Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Me Clean P2esocks Error


  • This topic is locked This topic is locked
2 replies to this topic

#1 Deon78

Deon78

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:39 PM

Posted 16 May 2006 - 08:50 AM

Hi I have a problem whit I get a Rundll error on startup, it can't fin p2esock...dll file.
Please help me fix it. Here's my hjt-log.

Logfile of HijackThis v1.99.1
Scan saved at 15:42:07, on 2006-05-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\ZyXEL\ZyWALL VPN Client\IreIKE.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\FSGK32.EXE
C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fssm32.exe
C:\Program\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
C:\Program\F-Secure Anti-Virus\Common\FSMB32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\F-Secure Anti-Virus\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program\F-Secure Anti-Virus\Common\FAMEH32.EXE
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsqh.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsrw.exe
C:\Program\F-Secure Anti-Virus\Anti-Virus\fsav32.exe
C:\Program\Microsoft Works\WksSb.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE
C:\Program\F-Secure Anti-Virus\FSGUI\ispnews.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program\Java\jre1.5.0_06\bin\jusched.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program\F-SECU~1\ANTI-S~1\fsaw.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program\F-Secure Anti-Virus\FSGUI\fsguidll.exe
C:\Program\Personal\bin\Personal.exe
C:\Program\Delade filer\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program\ZyXEL\ZyWALL VPN Client\SafeCfg.exe
C:\Program\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ScanDisk] C:\WINDOWS\SCANDISK.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [OfficeGuardUI] C:\WINDOWS\System32\smvss.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program\F-Secure Anti-Virus\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program\F-Secure Anti-Virus\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program\F-Secure Anti-Virus\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program\F-Secure Anti-Virus\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1017.dll,InstantAccess
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure 2006.lnk = C:\Program\F-Secure Anti-Virus\backweb\4476822\Program\fspex.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: Personal.lnk = C:\Program\Personal\bin\Personal.exe
O4 - Global Startup: Påminnelser för Kalendern i Microsoft Works.lnk = ?
O4 - Global Startup: SmartTrust CSP Certificate Utility.lnk = C:\Program\SmartTrust\SmartTrust Personal\Csp\SmartCertmover.exe
O4 - Global Startup: ZyWALL VPN Client.lnk = C:\Program\ZyXEL\ZyWALL VPN Client\SafeCfg.exe
O8 - Extra context menu item: &Blockera detta popup-fönster - C:\Program\F-Secure Anti-Virus\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Google Search - res://c:\program\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: IE-sköld - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-sköld... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program\F-Secure Anti-Virus\Anti-Spyware\ieshield.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program\Delade filer\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://lnknsr02.gbgsd.se/qp2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/...ebio5_1_2_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\Program\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\Program\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program\F-Secure Anti-Virus\Common\FSMA32.EXE
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program\ZyXEL\ZyWALL VPN Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program\ZyXEL\ZyWALL VPN Client\IreIKE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Please let me know what to remove.

Thx in advance

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:39 PM

Posted 19 May 2006 - 11:30 AM

Hello,

Mainly leftovers in your log here since I don't see any of these running in your running processes..

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O4 - HKLM\..\Run: [ScanDisk] C:\WINDOWS\SCANDISK.exe
O4 - HKLM\..\Run: [OfficeGuardUI] C:\WINDOWS\System32\smvss.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MediaGateway] C:\Program\MediaGateway\MediaGateway.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1017.dll,InstantAccess
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Reboot and let me know if that solved your problem. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:05:39 PM

Posted 25 May 2006 - 05:49 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users