Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

p2esocks_1014.dll infected

Started by sidnei , Aug 19 2004 10:58 AM

  • Please log in to reply

#1
sidnei
Posted 19 August 2004 - 10:58 AM

sidnei

    New Member

  • Member
  • Pip
  • 3 posts
Hi, support people!

First, sorry for my English. I'm from Brasil.
As I've seen in others posts, I think my problem is very frequent.
When I start my computer, my antivirus (AVG) says that there is an infected file. It is p2esocks_1014.dll. Even if I press "Heal", it doesn't work. Then a box appears with title "Rundll" and saying something like ""p2esocks_1014.ddl cannot be accessed". As I press "OK" the box closes and everything seems to be good. But there are some weird occurrences in my computer that could have been created by virus infection. Ex: My computer does not play .midi: when I receive an e-mail with music attached, I cannot hear it. Otherwise, I can hear .mp3 (I use jukebox for it). And I also can hear music attached to a .pps file.
I saw some of your members comments about your site. Congratulations! Being true just half of their words, it seems that you give a wonderful service for us, who just know how to press the keyboard and hold de mouse.
I've read the instructions you gave to another member with similar problem. Then I downloaded de HijackThis and run it. Bellow is the log.
Previously, I thank you very much for any help.
Sídnei


Logfile of HijackThis v1.98.1
Scan saved at 13:12:56, on 19/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MEUS DOCUMENTOS\INSTALADORES\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.revistael...eetnoagent7.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...IA/dtc32_EN.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downlo...8_1034_pack.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_EN.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downlo...UTH_1014_EN.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_EN.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = BrasilTelecom
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.199.252.72,200.199.252.68
  • 0

Advertisements

#2
Smokey
Posted 19 August 2004 - 03:51 PM

Smokey

    Member 1K

  • Retired Staff
  • 1,423 posts
Welcome to GTG sidnei <_<

Well understood. It's always nice to see international flavor on our site :D. For your problem, You may wish to print out a copy of these instructions to follow while you complete this procedure. Please move Hijack This to a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Reboot in safe mode (by tapping F8 at startup and select safe mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold:

C:\WINDOWS\services.exe
C:\WINDOWS\mslagent\ <- Folder
C:\WINDOWS\web\related.htm

Next, please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
O4 - HKLM\..\Run: [service] C:\WINDOWS\services.exe -serv
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess
O4 - HKCU\..\Run: [mslagent] C:\WINDOWS\mslagent\MSLAGENT.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0B72CCA4-5F11-11D0-9CB5-0000C0EC9FDB} (Street Technologies ActiveX Control Object) - http://www.revistael...eetnoagent7.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downlo...aries/IA/ia.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downlo...IA/dtc32_EN.cab
O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} (EGP2ECOM Class) - http://akamai.downlo...8_1034_pack.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downlo.../netpe32_EN.cab
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} (EGEGAUTH Class) - http://akamai.downlo...UTH_1014_EN.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downlo.../nethv32_EN.cab

If you don't want the Quicktime tray icon, fix this one too:
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log, and let us know how your system's working. :D
  • 0

#3
sidnei
Posted 19 August 2004 - 10:52 PM

sidnei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, GTC.

First of all, THANK YOU. You've completely solved my recent problem of RUNDLL - p2esocks_1014.dll not accessable!
Unfortunately, my old problem about not hearing .midi files attached to e-mails, as I've related in my last post, remains unsolved. For sure, it had nothing to do with that infected file!
I'm considering reinstall the Windows, but first I have to allocate time to save lots of e-mails I don't want to lose.
Anyway, thanks again and congratulations for the quality of your free service!!
After the Fix Checked, I've run Hijackthis again and this, below, is the new log.

Cordialmente (In portuguese!)
Sídnei


Logfile of HijackThis v1.98.1
Scan saved at 01:33:24, on 20/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\ARQUIVOS DE PROGRAMAS\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\ARQUIVOS DE PROGRAMAS\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\MSLAGENT\4B_1,0,1,0_MSLAGENT.DLL (file missing)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GBIEH.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG_CC] C:\ARQUIV~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\ARQUIV~1\GRISOFT\AVG6\Avgserv9.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsof...ss/allinone.asp
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.googl...n/GoogleNav.cab
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399F83} (GbPluginObj Class) - https://www14.bancob.../GbPluginBb.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = BrasilTelecom
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 200.199.252.72,200.199.252.68
  • 0

#4
admin
Posted 20 August 2004 - 06:37 AM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts

Unfortunately, my old problem about not hearing .midi files attached to e-mails, as I've related in my last post, remains unsolved.

Have you tried updating the driver for your sound device?
  • 0

#5
sidnei
Posted 20 August 2004 - 01:32 PM

sidnei

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hi, GTG:

I don't know how to do it! Besides, it worked well before (i.e. last year). Suddenly, it stopped working. Do you think it seems to be due to a not propperly updated sound device?

Thanks <_<
Sídnei
  • 0

#6
admin
Posted 21 August 2004 - 12:42 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Click Here for BelArc advisor. Run it and paste the log back to this topic. It will tell us what's in your computer. <_< Then we can help you update the sound driver.
  • 0

#7
msteide
Posted 27 August 2004 - 02:11 PM

msteide

    New Member

  • Member
  • Pip
  • 1 posts
hello all
my name is Marc and i'm not so computer literate,i'm having the same problem as "sidnei" with the p2esocks_1014.dll,but unlike "sidnei" i can't make head or tail from those instructions.can you please help me <_<
  • 0

#8
admin
Posted 27 August 2004 - 02:15 PM

admin

    Founder Geek

  • Community Leader
  • 24,639 posts
Hi Marc, welcome to Geeks to Go! <_<

To avoid confusion, do not post your question in someone else's topic. Please start your own.

Please start a new topic. Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP