[ilanb10]

I need help !!!
My PC can´t find the file p2esocks_1016.dll when I start on the computer.
I'm using Win98 SE.
I already use as-aware and and here is my log.

Logfile of HijackThis v1.99.0
Scan saved at 23:39:04, on 20/12/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\PROGRAM FILES\MICROSOFT IPSEC VPN\IREIKE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\OFFICESCAN 95\RAUAGENT.EXE
C:\PROGRAM FILES\GLOBESPANVIRATA\ADSL\DSLSTAT.EXE
C:\PROGRAM FILES\GLOBESPANVIRATA\ADSL\DSLAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\BABYLON TRANSLATOR\BABYLON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\OFFICESCAN 95\PCCWIN97.EXE
C:\PROGRAM FILES\OFFICESCAN 95\OFCDOG.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\ACCESSORIES\MSPAINT.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\01SLMRWX\HIJACKTHIS[1].EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://amdocsportal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {008DB894-99ED-445D-8547-0E7C9808898D} - C:\WINDOWS\MSLAGENT\4B_1,0,1,2_MSLAGENT.DLL (file missing)
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\SYSTEM\SARISTAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAM FILES\OFFICESCAN 95\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\PROGRAM FILES\OFFICESCAN 95\RAUAGENT.EXE
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [CVPND] "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" start
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAM FILES\OFFICESCAN 95\pccwin97.exe"
O4 - HKLM\..\RunServices: [IREIKE] C:\Program Files\Microsoft IPSec VPN\IreIKE.exe start
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon Translator\Babylon.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1016.dll,InstantAccess
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\RunServices: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\RunServices: [Babylon Translator] C:\Program Files\Babylon Translator\Babylon.exe
O4 - HKCU\..\RunServices: [Instant Access] rundll32.exe p2esocks_1016.dll,InstantAccess
O4 - HKCU\..\RunServices: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: ACM Update PhoneBook Service.lnk = C:\Program Files\Amdocs Connection Manager\ACMStarter.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = corp.amdocs.com
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = amdocs.com,corp.amdocs.com

[Advertisements]

Hi ilanb10, Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\01SLMRWX\HIJACKTHIS[1].EXE

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under Click here to select drives + folders, choose:
• All of your hard drives

-> Click on the Advanced button on the left and select:

• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

-> Click the Tweak button and select:

• Under the Scanning Engine:
  • Unload recognized processes during scanning
  • Include basic Ad-aware settings in logfile
  • Include additional Ad-aware settings in logfile
• Under the Cleaning Engine:
  • Let Windows remove files in use at next reboot

-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

• Use Custom Scanning Options

-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

[Yarnouth]

Hi ilanb10, Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\01SLMRWX\HIJACKTHIS[1].EXE

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

Download Ad-aware from: http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

1. In the General window make sure the following are selected:

• Automatically save log-file
• Automatically quarantine objects prior to removal
• Safe Mode (always request confirmation)

2. Click on the Scanning button on the left and select :

• Scan Within Archives
• Scan Active Processes
• Scan Registry
• Deep Scan Registry
• Scan my IE favorites for banned URL’s
• Scan my Hosts file
• Under Click here to select drives + folders, choose:
• All of your hard drives

-> Click on the Advanced button on the left and select:

• Include additional process information
• Include additional file information
• Include environment information
• Include additional object details

-> Click the Tweak button and select:

• Under the Scanning Engine:
  • Unload recognized processes during scanning
  • Include basic Ad-aware settings in logfile
  • Include additional Ad-aware settings in logfile
• Under the Cleaning Engine:
  • Let Windows remove files in use at next reboot

-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

• Use Custom Scanning Options

-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

[ilanb10]

Hi ilanb10, Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.


Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Please run a free online virus scan here (tick the "Auto Clean" checkbox):
http://housecall.antivirus.com/

And a free trojan scan here:
http://www.moosoft.com/

Reboot your PC.

Download Ad-aware from:  http://www.geekstogo...n=download&id=5

Install the program and launch it.

First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files.

Next, we need to configure Ad-aware for a full scan.

-> Click on the Gear icon (second from the left) to access the preferences/settings window

  1. In the General window make sure the following are selected:

• Automatically save log-file
  
• Automatically quarantine objects prior to removal
  
• Safe Mode (always request confirmation)

  2. Click on the Scanning button on the left and select :

• Scan Within Archives
  
• Scan Active Processes
  
• Scan Registry
  
• Deep Scan Registry
  
• Scan my IE favorites for banned URL’s
  
• Scan my Hosts file
  
• Under Click here to select drives + folders, choose:
  
• All of your hard drives

-> Click on the Advanced button on the left and select:

• Include additional process information
  
• Include additional file information
  
• Include environment information
  
• Include additional object details

-> Click the Tweak button and select:

• Under the Scanning Engine:
  • Unload recognized processes during scanning
  • Include basic Ad-aware settings in logfile
  • Include additional Ad-aware settings in logfile
• Under the Cleaning Engine:
  • Let Windows remove files in use at next reboot

-> Click on Proceed to save the settings.

-> Click Start and on the next screen choose Activate in-depth Scan at the bottom of the page and then choose:

• Use Custom Scanning Options

-> Click Next and Ad-aware will scan your hard drive(s) with the options you have selected.

-> Save the log file when it asks and then click Finish

-> When finished, mark everything for removal and get rid of it. (Right-click the window and choose Select All from the drop down menu and click Next).

-> Reboot your computer.

If you would please, rescan with HijackThis and post a fresh log in this same topic.

[ilanb10]

I Followed the instraction

[Logfile of HijackThis v1.99.0
Scan saved at 12:33:46 AM, on 12/24/2004
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
D:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\system32\wfshell.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ilanbo\Local Settings\Temporary Internet Files\Content.IE5\S1AN4H23\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kmportal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = genproxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .corp.amdocs.com;.amdocs.com;tlvim1;im.amdocs.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\ilanbo\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\ilanbo\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\ilanbo\windows\system32\mswsock.dll' missing
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://td7srv/tdbin/Spider.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.amdocs.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{43402322-EE67-421A-9FE6-0EE3A2888A85}: NameServer = 10.224.49.244,10.17.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BBAB944-7673-4CEA-B6AD-FF67027567BA}: NameServer = 10.224.49.244,10.17.64.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O20 - AppInit_DLLs: RMProcessLink.dll,mfaphook.dll
O23 - Service: ADF Installer Service - Citrix Systems, Inc. - C:\Program Files\Citrix\Installer\AgentSVC.exe
O23 - Service: Application Layer Gateway Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Audio - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Background Intelligent Transfer Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Client Network - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: Citrix WMI Service - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: HP Insight NIC Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe (file missing)
O23 - Service: HP Insight Web Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\cpqwmgmt.exe (file missing)
O23 - Service: HP Insight Foundation Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe (file missing)
O23 - Service: HP Insight Server Agents - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe (file missing)
O23 - Service: HP Insight Storage Agents - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe (file missing)
O23 - Service: Cryptographic Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Citrix XML Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: Distributed File System - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINDOWS\system32\encsvc.exe
O23 - Service: Error Reporting Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Independent Management Architecture - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Server - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MetaFrame COM Server - Citrix Systems, Inc. - C:\WINDOWS\system32\mfcom.exe
O23 - Service: NetIQ AppManager Client Communication Manager - NetIQ Corporation. - C:\Program Files\NetIQ\AppManager\bin\netiqccm.exe
O23 - Service: NetIQ AppManager Client Resource Monitor - NetIQ Corporation. - C:\Program Files\NetIQ\AppManager\bin\netiqmc.exe
O23 - Service: Net Logon - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NetWorker Remote Exec Service - LEGATO Software, a division of EMC. - C:\Program Files\Legato\nsr\bin\nsrexecd.exe
O23 - Service: File Replication - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Plug and Play - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resource Manager Mail - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\IMA\MailService.exe
O23 - Service: RKILL - Unknown - c:\rkill\rkillsrv.exe
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\Documents.exe (file missing)
O23 - Service: Resultant Set of Policy Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Special Administration Console Helper - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SNMP Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Trend ServerProtect - Trend Micro Inc. - C:\Program Files\Trend\SProtect\SpntSvc.exe
O23 - Service: Print Spooler - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\sysdown.exe (file missing)
O23 - Service: Performance Logs and Alerts - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: TrcBoot - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\drivers\trcboot.exe (file missing)
O23 - Service: Distributed Link Tracking Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Wireless Configuration - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)

[ilanb10]

I Followed the Instructions.

Logfile of HijackThis v1.99.0
Scan saved at 12:33:46 AM, on 12/24/2004
Platform: Unknown Windows (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
D:\Program Files\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\system32\wfshell.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ilanbo\Local Settings\Temporary Internet Files\Content.IE5\S1AN4H23\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://kmportal
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = genproxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .corp.amdocs.com;.amdocs.com;tlvim1;im.amdocs.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IcaBar] icabar.exe /adminonly
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\ilanbo\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Documents and Settings\ilanbo\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\ilanbo\windows\system32\mswsock.dll' missing
O12 - Plugin for .rx: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .rxc: C:\Program Files\Internet Explorer\Plugins\iewrqxrx.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {CDBD9968-7BF1-11D4-9D36-0001029DEBEB} (Loader Class) - http://td7srv/tdbin/Spider.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.amdocs.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{43402322-EE67-421A-9FE6-0EE3A2888A85}: NameServer = 10.224.49.244,10.17.64.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BBAB944-7673-4CEA-B6AD-FF67027567BA}: NameServer = 10.224.49.244,10.17.64.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.amdocs.com
O20 - AppInit_DLLs: RMProcessLink.dll,mfaphook.dll
O23 - Service: ADF Installer Service - Citrix Systems, Inc. - C:\Program Files\Citrix\Installer\AgentSVC.exe
O23 - Service: Application Layer Gateway Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Application Management - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Audio - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Background Intelligent Transfer Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Computer Browser - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Client Network - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\cdmsvc.exe (file missing)
O23 - Service: Citrix WMI Service - Citrix Systems, Inc. - C:\Program Files\Citrix\system32\citrix\WMI\ctxwmisvc.exe
O23 - Service: HP Insight NIC Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe (file missing)
O23 - Service: HP Insight Web Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\cpqwmgmt.exe (file missing)
O23 - Service: HP Insight Foundation Agent - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe (file missing)
O23 - Service: HP Insight Server Agents - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe (file missing)
O23 - Service: HP Insight Storage Agents - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe (file missing)
O23 - Service: Cryptographic Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Citrix XML Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\ctxxmlss.exe (file missing)
O23 - Service: Distributed File System - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: DHCP Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Logical Disk Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: DNS Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Encryption Service - Citrix Systems, Inc. - C:\WINDOWS\system32\encsvc.exe
O23 - Service: Error Reporting Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Event Log - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\services.exe (file missing)
O23 - Service: Help and Support - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HTTP SSL - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Independent Management Architecture - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\Ima\ImaSrv.exe
O23 - Service: Server - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Workstation - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: TCP/IP NetBIOS Helper - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: MetaFrame COM Server - Citrix Systems, Inc. - C:\WINDOWS\system32\mfcom.exe
O23 - Service: NetIQ AppManager Client Communication Manager - NetIQ Corporation. - C:\Program Files\NetIQ\AppManager\bin\netiqccm.exe
O23 - Service: NetIQ AppManager Client Resource Monitor - NetIQ Corporation. - C:\Program Files\NetIQ\AppManager\bin\netiqmc.exe
O23 - Service: Net Logon - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Network Connections - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Network Location Awareness (NLA) - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NetWorker Remote Exec Service - LEGATO Software, a division of EMC. - C:\Program Files\Legato\nsr\bin\nsrexecd.exe
O23 - Service: File Replication - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: NT LM Security Support Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Removable Storage - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Plug and Play - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Access Auto Connection Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Access Connection Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Remote Registry - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Resource Manager Mail - Citrix Systems, Inc. - C:\Program Files\Citrix\System32\Citrix\IMA\MailService.exe
O23 - Service: RKILL - Unknown - c:\rkill\rkillsrv.exe
O23 - Service: Remote Procedure Call (RPC) Locator - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) - Unknown - C:\Documents.exe (file missing)
O23 - Service: Resultant Set of Policy Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Special Administration Console Helper - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Security Accounts Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Task Scheduler - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Secondary Logon - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: System Event Notification - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Shell Hardware Detection - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: SNMP Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Trend ServerProtect - Trend Micro Inc. - C:\Program Files\Trend\SProtect\SpntSvc.exe
O23 - Service: Print Spooler - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: HP ProLiant System Shutdown Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\sysdown.exe (file missing)
O23 - Service: Performance Logs and Alerts - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telephony - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminal Services - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: TrcBoot - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\drivers\trcboot.exe (file missing)
O23 - Service: Distributed Link Tracking Client - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Upload Manager - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Uninterruptible Power Supply - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Windows Time - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: WinHTTP Web Proxy Auto-Discovery Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Portable Media Serial Number Service - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Windows Management Instrumentation Driver Extensions - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Wireless Configuration - Unknown - C:\Documents and Settings\ilanbo\WINDOWS\System32\svchost.exe (file missing)

[admin]

Looking good. How's your system working?

[ilanb10]

Still get the same Error.