Somethin's up?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.
B

billba

Thread Starter
Joined
Apr 12, 2004
Messages
3
Well, I feel a little stupid here but I'm missing something. I have included my HijackThis log file and I've gone through it several times but I can't see anything that is wrong. Something is autoloading my browser for me as well as redirecting searces. SpyBot turns up nothing. Any assistance is greatly appreciated.

Thanks In Advance,
Bill :confused:


Logfile of HijackThis v1.97.7
Scan saved at 1:45:54 PM, on 4/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\cusrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
N:\FaxPress\FaxTray.Exe
C:\WINNT\system32\NWTRAY.EXE
N:\FaxPress\TrayFaxAlert.exe
C:\Palm\AlarmApp.exe
C:\Palm\HOTSYNC.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ISQLW.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Qualcomm\Eudora Pro\Eudora.exe
C:\WINNT\system32\rundll32.exe
C:\SpyBot\HijackThis.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CstlFaxTray] N:\FaxPress\FaxTray.Exe /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: TrayFaxAlert.lnk = FaxPress\TrayFaxAlert.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
 
B

billba

Thread Starter
Joined
Apr 12, 2004
Messages
3
The LSP-Fix found nothing to repair. I did not check the advanced "I know what I'm doing" because I'm really not advanced but the ones that it found were:

rnr20.dll
winrnr.dll
nwws2nds.dll
nwws2sap.dll
nwws2slp.dll
nwprov.dll
msafd.dll
rsvpsp.dll

But none of these can be removed except manually.
 
cybertech

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and check:

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

Close all applications and browser windows before you click "fix checked".

Have you disabled things with msconfig?
 
B

billba

Thread Starter
Joined
Apr 12, 2004
Messages
3
I ran Trend Micro's HouseCall and it didn't find anything. I am running Norton AntiVirus and I do daily scans an updates with it. Plus I keep pretty close tabs on MS patches and updates, especially the critical ones. I then ran RAV's AntiVirus and it returned the folowing. Any ideas how to remove it since 2 out of 3 virus scans as well as SpyBot found nothing? :eek:

Scan started at 4/12/2004 3:13:56 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI16B7.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI16B7.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI55D8.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI55D8.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected

Scanned
============================
Objects: 96675
Directories: 2527
Archives: 5801
Size(Kb): -964457
Infected files: 5

Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 387
 
cybertech

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Restart in safe mode Click here to see how


Some of these files may be hidden files so open My Computer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Now you should be able to delete that file in c:\winnt and the folder in C:\winnt\temp.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Total: 460 (members: 6, guests: 454)
Top