• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
MikeT

inetkw.dll

9 posts in this topic

I get a pop up run dll error about once a minute that says

"Error loading C:\progra~1\itern~2\inetkw.dll Specified module could not be found.

 

I've read your post instructions and run adaware and spybot - latest versions and cannot get the pop ups to go away.

 

Here is the hi-jack this log:

 

Logfile of HijackThis v1.97.7

Scan saved at 10:35:50 PM, on 7/20/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\WINDOWS\System32\zhxtsarj.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\MAT Downloads\HIJACKTHIS\HijackThis.exe

C:\WINDOWS\System32\rundll32.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - HKLM\..\Run: [dloguud] C:\WINDOWS\System32\zhxtsarj.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?38005.7984375

 

Any suggestions you might offer would be appreciated.

 

Thanks.

Share this post


Link to post
Share on other sites

Hi MikeT

 

Well, let's clean up some "stuff".

 

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting fix checked.

Make sure all browser and all Windows Explorer windows are closed before fixing

 

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll

 

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - HKLM\..\Run: [dloguud] C:\WINDOWS\System32\zhxtsarj.exe

 

NOTE.........even in safe mode you may have to open taskmanager and end task on some of them before you can delete them.

 

Make sure you can view hidden and system files: Instructions here

 

Then Boot to safe mode: Instructions here

 

Delete the following files\folders IF still present:

 

C:\WINDOWS\System32\zhxtsarj.exe

 

Reboot

 

Then browse to the C:\documents and settings\\User Name (repeat for all users)\local settings\temp folder and delete all files and folders in it.

Then browse to the C:\Windows\Temp folder and delete all files in it.

Then in internet explorer click tools>internet Options>General. Click on Delete Files make sure you get all offline content as well.

 

Then Disable system restore: Instructions here

Reboot

 

Enable System Restore.

 

Pls. post another log.

Share this post


Link to post
Share on other sites

I've followed your instructions. I still have the inetkw.dll pop-up. When I went to Internet Options\General\ delete files I had to pull the internet cable to get the deletion

 

Here is the log.

 

Logfile of HijackThis v1.97.7

Scan saved at 9:33:03 AM, on 7/22/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\MAT Downloads\HIJACKTHIS\HijackThis.exe

C:\WINDOWS\System32\rundll32.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?38005.7984375

 

Thanks.

Share this post


Link to post
Share on other sites

HI there

 

 

Press Ctrl+Alt+Del and 'end task' on any of the follow that are present:

 

inetmgr.exe

inetsvc.exe

 

In HJT check:

 

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

 

Reboot

 

 

 

Go for free online Virus scans here:

 

http://housecall.trendmicro.com/housecall/start_corp.asp

http://www.pandasoftware.com/activescan/

 

Be sure and put a check in the box by "Auto Clean" before you do the scan. If it finds anything that it cannot clean have it delete it or make a note of the file location so you can delete it yourself.

 

 

Run Hijackthis again and pls. post a FRESH log.

Share this post


Link to post
Share on other sites

I tried your instructions above and afraid I was not too successful. I could not even find the housecall scan page. I ran the pandasoft scan and it found 2 viruses which I deleted non which seem to be related to these problems with the pop-up.

 

Each time I tried to delete either file using task manager, it simply started up again right as I deleted it. Also when checking off the O4 - during HJT, it simply pop-ups about 6 or 8 times and when you run the next scan it's they're again.

 

This does not seem to be an easy one.

 

Here is the Log File.

 

Logfile of HijackThis v1.97.7

Scan saved at 12:18:57 AM, on 7/23/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\RUNDLL32.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Norton AntiVirus\SAVScan.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\PROGRA~1\INTERN~2\inetsvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\PROGRA~1\INTERN~2\inetmgr.exe

C:\MAT Downloads\HIJACKTHIS\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...B?38005.7984375

Share this post


Link to post
Share on other sites

Some times Trend Mirco is known for the "blank pop up"

 

Although some times its spyware but some times its not.

 

So it is like a giant game of hide and go seek

 

If you think you have a worm or trojan try this

http://vil.nai.com/vil/stinger/

 

only picks up some stuff, but it is worth a shot

:hmmm:

Share this post


Link to post
Share on other sites

I wanted to tell you that I was able to remove the malware with your help.

 

I had to start up in safe mode - then neither of the Inet programs were in fact running.

 

Then I went to hijack this and eliminated the

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~2\inetmgr.exe

This is still in safe mode.

 

Then I rebooted in normal mode with network support and went to \housecall\tremdmicro, ran the scan which finally found the "malware" responsible for the Inetsvc virus.

 

Finally the housecall found 3 other files that we I had to tell it to delete and when the computer came back, we were rid of the message.

 

Thanks very much for your help.

 

If you need me to amplify a bit more on what I had to do, please ask.

 

Thanks again.

Share this post


Link to post
Share on other sites

Hi MikeT

 

thanks for your feedback !

 

Great job :thumbsup:

 

Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future.

 

Happy Safe Computing !

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0