Solved

Problem with Windows popping up while browsing

Posted on 2004-09-14
14
388 Views
Last Modified: 2013-12-04
Hi,
I had this problem sometime back. I had it fixed. But now it has come back!!..apparently while I was surfing. Just like I did last time, I ran the Hijackthis utility and am posting the log file here.
As before, I am having the problem windows popping up out of nowhere and sometimes some of the web sites not opening at all. Your help is greatly appreciated.

Here is the log file...

Logfile of HijackThis v1.98.2
Scan saved at 8:24:44 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFiles\tasksvr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAware\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - C:\DOCUME~1\ARAVIN~1\LOCALS~1\Temp\rvsksat.dat
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [*mp3util] C:\WINDOWS\addins\mp3util.exe
O4 - HKLM\..\Run: [*tasksvr] C:\WINDOWS\ServicePackFiles\tasksvr.exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFiles\tasksvr.exe rerun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mpnoc
O17 - HKLM\Software\..\Telephony: DomainName = mpnoc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mpnoc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mpnoc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

Thanks...
0
Comment
Question by:dummie_q
  • 7
  • 6
14 Comments
 
LVL 65

Accepted Solution

by:
SheharyaarSaahil earned 125 total points
Comment Utility
Hello dummie_q =)

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - C:\DOCUME~1\ARAVIN~1\LOCALS~1\Temp\rvsksat.dat
O4 - HKLM\..\Run: [*mp3util] C:\WINDOWS\addins\mp3util.exe
O4 - HKLM\..\Run: [*tasksvr] C:\WINDOWS\ServicePackFiles\tasksvr.exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFiles\tasksvr.exe rerun
========================

can u see this C:\WINDOWS\ServicePackFiles\tasksvr.exe entries ??
from where they have come on ur system.... they are faked ones !!
and look at this one >> C:\WINDOWS\addins\mp3util.exe
its also not valid process\file.... and u are having a C:\Windows\addins folder for it, who added it ??

popups cannot start on their own..... something somewhere initiate them..... and u shud be having a Good eye on what's going on ur system :)

now u can fix the above lines.... i hope u are not using yahoo as ur search engine !!
then boot into safemode, and delete these ServicePackFiles and addins foldersfrom C:\WINDOWS
delete ur Temp internet files and C:\Documents and Settings\username\Local Settings\TEMP folder,,,, this u shud do once a week !!
Run some spyware removal tools to check if anything else is left on ur system, if YES then remove them also !!
Reboot and now check for the problems ??

And Remeber, u will not get rid of problems,,,,, if u leave junks to enter ur system,,,,, u have to be carefull, just clening them for once cannot make u safe from them for the future =\
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
and from next time, u can use this Automatic analyse site, which can analyse ur LOG file and can tell u abt its Bad things which are required to be fixed :)
http://www.hijackthis.de/index.php?langselect=english

Good Luck :)
0
 
LVL 1

Author Comment

by:dummie_q
Comment Utility
Hi Saahil,
I tried to fix the files u indicated. No matter how much I try, I am not able to fix some of the files. I ran the utility again. Here is the log.

Logfile of HijackThis v1.98.2
Scan saved at 11:54:38 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\TPWRTRAY.EXE
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\EZSP_PX.EXE
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFiles\tasksvr.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAware\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - C:\DOCUME~1\ARAVIN~1\LOCALS~1\Temp\rvsksat.dat
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_PX.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFiles\tasksvr.exe rerun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2AB38FA0DB29} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-00A0C99B41BB} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mpnoc
O17 - HKLM\Software\..\Telephony: DomainName = mpnoc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mpnoc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mpnoc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll


I tried to remove tasksvr.exe manually. It was located in the windows/prefetch directory. But even after I removed it, I still see it appear in the log file and the problem still persists. Do you think I am missing something.
Thanks for your help..
0
 
LVL 21

Expert Comment

by:jvuz
Comment Utility
Check with SPybot (make sure you also install the newest update)

http://www.safer-networking.org/en/download/index.html
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
can u see a ServicePackFiles folder in C:\Windows ??
if YES then delete it to recycle bin, restart and check if it has created again or not ??
0
 
LVL 1

Author Comment

by:dummie_q
Comment Utility
Hi Saahil,
I had installed XP Service pack 2 some time back. Could this directory be becuase of this? If u still feel I need to delete it I will do it..let me know..

Thanks
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
Im just conerned abt this starting process >> tasksvr.exe
the folder can be from SP1\SP2 installtion.... but why the process is running from this folder.... ??

and this line shud be Fixed >> O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - C:\DOCUME~1\ARAVIN~1\LOCALS~1\Temp\rvsksat.dat

look at the file, its from TEMP folder..... and i asked to remove all files from TEMP folder..... still entry is there..... =\
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 1

Author Comment

by:dummie_q
Comment Utility
Hi Saahil,

The second line..
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-CCEFF1E3949E} - C:\DOCUME~1\ARAVIN~1\LOCALS~1\Temp\rvsksat.dat
I fixed it from Hijackthis as well as removed everything from temp. But it re-appears after sometime.

The other file "tasksvr.exe"..I don't find it anywhere in any of the directories under windows\Servicepackfiles. Also, I went through some of the documentation and it says that this file is needed. I am clueless about what to do now. So I thought of doing repeating all the steps again. I will run the antivirus, all the spyware I ave and then Hijack this and see what happens. Will let you know what happened..

Thanks a lot..
 
0
 
LVL 1

Author Comment

by:dummie_q
Comment Utility
ok..i tried running everything again..but nothing good turned out of it..so i guess i will have to delete the dir Windows\ServicePackfiles..but i can't do this till dayafter..So I will try and see what happens after that and let u know...

Thanks again
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
the ServicePackfiles folder is not the problem actually... the problem is only why processes are running in background from this folder !!

and what can be the connection or "popups" with a servicepackfiles folder :-S
u are running SP2,,, it has built-in popup blocker.... still those popups come :-o

Try creating a new user and check there for these problems.... i mean popups and websites not loading etc etc ??
its kinda strange, that ur machine has no BAD stuff running,,,,, and still u are facing such problems =\
0
 
LVL 1

Author Comment

by:dummie_q
Comment Utility
Hi Saahil..I created a new user..Same problem there again...I am thinking that I should foramt and reinstall everything..really drastic step..but seems like thats the only option now...Do let me know if I can try something else...

Thanks a lot..
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
hmmmmm u can think abt my position right now,,,, ur log is not showing anything really BAD abt which i can think that this is the cause and take the action agaisnt it,,,,, so im like a blind man in the dark, which can do nothing except shooting here and there,,,,,

honestly speaking i have no idea what is going on ur system and how.... im too much stumped =(
have searched everywhere i cud,,,,, search all EE and my database...... but nothing even relevant was found =\

Im so sorry, but if u are thinking abt format and fresh install,,,,, i will not stop u,,, but will advise u some things to prevent ur system from further infection, if u want me to give :)

After installing windows, before connecting to internet, install a good Av software, a good firewall, Adaware and Spybot and turn on their Auto Protect feature........ and then connect to internet and download windows updates !!
Get a good popup blocker software, so that popups and adds get stopped before u can click them, i use this one >> http://www.pcworld.com/downloads/file_description/0,fid,22573,00.asp
Never click YES to a security warning dialog asking to install an UNKNOWN or Unwanted software
Dont install those softwares which are based on p2p networking or termed as shareware
Clean ur temp files ATLEAST once a week
Update and run ur av software, and do adaware and spybot scans on a regualr basis,,,, e.g once in every two or three weeks, or as u feel easy :)
and Yes ofcourse dont let Kids, especially teenagers, ALONE with ur system,,,, they can be More dangerous than these malwares and viruses ;-)

Sorry again for not being so helpful here =\
!! Good Luck !!
0
 
LVL 1

Author Comment

by:dummie_q
Comment Utility
Hi Sahil,
Well..guess what..I had postponed my re-installation prg till yesterday..and all the time those things were I guess growing and spreading. Yesterday when I booted my comp I had to wait for 10 mts for all the processes (the prob ones) stopped their initialization!!!Gosh..I thot that was enuf and did a clean install!! Anyway..thanks for your help..and i am sorry abt this delayed response..

regards..
0
 
LVL 65

Expert Comment

by:SheharyaarSaahil
Comment Utility
no problem for the delay..... happy that ur system is breathing in fresh air now ;-)
Cheers ^_^
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now