my girlfriend has an error come up litterly every 2 mins and it says "Error
loading c:\PROGRA~\INTERN~2\inetkw.dll The specified module could not be
found. it is realy pissing her off and geting tired of this.. it happens
no matter what shes doing and starts as soon as she starts her computer. she
has XP home I beleave. her hijack log is quite long just to warn you :( but here it is
Logfile of HijackThis v1.98.2
Scan saved at 1:57:00 AM, on 8/17/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Visual IP InSight\TDS\ARUpld32.exe
C:\Program Files\Visual IP InSight\TDS\ARMon32a.exe
C:\Program Files\Norton
AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\WINDOWS\cmxktjvi.exe
C:\WINDOWS\System32\gccufem.exe
C:\PROGRA~1\INTERN~2\inetmgr.exe
C:\WINDOWS\dhbrwsr.exe
C:\PROGRA~1\INTERN~2\inetsvc.exe
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\Common Files\Symantec
Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Documents and Settings\Owner\Application
Data\eber.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program
Files\SmartPopupBlocker\SmartPopupBlockerTray.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\wojxfrin.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\dhsvr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://targetsearch.info/left.php
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.websearch.com/ie.aspx?tb_id=50168
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.topfivesearch.com/search.asp
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,SearchURL = http://go.targetsearch.info/
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50168
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Bar =
http://www.topfivesearch.com/sidesearch.asp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Search Page =
http://www.topfivesearch.com/search.asp
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,SearchURL = http://go.targetsearch.info/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://amazingautossearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://www.websearch.com/ie.aspx?tb_id=50168
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page_bak = searchweb2.com
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext =
http://msg.edit.yahoo.com/config/re...mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft Internet
Explorer provided by TDS Internet Services
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -
_{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) -
{707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program
Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) -
{00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: MxTargetObj Class -
{0000607D-D204-42C7-8E46-216055BF9918} -
C:\WINDOWS\mxTarget.dll
O2 - BHO: (no name) -
{01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: Yahoo! Companion BHO -
{02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_19_0.dll
O2 - BHO: (no name) -
{046D6EA4-15E3-4b27-8010-45BD78A9219E} - (no file)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO -
{0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program
Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: URLLink Class -
{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program
Files\NewDotNet\newdotnet6_30.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) -
{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: (no name) -
{64A76450-E04F-2897-8256-155508A27B38} -
C:\WINDOWS\System32\iqj.dll
O2 - BHO: (no name) -
{83DE62E0-5805-11D8-9B25-00E04C60FAF2} - (no file)
O2 - BHO: (no name) -
{87766247-311C-43B4-8499-3D5FEC94A183} -
C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: NAV Helper -
{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\lbbho.dll -
{C951601E-0BF8-410B-AE10-65926919571A} -
C:\WINDOWS\lbbho.dll
O2 - BHO: Band Class -
{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
C:\WINDOWS\dealhlpr.dll
O2 - BHO: SDWin32 Class -
{E03DB857-E3FB-4179-B7CE-8D73440E9820} -
C:\WINDOWS\System32\usrol.dll
O2 - BHO: (no name) -
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) -
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Band Class -
{D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} -
C:\WINDOWS\dealhlpr.dll
O3 - Toolbar: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn2\ycomp5_3_19_0.dll
O3 - Toolbar: (no name) -
{BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: zSearch Bar -
{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - C:\Program
Files\zSearch\zSearch.dll
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus -
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv]
c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program
Files\Hewlett-Packard\Digital
Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program
Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program
Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05]
C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
/keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program
Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LXSUPMON]
C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program
Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [xef] C:\WINDOWS\xef.exe
O4 - HKLM\..\Run: [TV Media] C:\Program Files\TV
Media\Tvm.exe
O4 - HKLM\..\Run: [arirxux] C:\WINDOWS\cmxktjvi.exe
O4 - HKLM\..\Run: [oracazc]
C:\WINDOWS\System32\gccufem.exe
O4 - HKLM\..\Run: [inetmgr]
C:\PROGRA~1\INTERN~2\inetmgr.exe
O4 - HKLM\..\Run: [opomofob]
C:\WINDOWS\System32\opomofob.exe
O4 - HKLM\..\Run: [DealHelperUpdate]
C:\WINDOWS\DHUpdt.exe
O4 - HKLM\..\Run: [DealHelperBrwsr]
C:\WINDOWS\dhbrwsr.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WindUpdates] C:\Program
Files\WindUpdates\WinUpdt.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program
Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [usrolc]
C:\WINDOWS\System32\usrolc.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PCDRealtime]
C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [zSearch] C:\Program
Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program
Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [Spyware remover]
C:\WINDOWS\Remove_spyware.exe
O4 - HKLM\..\Run: [WebRebates] javaw -cp "C:\Program
Files\WebRebates\System\Code" Main lp: "C:\Program
Files\WebRebates"
O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program
Files\websearch\System\Code" Main lp: "C:\Program
Files\websearch"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common
Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check]
C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [New.net Startup] rundll32
C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [Wast] C:\WINDOWS\wast2.exe 2
O4 - HKLM\..\Run: [WinTools] C:\Program Files\Common
Files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [stcloader]
C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV
Media\Tvm.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program
Files\Hewlett-Packard\Digital
Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe
nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program
Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Notn] C:\Documents and
Settings\Owner\Application Data\eber.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [asycfilt]
C:\WINDOWS\system32\asycfilt.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV
Media\Tvm.exe
O4 - HKCU\..\Run: [Cat]
C:\WINDOWS\System32\wojxfrin.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program
Files\Spyware Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [zSearch] C:\Program
Files\zSearch\Zstb.exe
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV
Media\Tvm.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk =
C:\Program Files\Common Files\Adobe\Calibration\Adobe
Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk =
C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Google Search -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page
- res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Coupons -
file://C:\Program
Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: Similar Pages -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English -
res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates -
file://C:\Program
Files\websearch\System\Temp\topr1150_script0.htm
O8 - Extra context menu item: Yahoo! &Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: MoneySide -
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - (no file)
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O14 - IERESET.INF:
START_PAGE_URL=http://start.tds.net/
O16 - DPF: {07637823-C894-4A52-B3F9-5D777FD8E36A} -
http://www.mydailyhoroscope.net/mdh/install.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar...nt.cab28578.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
http://public.windupdates.com/get_f...d12cbd5372935d8
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E}
(AimSp32 Class) -
http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://us.dl1.yimg.com/download.yah...nst20040510.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F}
(Installer Class) -
http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61}
(HouseCall Control) -
http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar...nt.cab28578.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.napster.com/client/isetup.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4}
(ZoneAxRcMgr Class) -
http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} -
http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000}
(YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yah.../ymmapi_416.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}
(ZoneIntro Class) -
http://messenger.zone.msn.com/binar...ro.cab28578.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999}
(YAddBook Class) -
http://us.dl1.yimg.com/download.yah...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
(PopCapLoader Object) - http://zone.msn.com/bingame/zuma/de...aploader_v5.cab
this is what it says thank you so very much for your help.
