Sorry to bother you with this, but if I click on "Scan your PC" on the panda software website, the window comes up, but is immediately removed. I checked here and there, but have no idea which guard that I installed is preventing this window from coming up. Any idea?

Try this one. Alot of people have trouble with that one

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:[list]
• Scan using the following Anti-Virus database:

Extended (if available otherwise Standard)

• Scan Options:

Scan Archives
Scan Mail Bases

[*]Click OK
[*]Now under select a target to scan:

Select My Computer

[*]This will program will start and scan your system.
[*]The scan will take a while so be patient and let it run.
[*]Once the scan is complete it will display if your system has been infected.

• Now click on the Save as Text button:

[*]Save the file to your desktop.
[*]Copy and paste that information in your next post.

Same problem when I hit the "online scanner" button.
If I do the same with mozilla, there is no problem (also no problem with Panda), but it seems that microsoft explorer is required to do the scan.
Is it possible that the internet explorer is corrupt in some way?

btw: I just did a scan with Ewido: Look2Me is still present :-(

Let me see the Ewido report if you have it. I think it may just be registry entries or thingd in the Killbox folder(i hope)

And this may be a dumb question but are you allowing the active x to be installed and try disabling ad watch and spyware guard and see if that helps if not Just post the Ewido report and lets see what it finds. I dont think your IE is broke though

This post has been edited by loophole: Dec 16 2005, 05:41 PM

No, it was not a dumb question
The kaspersky thing is now running.
In the meantime, here are the results of ewido that ran last night:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:00:28, 17/12/2005
+ Report-Checksum: 9CC24B87

+ Scan result:

C:\!KillBox\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\i460lejm1hoa.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\jt2q07f5e.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\kyda3.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\mv60l9jm1.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\rwcns4.dll -> Spyware.Look2Me : Cleaned with backup
C:\!KillBox\txd32.dll -> Spyware.Look2Me : Cleaned with backup


::Report End

Fieuw!
That took some time to run.
It looks like not everybody has left the building yet ;-)

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, December 17, 2005 16:51:02
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 17/12/2005
Kaspersky Anti-Virus database records: 165616
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 120529
Number of viruses found: 25
Number of infected objects: 82
Number of suspicious objects: 0
Duration of the scan process: 23667 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780000.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780002.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780003.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780004.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780005.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780006.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780007.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780008.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780009.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000A.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000B.VBN Infected: Trojan-Downloader.Win32.Small.byf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000C.VBN Infected: Packed.Win32.Klone.b
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000D.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000E.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0878000F.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780010.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780011.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780012.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780013.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780014.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780015.VBN Infected: Trojan-Downloader.Win32.Small.buh
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.cf
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0001.VBN Infected: Trojan-Downloader.Win32.Zlob.br
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0002.VBN Infected: Trojan-Downloader.Win32.Zlob.br
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A0C0003.VBN Infected: not-a-virus:Downloader.Win32.Spax.a
C:\install.exe Infected: Trojan-Dropper.Win32.Agent.aed
C:\Program Files\Common Files\mrwq\mrwql.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Program Files\Common Files\VCClient\installer.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP510\A0098474.exe Infected: Trojan-Downloader.Win32.Zlob.cf
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP511\A0098953.exe Infected: Trojan-Downloader.Win32.Zlob.cc
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102172.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102175.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102176.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102177.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102178.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102180.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102181.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102182.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102188.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102190.exe Infected: not-virus:Hoax.Win32.Renos.ae
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102191.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102193.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102222.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102230.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102254.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102255.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102261.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102444.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102447.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102458.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102476.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP514\A0102477.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102525.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102526.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102527.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102528.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102535.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102552.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP515\A0102553.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0102789.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0102790.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0102802.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0102817.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0102818.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0104832.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP518\A0104833.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0104872.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106919.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106927.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106932.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106933.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106957.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106958.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106959.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106960.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106961.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\System Volume Information\_restore{025383FA-625F-412F-B757-56B6C9BB8E21}\RP520\A0106962.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab
C:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
C:\WINDOWS\system32\msctl32.dll Infected: SpamTool.Win32.Mailbot.j
C:\WINDOWS\system32\scmt16.exe Infected: Trojan-Downloader.Win32.PassAlert.d
C:\WINDOWS\tool4.exe Infected: Trojan.Win32.Agent.mo

Scan process completed.

Great the look2me is dead. The dierections below should clean all of those entries except whats in the norton recycle bin which are no threat


Turn off System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.

Pocket Killbox

• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  
  C:\WINDOWS\system32\msctl32.dll
  C:\WINDOWS\system32\scmt16.exe
  C:\WINDOWS\tool4.exe
  C:\WINDOWS\secure32.html
  C:\Program Files\Common Files\mrwq
  C:\Program Files\Common Files\VCClient\installer.exe
  
  
  
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


After the reboot

Turn ON System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check *Turn off System Restore*.
• Click Apply, and then click OK.

Post a new hijack log and tell me how your system is running now.

Thanks

Hi,

the system is running well; no popups or strange things.
So I guess this is it? They're dead? I hope so!

Another question: for the moment I'm running Spyware Guard and Ad-watch. Are both needed or is one of them sufficient?

here's the Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 21:02:57, on 17/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\drivers\trcboot.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\c4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\nutsrv4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\vnxserv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\c4ebreg\c4ebreg.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\System32\drivers\ldlcserv.exe
C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MAGICW~1\MulMouse.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IBM\Infoprint Select\ipnotify.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\c4ebreg\isamtray.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\SpywareHandling\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.255.170.65:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;31.*;<local>
O1 - Hosts: xtplus.net
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\c4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SoDA Startup] C:\Program Files\Rational\SoDAWord\Wizards\SodaStartup.exe StartUp
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Program Files\Rational\Rational Test\nutcroot\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EasySync Pro - LtNts4] C:\Program Files\Common Files\XCPCSync\Translators\LtNts4\NtsAgent.exe
O4 - HKLM\..\Run: [EasySync Pro - 3CmPlm] C:\Program Files\Common Files\XCPCSync\Translators\3CmPlm\AutoDet.exe
O4 - HKLM\..\Run: [EasySync Pro] C:\Program Files\Common Files\XCPCMenu.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Versato] C:\PROGRA~1\MAGICW~1\MulMouse.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyTotalSearch Email Plugin] C:\PROGRA~1\MYTOTA~1\bar\1.bin\mtsoemon.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: &Google Zoeken - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Woord vertalen in het Nederlands - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Add Person to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddPersonN.html
O8 - Extra context menu item: Add Picture to NotesBuddy... - C:\Program Files\IBM\NotesBuddy\AddImageN.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Gelijkwaardige pagina's - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: Dexia Netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095175385826
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-3.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/installers/si/1/sinstaller.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.wisup.net/albumsperso/Marques_B...geUploader3.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3-3.ibm.com/tools/print/plugin/gpwsx.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = wol.be.ibm.com,be.ibm.com,ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = wol.be.ibm.com,be.ibm.com,ibm.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - C:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\c4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: ldlcserv - Unknown owner - C:\WINDOWS\System32\drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Rational ClearQuest Mail Service (MailService) - Unknown owner - C:\Program Files\Rational\ClearQuest\mailservice.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Prime95 Service - Unknown owner - C:\Program Files\Prime95\prime95.exe (file missing)
O23 - Service: ProxyServer Service (ProxyServerService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpxsr.exe
O23 - Service: Rational Test Agent Service (RationalTestAgentService) - Rational Software - C:\Program Files\Rational\Rational Test\rtpsvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
O23 - Service: Vsclient Service (VnxService) - Unknown owner - C:\WINDOWS\system32\vnxserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Theres no harm in using both You can uninstall Ewido now unless you are going to purchase it

Below is a recommendation of the tools I like. You alrady have adaware and spyware guard Spybot and spywareblaster are also good and wont conflict with what you already have.

Congratulations
your system is clean

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

1. Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
   
2. AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
   
3. SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
   
4. SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
   
5. IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
   
6. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
   
7. Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
   
8. Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
   
9. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Well, what a relief! You probably already have a truckload of this, but nevertheless: thank you soooooooooo much! I'm really astonished that there are people like you spending so much effort in cleaning this mess up ...
So thanks again, and keep up the good work!

David

No problem, Glad I could help

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.