[itzi]

After I log in and the windows start up I get in a window with the "Spanish version" of the following message:
"Error Loading p2esocks-1015.dll, specific module could not be found".
Can you help me with a solution to this problem please? Thanks!!!

[Smokey]

Welcome to GTG itzi

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

[itzi]

Thanks for replying!

Here's the Hijackthis log:

Logfile of HijackThis v1.98.1
Scan saved at 18:38:16, on 13/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\HCOUNT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\ARCHIVOS DE PROGRAMA\SAVE\SAVE.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\APPLICATION DATA\MBTE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\IMANOL\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.all-find.net/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.all-find.net/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\sys_ext.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SelfHostUtil] C:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\SAVE\Save.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Sexy_es] C:\Program Files\GMSoft\Dialers\Sexy_es\Sexy_es.exe /dontdial
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [nipxirmu.dll] nipalsm.exe nipxirmu.dll
O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
O4 - HKCU\..\Run: [Cdwt] C:\WINDOWS\Application Data\mbte.exe
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\SYSTEM\wnscpsu.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Sm - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SexyMagazineTP (file missing)
O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Archivos de programa\AutoCAD 2002 Esp\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Archivos de programa\AutoCAD 2002 Esp\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Archivos de programa\AutoCAD 2002 Esp\InstBanr.ocx
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Archivos de programa\AutoCAD 2002 Esp\InstFred.ocx
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotic...,0,4/cabdll.cab
O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588} (IntSfTx Class) - http://www.knalweb.c...ialers/dial.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.20...aim/NSupd9x.cab
O16 - DPF: {C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} (TIBSLoader Class) - http://directplugin.com/tl4000.dll
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.solotu.co.../DialerData.cab
O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsorad...WebTelecom2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://05.sharedsour...html/UDConn.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-fl.../ruboskizo2.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://download.onli...m/MaConnect.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} - http://kit.carpediem...ParisVoyeur.exe
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} (Loader Class) - http://dialup.carped...AccesMembre.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/Dial...GDHTML_pack.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} (SCD32 Class) - http://www.dinerotic...,1,0/cabdll.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...IA/dtc32_ES.cab
O16 - DPF: {66446E32-5EB9-4FEC-A06D-F3D88E2D5947} (Download Class) - http://rtb.accesorap.../downloader.cab
O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodiale...istemas3000.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binaries/P2EC...9_1035_pack.cab
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} (IntPagomaster Class) - http://www.especials...07/pagomast.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_ES.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_ES.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_ES.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EC...UTH_1015_ES.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.55.8.132,212.55.8.133

[ditto]

Download the latest version of Ad-Aware from here (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).

After installing AAW, and before running the program, you must FIRST update the reference file following these instuctions. (and you must always do this before you run the program at any later date).

Now do the following:

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:
check: "Unload recognized processes during scanning."

Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:
Check: "Let Windows remove files in use after reboot."

Press "Scan Now"

- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:

Now press "Next" to let Ad-aware scan your drives. It will find a number of spyware files and registry keys. Right-click in that pane and choose "select all"

Now press "Next" again. It will ask you whether you'd like to remove all checked items. Click OK.

Finally, close Ad-Aware, and reboot.

Run Hijack This again and post back a fresh log.

[itzi]

I've already installed Ad-Aware and scanned my computer. If I remove ALL those files, won't it afect to any program I use??

Thank you!!

[admin]

Quote

If I remove ALL those files, won't it afect to any program I use??

Remove everything Ad-aware finds. It won't affect your other programs.

[itzi]

This is the fresh Hijackthis log, after removing all the files Ad-Aware finds. What do I have to do?

Logfile of HijackThis v1.98.1
Scan saved at 18:11:46, on 14/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\HCOUNT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\DXSOUND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\IMANOL\ERROR\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.all-find.net/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.all-find.net/sp.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\sys_ext.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SelfHostUtil] C:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Sexy_es] C:\Program Files\GMSoft\Dialers\Sexy_es\Sexy_es.exe /dontdial
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Apvxdwin.exe" /s
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [nipxirmu.dll] nipalsm.exe nipxirmu.dll
O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Archivos de programa\Panda Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\SYSTEM\wnscpsu.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O9 - Extra button: Sm - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SexyMagazineTP (file missing)
O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) - file://C:\Archivos de programa\AutoCAD 2002 Esp\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) - file://C:\Archivos de programa\AutoCAD 2002 Esp\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Archivos de programa\AutoCAD 2002 Esp\InstBanr.ocx
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Archivos de programa\AutoCAD 2002 Esp\InstFred.ocx
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotic...,0,4/cabdll.cab
O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588} (IntSfTx Class) - http://www.knalweb.c...ialers/dial.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.solotu.co.../DialerData.cab
O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsorad...WebTelecom2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://05.sharedsour...html/UDConn.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) - http://www.juegos-fl.../ruboskizo2.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carped...AccesMembre.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} (SCD32 Class) - http://www.dinerotic...,1,0/cabdll.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...IA/dtc32_ES.cab
O16 - DPF: {66446E32-5EB9-4FEC-A06D-F3D88E2D5947} (Download Class) - http://rtb.accesorap.../downloader.cab
O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) - http://www.infodiale...istemas3000.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EC...9_1035_pack.cab
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} (IntPagomaster Class) - http://www.especials...07/pagomast.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_ES.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_ES.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_ES.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binaries/P2EC...UTH_1015_ES.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 212.55.8.132,212.55.8.133

[ditto]

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.all-find.net/sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.all-find.net/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://www.all-find.net/sp.html
O2 - BHO: (no name) - {00110011-4B0B-44D5-9718-90C88817369B} - C:\WINDOWS\sys_ext.dll (file missing)
O4 - HKLM\..\Run: [Sexy_es] C:\Program Files\GMSoft\Dialers\Sexy_es\Sexy_es.exe /dontdial
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [nipxirmu.dll] nipalsm.exe nipxirmu.dll
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1015.dll,InstantAccess
O9 - Extra button: Sm - {14051602-5C4E-11d6-916B-00E02964E8E3} - C:\WINDOWS\SYSTEM\SexyMagazineTP (file missing)
O16 - DPF: {6ED16EFF-3B18-11D6-9139-00E02964E8E3} (SCDataDialer Class) - http://www.dinerotic...,0,4/cabdll.cab
O16 - DPF: {5DF6FB84-749D-4AAE-AE37-708DE09B0588} (IntSfTx Class) - http://www.knalweb.c...ialers/dial.cab
O16 - DPF: {5C3A9EA6-4068-46B8-8B5A-692FB10607B1} (IntDialerData Class) - http://www.solotu.co.../DialerData.cab
O16 - DPF: {94118C19-B178-4E43-BBE8-0EFDBB391BDB} (SysWebTelecom Class) - http://www.sponsorad...WebTelecom2.cab
O16 - DPF: {D1B80EBF-1A26-4FEC-B0B9-DCB934C6507E} - http://dialup.carped...AccesMembre.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...IA/dtc32_ES.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downlo.../netia32_ES.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_ES.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_ES.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downlo...UTH_1015_ES.cab

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working.

[itzi]

Hi!!

The problem is solved and the message isn't appearing any more!! Thank you very much!!!

This is a fresh HiJackThis log:

Logfile of HijackThis v1.98.1
Scan saved at 19:05:19, on 16/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\HCOUNT.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS
PLATINUM\FIREWALL\PAVFIRES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARCHIVOS DE PROGRAMA\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\LOADQM.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\APVXDWIN.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\ARCHIVOS DE PROGRAMA\PANDA SOFTWARE\PANDA ANTIVIRUS PLATINUM\PAVPROXY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\IMANOL\ERROR\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.es/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\ARCHIVOS DE PROGRAMA\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SelfHostUtil] C:\WINDOWS\selfhost.exe /L
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Archivos de programa\Adaptec\Easy CD
Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Archivos de programa\Panda Software\Panda
Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Archivos de programa\Panda Software\Panda
Antivirus Platinum\Apvxdwin.exe" /s
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P
NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\RunServices: [HiberMonitor] HCount.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Archivos de programa\Panda
Software\Panda Antivirus Platinum\Pavsched.exe"
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [PAVFIRES] "C:\Archivos de programa\Panda
Software\Panda Antivirus Platinum\Firewall\Pavfires.exe"
O4 - HKCU\..\Run: [WNSI] C:\WINDOWS\SYSTEM\wnscpsu.exe
O4 - HKCU\..\Run: [Service Manager] C:\windows\dxsound.exe
O12 - Plugin for .mp3: C:\ARCHIV~1\INTERN~1\PLUGINS\npqtplugin4.dll
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Control AcPreview) -
file://C:\Archivos de programa\AutoCAD 2002 Esp\AcPreview.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Control de AcDcToday) -
file://C:\Archivos de programa\AutoCAD 2002 Esp\AcDcToday.ocx
O16 - DPF: {AE563726-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) -
file://C:\Archivos de programa\AutoCAD 2002 Esp\InstBanr.ocx
O16 - DPF: {1F831FA6-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) -
file://C:\Archivos de programa\AutoCAD 2002 Esp\InstFred.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
- http://messenger.zon...MineSweeper.cab
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) -
http://05.sharedsour...html/UDConn.cab
O16 - DPF: {4B6015E7-3ABB-45DC-96B7-55A843751F28} (IntRuboskizo2 Class) -
http://www.juegos-fl.../ruboskizo2.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class)
- http://messenger.zon...ireShowdown.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: Yahoo! Pool 2 -
http://download.game...ts/y/potc_x.cab
O16 - DPF: {3ECF916F-A5DE-4DD4-A142-B35A29DC2EDB} (SCD32 Class) -
http://www.dinerotic...,1,0/cabdll.cab
O16 - DPF: {66446E32-5EB9-4FEC-A06D-F3D88E2D5947} (Download Class) -
http://rtb.accesorap.../downloader.cab
O16 - DPF: {DF7A9F1F-E06B-4BE7-A27E-1BE7EA5AFC1C} (Infosistemas Class) -
http://www.infodiale...istemas3000.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} -
http://akamai.downloadv3.com/binaries/P2EC...9_1035_pack.cab
O16 - DPF: {6986A6CF-9D58-11D6-91C2-00E02964E8E3} (IntPagomaster Class) -
http://www.especials...07/pagomast.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer =
212.55.8.132,212.55.8.133


I have no idea about how HiJackThis works, but I still see some things in the log which seem dangerous or, at least, useless (the most of them related to "adult" sites). Maybe what I say has no sense at all, but, if it has, could you please take another look to the log? Thanks anyway!!

[admin]

Quote

I have no idea about how HiJackThis works, but I still see some things in the log which seem dangerous or, at least, useless (the most of them related to "adult" sites).

If you're referring to entries in your O16's, go ahead and fix them. Those are just "browser plug-ins". If they're needed by a legitmate site you'll be prompted to download them.

Looks like you have a trojan. Please run a free trojan scan here:
http://www.moosoft.com/

When you're finished reboot and post a fresh log.