WTF is this?

**makaveli121212** · 02-7-2004, 07:23 AM

sounds like you got a massive spyware problem to me

**Privateer** · 02-7-2004, 07:26 AM

No, I have no spyware problems at all. I'm very careful as to what goes on my computer, too.

The two symptoms I listed are related.

**makaveli121212** · 02-7-2004, 07:30 AM

ok threre are a few things you can do if its a virus...find it, qurantiine it, and delete...this wont work for good viruses...good viruses will have a program running that restores the virus everytime it is deleted...so you need to go to processes and delete the one that is creating the virus everytime it is deleted...after that the virus should be easily deleted...hijackthis is a good program for idntifying all your processes if youre not sure which is which...or you could simply roll your system back

**Privateer** · 02-7-2004, 07:37 AM

It doesn't detect anything.

I need a list of processes that'll tell me what's important and what's not.

**makaveli121212** · 02-7-2004, 07:43 AM

get hijackthis...it might be hard to find but look on the internet for a download...it will show you all the processes and everything in your registry...then if you want to know what each does hijackthis will give you a brief discription and you look it up on the internet too

**VxDx** · 02-7-2004, 07:44 AM

If you didn't get hijack this... (edit) nm, that doesn't work. Just search google for hijck this log and the first result has a DL link.

If you have DLd hijack this, post the log it produces and I'll try to help you. You might want to look for a malicious .js (javascript file) since it won't show up anywhere that you'd probably look for it, but it runs at startup just the same.

**Privateer** · 02-7-2004, 07:45 AM

I appreciate the offered help, VxDx. I'll take you up on it a bit later though.

**Takisho** · 02-7-2004, 08:51 AM

Just do a system restore...that's what I always do when I get a virus so I don't have to go through the whole "removal procedure."

**Varia** · 02-7-2004, 10:19 AM

Help me out.

Logfile of HijackThis v1.97.7
Scan saved at 9:18:52 AM, on 2/7/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hkcu
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.ewebsearch.net/
R3 - URLSearchHook: IncrediFindBHO Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {E125DEE0-0406-11D8-BDDA-00E07DDFFDE8} - C:\WINDOWS\SYSTEM\NPCSCAN.DLL
O2 - BHO: (no name) - {7D420FA4-B7E3-53A6-6600-EC98CBC9A5E0} - C:\windows\system\txkbwizm.dll__SpybotSDDisabled
O2 - BHO: (no name) - {4FA319A4-EF2B-15DD-4FFF-3F40CCA3FCB4} - C:\windows\system\tbkvnkka.dll__SpybotSDDisabled
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing)
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: (no name) - {392BE62B-E7DE-430A-8859-0AFE677DE6E1} - (no file)
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\SYSTEM\MSENFH.DLL
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - (no file)
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\SYSTEM\MSECLK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Toolbar - {BC97B254-B2B9-4D40-971D-78E0978F5F26}} - (no file)
O3 - Toolbar: (no name) - {BC97B254-B2B9-4D40-971D-78E0978F5F26} - (no file)
O3 - Toolbar: SuperBar - {E29A9980-0F07-11D8-BDDB-00E07DDFFDE8} - C:\PROGRAM FILES\SUPERBAR\SUPERBAR.DLL (file missing)
O3 - Toolbar: Adult Links - {965E6B07-6832-4738-BDBE-25F226BA2AB0} - C:\WINDOWS\SYSTEM32\QABAR.DLL
O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - D:\PROGRAM FILES\POPUPCOP\POPUPCOP.DLL
O4 - HKLM\..\Run: [SystemTray] systray.exe
O8 - Extra context menu item: Open Image in New Window - res://D:\Program Files\PopUpCop\popupcop.dll/imagenew
O9 - Extra button: AIM (HKLM)
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Hello from Picasa Capture (HKLM)
O9 - Extra 'Tools' menuitem: Share in &Hello from Picasa (HKLM)
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O10 - Unknown file in Winsock LSP: c:\windows\system\inetadpt.dll
O12 - Plugin for .gov/FOTWWebApp/StudentAccessServlet;jsessionid=0001P1DENCHMEAJ41SNALNL1WYY?dowhat=printsumpdf&phase=10&state=11&historyid=2&pageid=175&faamode=undefined: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...890.8427314815
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/swdir.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/b...ll/xscan53.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontale.com/nprotect/nprotect/npx.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.ntcast.com/tv/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://ntcast.com/tv/nsvplayx_vp6_mp3.cab

**Moogy** · 02-7-2004, 11:35 AM

deltree /y c:/

WTF is this?

WTF is this?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment