Somethin's up?

[billba]

Well, I feel a little stupid here but I'm missing something. I have included my HijackThis log file and I've gone through it several times but I can't see anything that is wrong. Something is autoloading my browser for me as well as redirecting searces. SpyBot turns up nothing. Any assistance is greatly appreciated.

Thanks In Advance,
Bill


Logfile of HijackThis v1.97.7
Scan saved at 1:45:54 PM, on 4/12/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\cusrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
N:\FaxPress\FaxTray.Exe
C:\WINNT\system32\NWTRAY.EXE
N:\FaxPress\TrayFaxAlert.exe
C:\Palm\AlarmApp.exe
C:\Palm\HOTSYNC.EXE
C:\WINNT\system32\taskmgr.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ISQLW.EXE
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Qualcomm\Eudora Pro\Eudora.exe
C:\WINNT\system32\rundll32.exe
C:\SpyBot\HijackThis.exe

O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CstlFaxTray] N:\FaxPress\FaxTray.Exe /s
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - Startup: Alarm Manager.LNK = C:\Palm\AlarmApp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: TrayFaxAlert.lnk = FaxPress\TrayFaxAlert.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

 

[cybertech]

Click on the link below to get lsp-fix.
Run that to fix your internet connection.

http://www.cexx.org/lspfix.htm

Run the program. Check the box that says "I know what I'm doing". Click "Finish"

 

[billba]

The LSP-Fix found nothing to repair. I did not check the advanced "I know what I'm doing" because I'm really not advanced but the ones that it found were:

rnr20.dll
winrnr.dll
nwws2nds.dll
nwws2sap.dll
nwws2slp.dll
nwprov.dll
msafd.dll
rsvpsp.dll

But none of these can be removed except manually.

 

[cybertech]

Run HJT again and check:

O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\inetadpt.dll

Close all applications and browser windows before you click "fix checked".

Have you disabled things with msconfig?

 

[cybertech]

Are you using Novell?

 

[cybertech]

Go here and run at least two of the online scanners.

http://forums.techguy.org/t110854/s.html

Have you gotten SP3 for SQL?

 

[billba]

I ran Trend Micro's HouseCall and it didn't find anything. I am running Norton AntiVirus and I do daily scans an updates with it. Plus I keep pretty close tabs on MS patches and updates, especially the critical ones. I then ran RAV's AntiVirus and it returned the folowing. Any ideas how to remove it since 2 out of 3 virus scans as well as SpyBot found nothing?

Scan started at 4/12/2004 3:13:56 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINNT\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI16B7.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI16B7.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI55D8.tmp\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
C:\WINNT\Temp\THI55D8.tmp\twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected

Scanned
============================
Objects: 96675
Directories: 2527
Archives: 5801
Size(Kb): -964457
Infected files: 5

Found
============================
Viruses found: 1
Suspicious files: 0
Disinfected files: 0
Mail files: 387

 

[cybertech]

Restart in safe mode Click here to see how


Some of these files may be hidden files so open My Computer. Go to Tools, Folder Options and click on the View tab. Make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files". Now click "Apply to all folders"
Click "Apply" then "OK"

Now you should be able to delete that file in c:\winnt and the folder in C:\winnt\temp.