 |  |  |  |  |  |  |  |
System Processes in XP? NetTsk.exe?
 |
I have noticed that when looking at my processes directly after boot, I see NetTsk.exe. I can't seem to get any results when searching Yahoo for this process, however, all of the others return results.
I have scanned with Ad Ware, Spybot, Registry Mechanic and various "online" scans. Nothing shows anything negative, however when I don't end this process it jacks my CPU usage up into the 90's and lags my system badly.
If someone could please explain exactly what NetTsk.exe is, it would be greatly appreciated.
Thanks in Advance
I have scanned with Ad Ware, Spybot, Registry Mechanic and various "online" scans. Nothing shows anything negative, however when I don't end this process it jacks my CPU usage up into the 90's and lags my system badly.
If someone could please explain exactly what NetTsk.exe is, it would be greatly appreciated.
Thanks in Advance
•
•
Join Date: Aug 2003
Posts: 9,435
Reputation: 
Solved Threads: 476
First please get Spybot S&D to clear out most of the spyware.
Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/
Fix everything SpybotSD labels in red.
Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log here
Short tutorial and download link here:
http://tomcoyote.org/SPYBOT/
Fix everything SpybotSD labels in red.
Then after reboot:
Download 'Hijack This!'. http://www.tomcoyote.org/hjt/
Unzip to a permanent folder, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, load it in Notepad, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
then post the log here
Linux boot cd http://www.knopper.net/knoppix/index-en.html
Thanks for the reply Caper. Below is a copy of the log file.
Logfile of HijackThis v1.97.7
Scan saved at 9:13:16 PM, on 2/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\NetTsk.exe
C:\WINNT\System32\devldr32.exe
E:\HiJackThis\HijackThis.exe
C:\WINNT\system32\mspaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Angel's Playplace
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [BEHLO] C:\WINNT\BEHLO.exe
O4 - HKLM\..\Run: [NetTsk] C:\WINNT\System32\NetTsk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NetTsk] C:\WINNT\System32\NetTsk.exe
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binarie...HTML_US_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/171d2b86f25366b...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
Logfile of HijackThis v1.97.7
Scan saved at 9:13:16 PM, on 2/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\NetTsk.exe
C:\WINNT\System32\devldr32.exe
E:\HiJackThis\HijackThis.exe
C:\WINNT\system32\mspaint.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Angel's Playplace
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINNT\Downloaded Program Files\bridge.dll",Load
O4 - HKLM\..\Run: [BEHLO] C:\WINNT\BEHLO.exe
O4 - HKLM\..\Run: [NetTsk] C:\WINNT\System32\NetTsk.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [NetTsk] C:\WINNT\System32\NetTsk.exe
O8 - Extra context menu item: >>> FREE PORN GALLERIES <<< - javascript:{document.location='http://sexmaxx.com/freegalleries.htm';}
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/game...ts/y/nt1_x.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://active.macromedia.com/director/cabs/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binarie...HTML_US_XP.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {4C226336-4032-489F-9674-67E74225979B} (OTXMovie Class) - http://otx.ifilm.com/OTXMedia/OTXMedia.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/171d2b86f25366b...p/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX25.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex...trol_v1-32.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
After following links in your sig, I went to Trend and did a scan. http://www.digital-accents.com/bad_stuff.JPG
•
•
Join Date: Feb 2004
Posts: 9,933
Reputation:
Solved Threads: 710
•
•
•
•
Originally Posted by caperjack
First please get Spybot S&D to clear out most of the spyware.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Aug 2003
Posts: 9,435
Reputation:
Solved Threads: 476
•
•
•
•
Originally Posted by WEATHER CHANNEL
Hint: Harden IE and you would not be this situation.
How I got infected in the first place
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Aug 2003
Posts: 9,435
Reputation:
Solved Threads: 476
•
•
•
•
Originally Posted by crunchie
I think you should add this to your signature.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Aug 2003
Posts: 9,435
Reputation:
Solved Threads: 476
•
•
•
•
Originally Posted by Angel
After following links in your sig, I went to Trend and did a scan. http://www.digital-accents.com/bad_stuff.JPG
Also you have hijackthis.exe in E:\ hijack, is E a second harddrive .
Linux boot cd http://www.knopper.net/knoppix/index-en.html
•
•
Join Date: Aug 2003
Posts: 9,435
Reputation:
Solved Threads: 476
•
•
•
•
Originally Posted by crunchie
I think you should add this to your signature.
Linux boot cd http://www.knopper.net/knoppix/index-en.html
|
Other Threads in the Windows NT / 2000 / XP Forum
- Previous Thread: problem with dll file
- Next Thread: Corrupt: \Windows\System32\ Config\System !!!! Please help!
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Windows NT / 2000 / XP Posts
- Today's Posts
- Unanswered Threads
.net 64bit 2007 2010 a.exe address android appstore arm black blue book bsod bulletin canonical cellphones codeplex combofix computer crash cursor deployment deployments desktop desktops dns dotnetnuke drive eartlink error errors explorer fax features folder fontmanagers format framework freeze hardware home interoperability laptop lcd linux load login mac markshuttleworth memory microsoft monitor motionle1600 netbooks novell nvidia opensource operatingsystems options osx palm patch printer product program reformat remotedesktop replacingraiddrive retail retrieve screen security sharepoint simplifiedchinese sitetositevpn slowperformance studios technology unreadable update upgrade usb verizon videodrivers videogames virus vista visual vpn vulnerability wab win win32/heur windows windows7 windowsxp windowsxpnotstartingup. worm xp xpde