Cannot load any web pages after spyware removal.

[MD]

Just been round to my mates and whenever he went on ebay he kept getting
redirected to other sites, from what I can only assume was spyware.
We downloaded Spybot and did a search and that found a load of stuff and got
rid of it, but after that links kept getting redirected through
internet-optimizer (spyware ?)
We followed some instructions found on the net to remove this and rebooted.
Now the problem is that no web pages will load at all, e-mail works fine but
whenever a URL is entered or a link clicked from the favourites menu it goes
straight to "page cannot be displayed" almost as if we were working offline.
The only thing I can think of is when we were removing internet-optimizer we
deleted some stuff in the registry, so maybe we deleted something we
shouldn't have ? We have tried reinstalling IE6 but that didn't work.
He is using IE6 and Windows 2000.
Any help appreciated
Thanks.

 

[Piomp10splyr]

Hey.. I'm having the same exact problem. I used Ad-aware
to get rid of some spyware and now IE6 is no longer
working. Reinstalling the software did not help either.
This is so strange. AND ****ING MICROSOFT doesn't have
good support.. THE ****ING CHARGE MORE THAN MY COMPUTER
COST!!! not really, but they charge way too much

 

[PA Bear]

Internet Optimizer hijacker (AKA Downloader.Dyfcia.F Trojan)
http://www.doxdesk.com/parasite/InternetOptimizer.html

Check your system for "hijackware":

Dealing with Hijackware
http://mvps.org/winhelp2002/unwanted.htm
http://www.mvps.org/inetexplorer/Darnit.htm#tshoot
http://aumha.org/a/parasite.htm

You *must* seek updates for Ad-Aware, Spybot, etc., before each and every
use, even "right out of the box". But even then, they can't catch
everything. HijackThis (http://www.merijn.org/files/hijackthis.zip; [new
URL] ) is the preferred tool to use these days. It will help to both
identify and remove any hijackware/spyware. **Post your files to
http://forums.spywareinfo.com/ for expert analysis, not here.**

Also update your virus definitions and then run a full system scan. From
now on, do both daily.
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/default.asp

 

[Chris]

I am also having the same problem- If you figure out a solution please post thanks

 

[ginner]

Hi, Thanks for replies. I have just run HijackThis and noticed the
following message
"O10 - Broken Internet access because of LSP provider 'lsp.dll' missing"
Could this be the reason that I cannot get any web pages to load and is
there a way to resolve this.
E-mail and newsgroups still work fine and I can also download program
updates via the relevant programs it just seems to be related to IE6.
Thanks.
Here is the rest of it if anyone knows anything
Logfile of HijackThis v1.97.7
Scan saved at 20:01:55, on 16/12/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\PROGRA~1\NTLDIAL\NTLDIAL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\gin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} -
C:\WINNT\system32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [58250063.exe] C:\WINNT\System32\58250063.exe
O4 - HKLM\..\RunServices: [MSN Loader] msgner.exe
O4 - HKLM\..\RunServices: [IEXPLORE Loader] sysdll32.exe
O4 - HKLM\..\RunServices: [Povdavatch] nvdas.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
Eliminator\ee.exe /m
O4 - HKCU\..\Run: [EPSON Stylus C40 Series]
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A
"C:\WINNT\System32\E_S174.tmp"
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program
Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O15 - Trusted Zone: http://www.ntlworld.com
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile
Manager Class) - http://moneymanager.egg.com/activex/accounttracking.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl
Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housec
all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.978726
8518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C}
(ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{020D884C-C5B0-43CD-8BB5-5000454A91C5}:
NameServer = 194.168.4.100 194.168.8.100
O17 -
HKLM\System\CS1\Services\Tcpip\..\{020D884C-C5B0-43CD-8BB5-5000454A91C5}:
NameServer = 194.168.4.100 194.168.8.100

 

[MD]

The problem is now sorted. I used a combination of the latest spybot,
HijackThis and a program called lspfix as a dll file called lsp.dll was
damaged/missing.

Hi, Thanks for replies. I have just run HijackThis and noticed the
following message
"O10 - Broken Internet access because of LSP provider 'lsp.dll' missing"
Could this be the reason that I cannot get any web pages to load and is
there a way to resolve this.
E-mail and newsgroups still work fine and I can also download program
updates via the relevant programs it just seems to be related to IE6.
Thanks.
Here is the rest of it if anyone knows anything
Logfile of HijackThis v1.97.7
Scan saved at 20:01:55, on 16/12/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\DRIVERS\dcfssvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SYSTEM32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Kodak\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\internat.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\GetRight\getright.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\KeirNet\K9\K9.exe
C:\PROGRA~1\NTLDIAL\NTLDIAL.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\gin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
about:blank
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {000E7270-CC7A-0786-8E7A-DA09B51938A6} -
C:\WINNT\system32\n3tpa1.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [58250063.exe] C:\WINNT\System32\58250063.exe
O4 - HKLM\..\RunServices: [MSN Loader] msgner.exe
O4 - HKLM\..\RunServices: [IEXPLORE Loader] sysdll32.exe
O4 - HKLM\..\RunServices: [Povdavatch] nvdas.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence
Eliminator\ee.exe /m
O4 - HKCU\..\Run: [EPSON Stylus C40 Series]
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A
"C:\WINNT\System32\E_S174.tmp"
O4 - Startup: Launch K9.lnk = C:\Program Files\KeirNet\K9\K9.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program
Files\GetRight\getright.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = C:\Program
Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Download with GetRight - C:\Program
Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program
Files\GetRight\GRbrowse.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Broken Internet access because of LSP provider 'lsp.dll' missing
O15 - Trusted Zone: http://www.ntlworld.com
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile
Manager Class) - http://moneymanager.egg.com/activex/accounttracking.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl
Class) - http://216.249.24.142/code/PWActiveXImgCtl.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003011601/housecall.antivirus.com/housec
all/xscan53.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.978726
8518
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C}
(ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{020D884C-C5B0-43CD-8BB5-5000454A91C5}:
NameServer = 194.168.4.100 194.168.8.100
O17 -
HKLM\System\CS1\Services\Tcpip\..\{020D884C-C5B0-43CD-8BB5-5000454A91C5}:
NameServer = 194.168.4.100 194.168.8.100

I am also having the same problem- If you figure out a solution please post thanks



"MD" <[email protected]> wrote in message

and

got

fine

but

it

goes

 

[PA Bear]

More: http://www.doxdesk.com/parasite/ShopAtHomeSelect.html
--
HTH...Please post back to this thread

~Robear Dyer (aka PA Bear)
MS MVP-Windows (IE/OE), AH-VSOP

Protect Your PC
http://www.microsoft.com/security/protect/default.asp
<snip>