Jump to content


Photo

Inetkw.dll - How Do I remove this?


  • Please log in to reply
2 replies to this topic

#1 Capt_Hungry

Capt_Hungry

    Member

  • New Member
  • Pip
  • 2 posts

Posted 12 July 2004 - 03:23 PM

Since I have decided that I really need to keep up on what is running on my system.........

I installed Hijack This today, along with CWShredder. CWShredder found nothing compromising on my system. I then ran HJT, and have been going through the tutorial on how to analyse the logfile HJT creates. I have a folder called Internet Keyword (as some folks posting here seem to have). I have been able to determine that this folder is not needed and is malware.

After doing some searching, I have determined that HJT will fix the inetmgr entry, which I did. I then went in and manually deleted all the other files in the Internet Keyword folder save for inetkw.dll. Seems that something else is using this file and I am unable to delete it. Has anyone else run across this? I do run Adaware & Spybot SD regularly (both are up to date) and all the definitions for Norton Internet Security are up to date.

For what it's worth, here's my HJT log:

Logfile of HijackThis v1.98.0
Scan saved at 4:08:22 PM, on 7/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
D:\WINNT\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\system32\stisvc.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\PROGRA~1\NORTON~1\navapw32.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\Program Files\Ahead\InCD\InCD.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\PESTPA~1\PPControl.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\Program Files\AIM\aim.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Belkin\Nostromo\nost_LM.exe
D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Program Files\Microsoft Office\Office\OSA.EXE
D:\Program Files\Palm\HOTSYNC.EXE
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
D:\Program Files\Norton Internet Security\ATRACK.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - D:\PROGRA~1\INTERN~2\inetkw.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [NeroCheck] D:\WINNT\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: HotSync Manager.lnk = D:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Loadout Manager.lnk = D:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: APC UPS Status.lnk = D:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
O4 - Global Startup: Microsoft Find Fast.lnk = D:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = D:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_41.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.dll
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab

Any thoughts are most welcome.
Thank you.

:cool:

Edited by Capt_Hungry, 12 July 2004 - 03:24 PM.


#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 12 July 2004 - 03:37 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - D:\PROGRA~1\INTERN~2\inetkw.dll

Reboot after fixing.

You should then be able to delete the folder.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 Capt_Hungry

Capt_Hungry

    Member

  • New Member
  • Pip
  • 2 posts

Posted 12 July 2004 - 05:16 PM

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O2 - BHO: Browser - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - D:\PROGRA~1\INTERN~2\inetkw.dll

Reboot after fixing.

You should then be able to delete the folder.

Thank you Dave38.

That did the trick.

I figured I should let HJT deal with the offending file, but figured that there might be something else that I might need to do.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button