Metropol

Forgive me lord for I have sinned It seems Spyware has got the better of me on my PC and despite various programs to combat this, I guess it just won the battle to infect my PC.

For a few months now, My PC has been pretty much unusable. I use a profile on my PC, a lovely steam powered P2 350mhz and one day, I get a prompt on the screen saying Explorer won't run due to a fault with wininet.dll. Once you ok the message, all the icons on the desktop disappear and the PC is rendered useless.

Yesterday, I tried again and the following error message appeared:-
Explorer caused an invalid page fault in module Kernel32.dll....

Once I ok'd that, the PC was pretty stable in terms of the icons appearing so I did a virus check and deleted three viruses. The PC was useable all last night and this morning. When I went to use the PC this afternoon whilst half way in booting up the PC, the following error appeared

Loadqm was able to load due to a fault with wininet.dll or words with that effect. Once ok'd, the PC was useable. I tried to load Internet Explorer up but also come up with a similar error that Explorer was able to load due to a fault with wininet.dll.

Then Yahoo Messenger also went down due to wininet.dll and MSN Messenger. I'm currently online with thanks to trusty Netscape. It seems anything connected to the internet in terms of programs fail due to wininet.dll so does anyone know how to make my PC more stable?

Is it a case of getting rid of the corrupted dll file and finding a new one and placing it in the relevant folder? Any help is all appreciated.

Have you noticed anything recently that would indicate spyware? I.e. search bars installing themselves at the top in IE, unwanted shortcuts appearing on your Start menu/desktop? You've not mentioned your version of windows, but I'd presume it's pre-NT from the speed of your processor, which means it's not really much use looking in the ctrl+alt+del window.

What's the exact message wininet.dll throws up when it fails? Try pasting it into Google (or here) and see if anything comes up.

For now, I'd have a go at downloading HiJack This and having a scan. Don't delete everything it comes up with automatically, as it'll list a lot of reg entries etc that are the default Windows ones. Only delete something if it's blatently spyware (i.e. MyWebSearch, XXX); and if you can, post a log here for advice on what, and what not, to delete.

Out of interest, how viable would it be for you to back up all the documents on your computer and do a format? Is it completely out of the question?

With regards to Spyware, there hasn't been anything noticeable on screen or anything unusual of late although there has been traces of something called "Look2Me" Although, I think I have 90% got rid of it, I feel there is probably still traces on my hard drive but looking on websites on how to kill it hasn't proved successful.

But anyway, Look2Me would sometimes on it's own accord open up new IE windows trying to pump out some advertising website address. I've checked all the usual places for Spyware and done the neccessary checks. I use AVG for my anti virus which alarmingly found 3 viruses which I cleared. I use Ad Aware for my spyware and Zone Alarm has my firewall.

The wininet.dll prompt looks sommat like this:-



This came up as soon as I opened up IE, a similar error would be generated should I want to use Yahoo Messenger, MSN Messenger. I'm on the internet at the moment through Netscape. Oh, I use trusty Win 98. Yep, still in the dark ages!

One thing I do notice in the task manager is something called RealEvent. I don't know if it's anything do with Real as in the company but it really slows my PC down, once removed from Task Manager. The PC seems to run fine again.

I've heard of Hijack This before and there was traces of Spyware and deleted such things but this was back in June when somebody mentioned on here about using such a program. A transcript of the log appears at the bottom of this posting.

I guess some of you may laugh at this but unforunately I am unable to do a back up as I haven't got anything to back it up with by I am trying to get hold of somebody soon to use their CD-RW and get everything onto some CD's so I can do a format of the hard drive but as we know everyone has committments so it's a waiting game at the moment. Stupid as it is not to do a back up but hey, its only cr@p on this hard drive!

Anyway, here's the log...

Logfile of HijackThis v1.97.7
Scan saved at 22:08:12, on 02/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\WINDOWS\SYSTEM\MSDTCW.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PWSTRAY.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SAMSUNG\DIGIMAX VIEWER 1.0\DIGIMAXVIEWER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WS_FTP\WS_FTP95.EXE
C:\PROGRAM FILES\NETSCAPE\NETSCAPE\NETSCP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://tv.cream.org/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PWSTray] PwsTray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [MSDTC] msdtcw -start
O4 - HKLM\..\RunServices: [inetinfo.exe] C:\WINDOWS\SYSTEM\inetsrv\inetinfo.exe -e w3svc
O4 - HKLM\..\RunServices: [TextNow!Services] C:\Program Files\TextNow!\Programs\RRA9xSvc.exe /Start
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "c:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
O4 - User Startup: EPSON Background Monitor.lnk = C:\ESM2\Stms.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Digimax Viewer 1.0.lnk = C:\Program Files\Samsung\Digimax Viewer 1.0\DigimaxViewer.exe
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... /swdir.cab
O16 - DPF: {02466323-75ED-11CF-A267-0020AF2546EA} (VivoActive Control) - http://player.vivo.com/ie/vvweb.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\supercd\IntraLaunch.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} (MSN Chat Control 4.2) - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 5648611111
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/c ... blt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com ... avxnew.dll

Try this:
http://www.pchell.com/support/look2me.shtml

For wininet errors, it may be worth repairing your IE installation.

Or alternatively, google for the file, plenty of solutions out there.

Sorry Neil for taking a while in replying. I don't think Look2Me is still on my PC although I have some doubts, it's normal traits are not there and apparently it's a right bugger to get rid of. I've had a look at the above URL and it's not in the obvious places.

As for Wininet, most links seem to point towards Pay for this and we will fix your problems which isn't the way I want to go. I might just bare with it and wait for my new PC in the new year.

What I will add to this thread is that it appears to only affect my profile on the PC. If I use the PC by clicking on cancel on the profile log on screen then I can happily use the PC, albeit that it's using the original settings before the profile was set a few years back and Explorer runs fine, it's only when my profile is set that the problems occur and it seems to be on and off. Sometimes when booting up, it's fine other times it will bring up the wininet.dll problem but where as in the past, the whole PC crashes, now when I click OK. It seems you can use the PC still but for non internet activities (except Netscape which runs fine)