Need Help Again

[Salih15]

Hi mate,
Here is the log from my second computer..need help again..
Thanks in adwance..Cheers.

Best Regards.

Logfile of HijackThis v1.99.1
Scan saved at 11:43:40 PM, on 11/28/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\FIREWALL\PNMSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\TPSRV9X.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\ANTISPAM\PSKMSSVC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KEYHOOK.EXE
C:\WINDOWS\SYSTEM\MDMS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ZIPGENIUS 6\ZIPGENIUS.EXE
C:\MY DOCUMENTS\SALIH15\HIJACKTHIS\HIJACKTHIS_SFX\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.5 x.full-tgp.net
O1 - Hosts: 127.0.0.5 counter.sexmaniack.com
O1 - Hosts: 127.0.0.5 autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.autoescrowpay.com
O1 - Hosts: 127.0.0.5 www.awmdabest.com
O1 - Hosts: 127.0.0.5 www.sexfiles.nu
O1 - Hosts: 127.0.0.5 awmdabest.com
O1 - Hosts: 127.0.0.5 sexfiles.nu
O1 - Hosts: 127.0.0.5 allforadult.com
O1 - Hosts: 127.0.0.5 www.allforadult.com
O1 - Hosts: 127.0.0.5 www.iframe.biz
O1 - Hosts: 127.0.0.5 iframe.biz
O1 - Hosts: 127.0.0.5 www.newiframe.biz
O1 - Hosts: 127.0.0.5 newiframe.biz
O1 - Hosts: 127.0.0.5 www.vesbiz.biz
O1 - Hosts: 127.0.0.5 vesbiz.biz
O1 - Hosts: 127.0.0.5 www.pizdato.biz
O1 - Hosts: 127.0.0.5 pizdato.biz
O1 - Hosts: 127.0.0.5 www.awmcash.biz
O1 - Hosts: 127.0.0.5 awmcash.biz
O1 - Hosts: 127.0.0.5 buldog-stats.com
O1 - Hosts: 127.0.0.5 www.buldog-stats.com
O1 - Hosts: 127.0.0.5 fregat.drocherway.com
O1 - Hosts: 127.0.0.5 slutmania.biz
O1 - Hosts: 127.0.0.5 www.slutmania.biz
O1 - Hosts: 127.0.0.5 toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.toolbarpartner.com
O1 - Hosts: 127.0.0.5 www.megapornix.com
O1 - Hosts: 127.0.0.5 megapornix.com
O1 - Hosts: 127.0.0.5 www.sp2****ed.biz
O1 - Hosts: 127.0.0.5 sp2****ed.biz
O1 - Hosts: 127.0.0.5 greg-tut.com
O1 - Hosts: 127.0.0.5 www.greg-tut.com
O1 - Hosts: 127.0.0.5 nylonsexy.com
O1 - Hosts: 127.0.0.5 www.nylonsexy.com
O1 - Hosts: 127.0.0.5 vparivalka.com
O1 - Hosts: 127.0.0.5 www.vparivalka.com
O1 - Hosts: 127.0.0.5 iframeprofit.com
O1 - Hosts: 127.0.0.5 www.iframeprofit.com
O1 - Hosts: 127.0.0.5 topsearch10.com
O1 - Hosts: 127.0.0.5 www.topsearch10.com
O1 - Hosts: 127.0.0.5 statscash.biz
O1 - Hosts: 127.0.0.5 www.statscash.biz
O1 - Hosts: 127.0.0.5 vxiframe.biz
O1 - Hosts: 127.0.0.5 www.vxiframe.biz
O1 - Hosts: 127.0.0.5 crazy-toolbar.com
O1 - Hosts: 127.0.0.5 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.5 topcash.biz
O1 - Hosts: 127.0.0.5 www.topcash.biz
O1 - Hosts: 127.0.0.5 loadcash.biz
O1 - Hosts: 127.0.0.5 www.loadcash.biz
O1 - Hosts: 127.0.0.5 txiframe.biz
O1 - Hosts: 127.0.0.5 www.txiframe.biz
O1 - Hosts: 127.0.0.5 procounter.biz
O1 - Hosts: 127.0.0.5 www.procounter.biz
O1 - Hosts: 127.0.0.5 advadmin.biz
O1 - Hosts: 127.0.0.5 www.advadmin.biz
O1 - Hosts: 127.0.0.5 trafficbest.net
O1 - Hosts: 127.0.0.5 www.trafficbest.net
O1 - Hosts: 127.0.0.5 besthvac.com
O1 - Hosts: 127.0.0.5 www.besthvac.com
O1 - Hosts: 127.0.0.5 traff4.com
O1 - Hosts: 127.0.0.5 www.traff4.com
O1 - Hosts: 127.0.0.5 ambush-script.com
O1 - Hosts: 127.0.0.5 www.ambush-script.com
O1 - Hosts: 127.0.0.5 beehappyy.biz
O1 - Hosts: 127.0.0.5 www.beehappyy.biz
O1 - Hosts: 127.0.0.5 tracktraff.cc
O1 - Hosts: 127.0.0.5 www.tracktraff.cc
O1 - Hosts: 127.0.0.5 allcount.net
O1 - Hosts: 127.0.0.5 www.allcount.net
O1 - Hosts: 127.0.0.5 onedayoffer.biz
O1 - Hosts: 127.0.0.5 www.onedayoffer.biz
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Windows Security] C:\WINDOWS\SYSTEM\gdi3vldr.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PANDASCHEDULER] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Pavsched.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PNMSRV] C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\FIREWALL\PNMSRV.EXE
O4 - HKLM\..\RunServices: [TPSrv9x] "C:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv9x.exe"
O4 - HKLM\..\RunServices: [Panda Antispam Engine] C:\PROGRAM FILES\PANDA SOFTWARE\PANDA PLATINUM 2006 INTERNET SECURITY\ANTISPAM\PSKMSSVC.EXE
O4 - HKCU\..\Run: [Free Internet Window Washer] C:\PROGRAM FILES\WINDOW WASHER\CLEARPCH.EXE -Start
O4 - HKCU\..\Run: [Windows Security] C:\WINDOWS\SYSTEM\gdi3vldr.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O21 - SSODL: IEFilter - {70A1A9E0-9D5B-11DC-83C8-0004E24F1CC4} - C:\WINDOWS\system\IEFilter.dll
O21 - SSODL: Windows Security - {723A9960-9D5B-11DC-83C8-0004E24F1CC4} - C:\WINDOWS\SYSTEM\wow3ox32.dll (file missing)
O21 - SSODL: Module - {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} - C:\WINDOWS\SYSTEM\chp.dll (file missing)

 

[Buzz1927]

That's another nasty one, I'll get to it tomorrow, getting late here.

 

[Salih15]

That's another nasty one, I'll get to it tomorrow, getting late here.

Thankyou very much mate. Cheers.

 

[Buzz1927]

Print these instructions or save them in Notepad for use in safemode.

[*]Download the Killbox.
[*]Unzip it to the desktop but do NOT run it yet.
[*]Then reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Once in safemode, run Hijackthis and select "Do a system scan only", place a check by the following entries.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
O4 - HKLM\..\Run: [Windows Security] C:\WINDOWS\SYSTEM\gdi3vldr.exe
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system\mdms.exe
O4 - HKCU\..\Run: [Windows Security] C:\WINDOWS\SYSTEM\gdi3vldr.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\SYSTEM\ibm00001.exe"
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\SYSTEM\paytime.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O4 - HKCU\..\RunServices: [aupd] C:\WINDOWS\SYSTEM\sywsvcs.exe
O21 - SSODL: IEFilter - {70A1A9E0-9D5B-11DC-83C8-0004E24F1CC4} - C:\WINDOWS\system\IEFilter.dll
O21 - SSODL: Windows Security - {723A9960-9D5B-11DC-83C8-0004E24F1CC4} - C:\WINDOWS\SYSTEM\wow3ox32.dll (file missing)
O21 - SSODL: Module - {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} - C:\WINDOWS\SYSTEM\chp.dll (file missing)

Close all open windows and browsers, and hit "Fix Checked".

[*]Then run Killbox.
[*]Click "Delete on Reboot".
[*]Paste the following into the top "Full Path of File to Delete" box.

• 
  C:\secure32.html

[*]Click the red-and-white "Delete File".
[*]Click "Yes" at the Delete on Reboot prompt.
[*]Click "No" at the Pending Operations prompt.

Do the same for these files.

C:\WINDOWS\SYSTEM\gdi3vldr.exe
c:\windows\system\mdms.exe
C:\WINDOWS\SYSTEM\ibm00001.exe
C:\WINDOWS\SYSTEM\paytime.exe
C:\WINDOWS\SYSTEM\sywsvcs.exe
C:\WINDOWS\system\IEFilter.dll
C:\WINDOWS\SYSTEM\wow3ox32.dll
C:\WINDOWS\SYSTEM\chp.dll

After the last one, reboot to normal mode and post a new Hijackthis log.

 

[Salih15]

Logfile of HijackThis v1.99.1
Scan saved at 9:39:08 PM, on 11/30/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\PCCIOMON.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\PCCPFW.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KEYHOOK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\PCCGUIDE.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\PCCCLIENT.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\POP3TRAP.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SISTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PC-CILLIN 2002\WEBTRAP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS_SFX\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\SYSTEM\keyhook.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCIOMON.exe] "C:\Program Files\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [SunServer] C:\PROGRAM FILES\COUNTERSPY\sunserver.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [PCCIOMON.exe] "C:\Program Files\PC-cillin 2002\PCCIOMON.exe"
O4 - HKLM\..\RunServices: [PCCPFW] C:\Program Files\PC-cillin 2002\PCCPFW.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Utility Tray.lnk = C:\WINDOWS\SYSTEM\sistray.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

 

[Buzz1927]

Looks good now.
Any more problems?

 

[Salih15]

Thankyou very much for your help mate...Cheers.