 |  |  |  |  |  |  |  |
RUNDLL error p2esocks_1021.dll
 |
Running Windows XP SP 1
This started showing up soon after elementing a number of viruses from the computer. Every time I log into my profile (but not the others) a message comes up:
Error loading p2esocks_1021.dll
Specific module could not be found
Thanks in advance!
This started showing up soon after elementing a number of viruses from the computer. Every time I log into my profile (but not the others) a message comes up:
Error loading p2esocks_1021.dll
Specific module could not be found
Thanks in advance!
Yes, the file is a component of a malicious program. You must have managed to eliminate the file itself, but not all Registry entries related to the file.
In my sig below is a link to a program called HijackThis, which can detect and remove certain "nasties" from your system. Create a folder such as C:\HijackThis and download the program into that folder. Once done, quit any other programs you have open and run HJT. Just have it scan your system- do not have it fix anything yet! When the scan is done the program will create a log file of what it detected. Save that file in a convenient location, open the file in NotePad, and cut-n-paste the contents of the file here so that we can analyze the results.
In my sig below is a link to a program called HijackThis, which can detect and remove certain "nasties" from your system. Create a folder such as C:\HijackThis and download the program into that folder. Once done, quit any other programs you have open and run HJT. Just have it scan your system- do not have it fix anything yet! When the scan is done the program will create a log file of what it detected. Save that file in a convenient location, open the file in NotePad, and cut-n-paste the contents of the file here so that we can analyze the results.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Telefonica Kit ADSL USB\CnxDslTb.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binarie...1012_ES_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_ES_XP.cab
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Telefonica Kit ADSL USB\CnxDslTb.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downloadv3.com/binarie...1012_ES_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_ES_XP.cab
" O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe"
The above (as well as other entries in your log) indicates that you're still infected with viruses/trojans. For example, have a look at the description of the family of trojans/worms responsible for the "sndcfg.exe" entry:
http://www.f-secure.com/v-descs/sdbot_mb.shtml
Are you absolutely sure you had the lastest virus definition updates when you ran Norton? If not:
- Use Norton's LiveUpdate feature to get the program updated.
- Download Ad Aware, Spybot, and CWShredder (links to the utilities are in my sig). Again- make sure you get the latest versions/updates.
- Unplug your computer's Internet connection! The family of trojans described in the link above will just "phone home" and reinstall themselves if they aren't completely removed.
- Empty all Temp and Temporary Internet Files folders, delete all Cookies, and empty your recycle bin.
- Run CWShredder; it will attempt to fix any CoolWebSearch infections it finds.
- Open Ad Aware and configure it as follows:
Click the “use custom scanning� options, and then click “Customize�
- In Settings, under 'scanning' - have it set to:
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
- In 'tweaks':
Under 'scanning engine', set it to: 'unload recognized processes during scanning.'
Under 'cleaning engine', set it to: 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
- Select 'activate in-depth scan'.
- Run the Ad Aware scan, select all items it finds, have it fix then, and reboot.
- Run SpyBot, let it fix everything it finds, and reboot.
- Run a full system scan with Norton anti-virus.
- Reconnect to the Internet and use the Windows Update function to install all of the latest critical fixes/security updates. Reboot.
- Run HJT again and post a (hopefully clean) new log.
The above (as well as other entries in your log) indicates that you're still infected with viruses/trojans. For example, have a look at the description of the family of trojans/worms responsible for the "sndcfg.exe" entry:
http://www.f-secure.com/v-descs/sdbot_mb.shtml
Are you absolutely sure you had the lastest virus definition updates when you ran Norton? If not:
- Use Norton's LiveUpdate feature to get the program updated.
- Download Ad Aware, Spybot, and CWShredder (links to the utilities are in my sig). Again- make sure you get the latest versions/updates.
- Unplug your computer's Internet connection! The family of trojans described in the link above will just "phone home" and reinstall themselves if they aren't completely removed.
- Empty all Temp and Temporary Internet Files folders, delete all Cookies, and empty your recycle bin.
- Run CWShredder; it will attempt to fix any CoolWebSearch infections it finds.
- Open Ad Aware and configure it as follows:
Click the “use custom scanning� options, and then click “Customize�
- In Settings, under 'scanning' - have it set to:
'scan within archives,'
'scan active processes,'
'scan registry,'
'deepscan registry'
'scan my IE Favourites for banned URL's,'
'scan my host's file.'
- In 'tweaks':
Under 'scanning engine', set it to: 'unload recognized processes during scanning.'
Under 'cleaning engine', set it to: 'Automatically try to unregister objects prior to deletion' & 'let Windows remove files in use at next reboot.'
- Select 'activate in-depth scan'.
- Run the Ad Aware scan, select all items it finds, have it fix then, and reboot.
- Run SpyBot, let it fix everything it finds, and reboot.
- Run a full system scan with Norton anti-virus.
- Reconnect to the Internet and use the Windows Update function to install all of the latest critical fixes/security updates. Reboot.
- Run HJT again and post a (hopefully clean) new log.
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Done all that and this is what i got:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Telefonica Kit ADSL USB\CnxDslTb.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_ES_XP.cab
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exe
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\Telefonica Kit ADSL USB\CnxDslTb.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1012.dll,InstantAccess
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_ES_XP.cab
•
•
Join Date: Feb 2004
Posts: 10,035
Reputation: 
Solved Threads: 761
Unzip HJT into it's own permanent folder before doing anything in order for it to create backups. (Not a temporary folder or directly on the desktop (in a folder on the desktop is fine) & not directly on your hard drive). Close all (browser) windows & rescan with hijackthis. When the scan is finished place a check in the box to the left of the following entries & click 'fix checked' :
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exeReboot normally after doing the above then post a fresh log please.
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_ES_XP.cab
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\Program Files\websx-folder
C:\WINDOWS\System32\mloow.exe-file
C:\WINDOWS\System32\kszlf.exe-file
O4 - HKLM\..\Run: [Win32 USB2 Driver] smsc.exeReboot normally after doing the above then post a fresh log please.
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int305254.exe -auto
O4 - HKLM\..\Run: [System Update] C:\WINDOWS\System32\mloow.exe
O4 - HKLM\..\Run: [MS Sound Config 16bit] sndcfg16.exe
O4 - HKLM\..\Run: [Microsoft Update] wssvrs.exe
O4 - HKLM\..\Run: [Microsoft Services] lsrv.exe
O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\kszlf.exe
O4 - HKLM\..\RunServices: [Microsoft Services] lsrv.exe
O4 - HKLM\..\RunServices: [MS Sound Config 16bit] sndcfg16.exe
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_ES_XP.cab
Reboot into safe mode following the instructions here & navigate to & delete the following if found:
C:\Program Files\websx-folder
C:\WINDOWS\System32\mloow.exe-file
C:\WINDOWS\System32\kszlf.exe-file
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Couldn't find what you listed to seek out in safe mode.
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\Acr
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\Acr
Your log isn't complete; looks like you ran HJT in safe mode- Run it when booted into normal mode and post the resulting log.
Are you saying that you could find neither the websx folder nor the two files in safe mode? Did you set Windows Explorer's View options to display hidden and system files/folders?
Are you saying that you could find neither the websx folder nor the two files in safe mode? Did you set Windows Explorer's View options to display hidden and system files/folders?
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
- Ancient Aborigine blessing
Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.
However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
•
•
Join Date: Feb 2004
Posts: 10,035
Reputation:
Solved Threads: 761
Also include in the log the top section which gives the OS version, hijackthis version & IE version, along with the time & date of the scan. This all helps us to determine an outcome for you.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
I switched the Folder Options to see Hidden items, but still no sign of the files or programs.
Logfile of HijackThis v1.98.0
Scan saved at 12:37:12, on 24/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Logfile of HijackThis v1.98.0
Scan saved at 12:37:12, on 24/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton Personal Firewall\ATRACK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\John2\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wizards.com/magic/
F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
|
Similar Threads
- Rundll error saying w002763f.dll is missing what should i do? (Viruses, Spyware and other Nasties)
- Rundll error coljc.dll not find (Viruses, Spyware and other Nasties)
- RUNDLL ERROR / w3knet.dll (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Need help after first HJT scan, not sure what to fix.
- Next Thread: trojan
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
