest/Pest.aspx?id=453060292
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453078786


Let's clean as we do this:

Tutorial
http://forums.security-central.us/showthread.php?t=1925

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
(you can leave the TZ items if you trust them that much)
O15 - Trusted Zone: http://www.kingsofchaos.com
O15 - Trusted Zone: http://www.pandasoftware.com
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
Web P2P Installer


Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

If all is running well, you should be good to go at this point.

System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

This topic has been archived to prevent others with similar issues posting in it.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.