1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Somethin's up?

Discussion in 'Virus & Other Malware Removal' started by billba, Apr 12, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. billba

    billba Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    3
    Well, I feel a little stupid here but I'm missing something. I have included my HijackThis log file and I've gone through it several times but I can't see anything that is wrong. Something is autoloading my browser for me as well as redirecting searces. SpyBot turns up nothing. Any assistance is greatly appreciated.

    Thanks In Advance,
    Bill :confused:


    Logfile of HijackThis v1.97.7
    Scan saved at 1:45:54 PM, on 4/12/2004
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\cisvc.exe
    C:\WINNT\system32\cusrvc.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\wm.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\cidaemon.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    N:\FaxPress\FaxTray.Exe
    C:\WINNT\system32\NWTRAY.EXE
    N:\FaxPress\TrayFaxAlert.exe
    C:\Palm\AlarmApp.exe
    C:\Palm\HOTSYNC.EXE
    C:\WINNT\system32\taskmgr.exe
    C:\WINNT\system32\mmc.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ISQLW.EXE
    C:\WINNT\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Qualcomm\Eudora Pro\Eudora.exe
    C:\WINNT\system32\rundll32.exe
    C:\SpyBot\HijackThis.exe

    O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [CstlFaxTray] N:\FaxPress\FaxTray.Exe /s
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
    O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: TrayFaxAlert.lnk = FaxPress\TrayFaxAlert.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: Related (HKLM)
    O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click on the link below to get lsp-fix.
    Run that to fix your internet connection.

    http://www.cexx.org/lspfix.htm

    Run the program. Check the box that says "I know what I'm doing". Click "Finish"
     
  3. billba

    billba Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    3
    The LSP-Fix found nothing to repair. I did not check the advanced "I know what I'm doing" because I'm really not advanced but the ones that it found were:

    rnr20.dll
    winrnr.dll
    nwws2nds.dll
    nwws2sap.dll
    nwws2slp.dll
    nwprov.dll
    msafd.dll
    rsvpsp.dll


    But none of these can be removed except manually.
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and check:

    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

    Close all applications and browser windows before you click "fix checked".

    Have you disabled things with msconfig?
     
  5. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Are you using Novell?
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  7. billba

    billba Thread Starter

    Joined:
    Apr 12, 2004
    Messages:
    3
    I ran Trend Micro's HouseCall and it didn't find anything. I am running Norton AntiVirus and I do daily scans an updates with it. Plus I keep pretty close tabs on MS patches and updates, especially the critical ones. I then ran RAV's AntiVirus and it returned the folowing. Any ideas how to remove it since 2 out of 3 virus scans as well as SpyBot found nothing? :eek:

    Scan started at 4/12/2004 3:13:56 PM

    Scanning memory...
    Scanning boot sectors...
    Scanning files...
    C:\WINNT\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
    C:\WINNT\Temp\THI16B7.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
    C:\WINNT\Temp\THI16B7.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
    C:\WINNT\Temp\THI55D8.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
    C:\WINNT\Temp\THI55D8.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected

    Scanned
    ============================
    Objects: 96675
    Directories: 2527
    Archives: 5801
    Size(Kb): -964457
    Infected files: 5

    Found
    ============================
    Viruses found: 1
    Suspicious files: 0
    Disinfected files: 0
    Mail files: 387
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Restart in safe mode Click here to see how


    Some of these files may be hidden files so open My Computer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
    Click "Apply" then "OK"

    Now you should be able to delete that file in c:\winnt and the folder in C:\winnt\temp.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/219690

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice