dummie_q
asked on
Problem with Windows popping up while browsing
Hi,
I had this problem sometime back. I had it fixed. But now it has come back!!..apparently while I was surfing. Just like I did last time, I ran the Hijackthis utility and am posting the log file here.
As before, I am having the problem windows popping up out of nowhere and sometimes some of the web sites not opening at all. Your help is greatly appreciated.
Here is the log file...
Logfile of HijackThis v1.98.2
Scan saved at 8:24:44 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\PROGRA~1\Grisoft\AVG6\a vgserv.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAM SV.exe
C:\WINDOWS\System32\inetsr v\inetinfo .exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\Program Files\UPHClean\uphclean.ex e
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THot key.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
C:\WINDOWS\system32\TPWRTR AY.EXE
C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N DSTray.exe
C:\WINDOWS\system32\TFNF5. exe
C:\WINDOWS\System32\EZSP_P X.EXE
C:\toshiba\sysstability\ts yssmon.exe
C:\Program Files\MusicMatch\MusicMatc h Jukebox\mm_tray.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e xe
C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFile s\tasksvr. exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent \qbdagent2 002.exe
C:\WINDOWS\system32\RAMASS T.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\s ystem\em_e xec.exe
C:\Program Files\Yahoo!\Messenger\yms gr_tray.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmg r.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa re\HijackT his.exe
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Page _URL = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Default_Sear ch_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\In ternet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C CEFF1E3949 E} - C:\DOCUME~1\ARAVIN~1\LOCAL S~1\Temp\r vsksat.dat
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot key.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N DSTray.exe "
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P X.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger. exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts yssmon.exe /detect
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc h Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e xe /StartUp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [*mp3util] C:\WINDOWS\addins\mp3util. exe
O4 - HKLM\..\Run: [*tasksvr] C:\WINDOWS\ServicePackFile s\tasksvr. exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFile s\tasksvr. exe rerun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\ LDMConf.ex e
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent \qbdagent2 002.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS T.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9 DCE3B13185 C} - C:\Program Files\AT&T\WnClient\Progra ms\AnyWho. exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0411. dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0411. dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6 0DB54C1000 0} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2 AB38FA0DB2 9} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0 0A0C99B41B B} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = mpnoc
O17 - HKLM\Software\..\Telephony : DomainName = mpnoc
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = mpnoc
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = mpnoc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0 0C04F8EC29 4} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
Thanks...
I had this problem sometime back. I had it fixed. But now it has come back!!..apparently while I was surfing. Just like I did last time, I ran the Hijackthis utility and am posting the log file here.
As before, I am having the problem windows popping up out of nowhere and sometimes some of the web sites not opening at all. Your help is greatly appreciated.
Here is the log file...
Logfile of HijackThis v1.98.2
Scan saved at 8:24:44 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Symantec_Client_Secu
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\inetsr
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\Program Files\UPHClean\uphclean.ex
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THot
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\WINDOWS\system32\TPWRTR
C:\Program Files\TOSHIBA\TouchED\Touc
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N
C:\WINDOWS\system32\TFNF5.
C:\WINDOWS\System32\EZSP_P
C:\toshiba\sysstability\ts
C:\Program Files\MusicMatch\MusicMatc
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
C:\PROGRA~1\SYMANT~1\SYMAN
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFile
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
C:\WINDOWS\system32\RAMASS
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\Yahoo!\Messenger\yms
C:\Program Files\Internet Explorer\iexplore.exe
C:\toshiba\ivp\ism\ivpsvmg
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [*mp3util] C:\WINDOWS\addins\mp3util.
O4 - HKLM\..\Run: [*tasksvr] C:\WINDOWS\ServicePackFile
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFile
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
Thanks...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Saahil,
I tried to fix the files u indicated. No matter how much I try, I am not able to fix some of the files. I ran the utility again. Here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 11:54:38 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e xe
C:\WINDOWS\system32\winlog on.exe
C:\WINDOWS\system32\servic es.exe
C:\WINDOWS\system32\lsass. exe
C:\WINDOWS\system32\svchos t.exe
C:\WINDOWS\System32\svchos t.exe
C:\WINDOWS\system32\spools v.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\a vgserv.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\DVDRAM SV.exe
C:\WINDOWS\System32\inetsr v\inetinfo .exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu rity\Syman tec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\00THot key.exe
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e xe
C:\Program Files\UPHClean\uphclean.ex e
C:\WINDOWS\system32\TPWRTR AY.EXE
C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N DSTray.exe
C:\WINDOWS\system32\TFNF5. exe
C:\WINDOWS\system32\fxssvc .exe
C:\WINDOWS\System32\EZSP_P X.EXE
C:\toshiba\ivp\ism\pinger. exe
C:\toshiba\sysstability\ts yssmon.exe
C:\Program Files\MusicMatch\MusicMatc h Jukebox\mm_tray.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e xe
C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFile s\tasksvr. exe
C:\Program Files\Logitech\MouseWare\s ystem\em_e xec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent \qbdagent2 002.exe
C:\WINDOWS\system32\RAMASS T.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\yms gr_tray.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa re\HijackT his.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7 84B7D6BE0B 3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEH elper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2 06D7942484 F} - C:\PROGRA~1\SPYBOT~1\SDHel per.dll
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C CEFF1E3949 E} - C:\DOCUME~1\ARAVIN~1\LOCAL S~1\Temp\r vsksat.dat
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot key.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e xe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc hED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N DSTray.exe "
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P X.EXE
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger. exe /run
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts yssmon.exe /detect
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc h Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e xe /StartUp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN T~1\vptray .exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFile s\tasksvr. exe rerun
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa ger.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\ LDMConf.ex e
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent \qbdagent2 002.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS T.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma ngr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4 \Office10\ EXCEL.EXE/ 3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9 DCE3B13185 C} - C:\Program Files\AT&T\WnClient\Progra ms\AnyWho. exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0411. dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0 0010333D0A D} - C:\Program Files\Yahoo!\Messenger\yhe xbmes0411. dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0 0C0F0318AF E} - C:\WINDOWS\System32\Shdocv w.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0 0C04F79568 3} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox. dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6 0DB54C1000 0} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4 4455354000 0} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2 AB38FA0DB2 9} (MSN Money Ticker) - http://fdl.msn.com/public/investor/v13/ticker.cab
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0 0A0C99B41B B} (Zoom Class) - http://www.zoomify.com/download/zoomify305.cab
O17 - HKLM\System\CCS\Services\T cpip\Param eters: Domain = mpnoc
O17 - HKLM\Software\..\Telephony : DomainName = mpnoc
O17 - HKLM\System\CS1\Services\T cpip\Param eters: Domain = mpnoc
O17 - HKLM\System\CS2\Services\T cpip\Param eters: Domain = mpnoc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0 0C04F8EC29 4} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
I tried to remove tasksvr.exe manually. It was located in the windows/prefetch directory. But even after I removed it, I still see it appear in the log file and the problem still persists. Do you think I am missing something.
Thanks for your help..
I tried to fix the files u indicated. No matter how much I try, I am not able to fix some of the files. I ran the utility again. Here is the log.
Logfile of HijackThis v1.98.2
Scan saved at 11:54:38 PM, on 9/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG6\a
C:\Program Files\Symantec_Client_Secu
C:\WINDOWS\System32\DVDRAM
C:\WINDOWS\System32\inetsr
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Secu
C:\WINDOWS\System32\00THot
C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\Program Files\UPHClean\uphclean.ex
C:\WINDOWS\system32\TPWRTR
C:\Program Files\TOSHIBA\TouchED\Touc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Toshiba\ConfigFree\N
C:\WINDOWS\system32\TFNF5.
C:\WINDOWS\system32\fxssvc
C:\WINDOWS\System32\EZSP_P
C:\toshiba\ivp\ism\pinger.
C:\toshiba\sysstability\ts
C:\Program Files\MusicMatch\MusicMatc
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
C:\PROGRA~1\SYMANT~1\SYMAN
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\ServicePackFile
C:\Program Files\Logitech\MouseWare\s
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
C:\WINDOWS\system32\RAMASS
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\yms
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aravind\Downloads\AdAwa
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-2
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THot
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [PmProxy] C:\Program Files\Analog Devices\SoundMAX\PmProxy.e
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\Touc
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 28
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\Toshiba\ConfigFree\N
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\EZSP_P
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\ts
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatc
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.e
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMAN
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\RunOnce: [*tasksvr] C:\WINDOWS\ServicePackFile
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Premier\Components\QBAgent
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASS
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlma
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-0
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-0
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.
O16 - DPF: {A17E30C4-A9BA-11D4-8673-6
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-4
O16 - DPF: {EF0DBA6F-43CE-4B26-9808-2
O16 - DPF: {F7DC2A2E-FC34-11D3-B1D9-0
O17 - HKLM\System\CCS\Services\T
O17 - HKLM\Software\..\Telephony
O17 - HKLM\System\CS1\Services\T
O17 - HKLM\System\CS2\Services\T
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-0
I tried to remove tasksvr.exe manually. It was located in the windows/prefetch directory. But even after I removed it, I still see it appear in the log file and the problem still persists. Do you think I am missing something.
Thanks for your help..
Check with SPybot (make sure you also install the newest update)
http://www.safer-networking.org/en/download/index.html
http://www.safer-networking.org/en/download/index.html
can u see a ServicePackFiles folder in C:\Windows ??
if YES then delete it to recycle bin, restart and check if it has created again or not ??
if YES then delete it to recycle bin, restart and check if it has created again or not ??
ASKER
Hi Saahil,
I had installed XP Service pack 2 some time back. Could this directory be becuase of this? If u still feel I need to delete it I will do it..let me know..
Thanks
I had installed XP Service pack 2 some time back. Could this directory be becuase of this? If u still feel I need to delete it I will do it..let me know..
Thanks
Im just conerned abt this starting process >> tasksvr.exe
the folder can be from SP1\SP2 installtion.... but why the process is running from this folder.... ??
and this line shud be Fixed >> O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C CEFF1E3949 E} - C:\DOCUME~1\ARAVIN~1\LOCAL S~1\Temp\r vsksat.dat
look at the file, its from TEMP folder..... and i asked to remove all files from TEMP folder..... still entry is there..... =\
the folder can be from SP1\SP2 installtion.... but why the process is running from this folder.... ??
and this line shud be Fixed >> O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
look at the file, its from TEMP folder..... and i asked to remove all files from TEMP folder..... still entry is there..... =\
ASKER
Hi Saahil,
The second line..
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C CEFF1E3949 E} - C:\DOCUME~1\ARAVIN~1\LOCAL S~1\Temp\r vsksat.dat
I fixed it from Hijackthis as well as removed everything from temp. But it re-appears after sometime.
The other file "tasksvr.exe"..I don't find it anywhere in any of the directories under windows\Servicepackfiles. Also, I went through some of the documentation and it says that this file is needed. I am clueless about what to do now. So I thought of doing repeating all the steps again. I will run the antivirus, all the spyware I ave and then Hijack this and see what happens. Will let you know what happened..
Thanks a lot..
The second line..
O2 - BHO: CATLEvents Object - {77849D67-5672-4B68-93E2-C
I fixed it from Hijackthis as well as removed everything from temp. But it re-appears after sometime.
The other file "tasksvr.exe"..I don't find it anywhere in any of the directories under windows\Servicepackfiles. Also, I went through some of the documentation and it says that this file is needed. I am clueless about what to do now. So I thought of doing repeating all the steps again. I will run the antivirus, all the spyware I ave and then Hijack this and see what happens. Will let you know what happened..
Thanks a lot..
ASKER
ok..i tried running everything again..but nothing good turned out of it..so i guess i will have to delete the dir Windows\ServicePackfiles.. but i can't do this till dayafter..So I will try and see what happens after that and let u know...
Thanks again
Thanks again
the ServicePackfiles folder is not the problem actually... the problem is only why processes are running in background from this folder !!
and what can be the connection or "popups" with a servicepackfiles folder :-S
u are running SP2,,, it has built-in popup blocker.... still those popups come :-o
Try creating a new user and check there for these problems.... i mean popups and websites not loading etc etc ??
its kinda strange, that ur machine has no BAD stuff running,,,,, and still u are facing such problems =\
and what can be the connection or "popups" with a servicepackfiles folder :-S
u are running SP2,,, it has built-in popup blocker.... still those popups come :-o
Try creating a new user and check there for these problems.... i mean popups and websites not loading etc etc ??
its kinda strange, that ur machine has no BAD stuff running,,,,, and still u are facing such problems =\
ASKER
Hi Saahil..I created a new user..Same problem there again...I am thinking that I should foramt and reinstall everything..really drastic step..but seems like thats the only option now...Do let me know if I can try something else...
Thanks a lot..
Thanks a lot..
hmmmmm u can think abt my position right now,,,, ur log is not showing anything really BAD abt which i can think that this is the cause and take the action agaisnt it,,,,, so im like a blind man in the dark, which can do nothing except shooting here and there,,,,,
honestly speaking i have no idea what is going on ur system and how.... im too much stumped =(
have searched everywhere i cud,,,,, search all EE and my database...... but nothing even relevant was found =\
Im so sorry, but if u are thinking abt format and fresh install,,,,, i will not stop u,,, but will advise u some things to prevent ur system from further infection, if u want me to give :)
After installing windows, before connecting to internet, install a good Av software, a good firewall, Adaware and Spybot and turn on their Auto Protect feature........ and then connect to internet and download windows updates !!
Get a good popup blocker software, so that popups and adds get stopped before u can click them, i use this one >> http://www.pcworld.com/downloads/file_description/0,fid,22573,00.asp
Never click YES to a security warning dialog asking to install an UNKNOWN or Unwanted software
Dont install those softwares which are based on p2p networking or termed as shareware
Clean ur temp files ATLEAST once a week
Update and run ur av software, and do adaware and spybot scans on a regualr basis,,,, e.g once in every two or three weeks, or as u feel easy :)
and Yes ofcourse dont let Kids, especially teenagers, ALONE with ur system,,,, they can be More dangerous than these malwares and viruses ;-)
Sorry again for not being so helpful here =\
!! Good Luck !!
honestly speaking i have no idea what is going on ur system and how.... im too much stumped =(
have searched everywhere i cud,,,,, search all EE and my database...... but nothing even relevant was found =\
Im so sorry, but if u are thinking abt format and fresh install,,,,, i will not stop u,,, but will advise u some things to prevent ur system from further infection, if u want me to give :)
After installing windows, before connecting to internet, install a good Av software, a good firewall, Adaware and Spybot and turn on their Auto Protect feature........ and then connect to internet and download windows updates !!
Get a good popup blocker software, so that popups and adds get stopped before u can click them, i use this one >> http://www.pcworld.com/downloads/file_description/0,fid,22573,00.asp
Never click YES to a security warning dialog asking to install an UNKNOWN or Unwanted software
Dont install those softwares which are based on p2p networking or termed as shareware
Clean ur temp files ATLEAST once a week
Update and run ur av software, and do adaware and spybot scans on a regualr basis,,,, e.g once in every two or three weeks, or as u feel easy :)
and Yes ofcourse dont let Kids, especially teenagers, ALONE with ur system,,,, they can be More dangerous than these malwares and viruses ;-)
Sorry again for not being so helpful here =\
!! Good Luck !!
ASKER
Hi Sahil,
Well..guess what..I had postponed my re-installation prg till yesterday..and all the time those things were I guess growing and spreading. Yesterday when I booted my comp I had to wait for 10 mts for all the processes (the prob ones) stopped their initialization!!!Gosh..I thot that was enuf and did a clean install!! Anyway..thanks for your help..and i am sorry abt this delayed response..
regards..
Well..guess what..I had postponed my re-installation prg till yesterday..and all the time those things were I guess growing and spreading. Yesterday when I booted my comp I had to wait for 10 mts for all the processes (the prob ones) stopped their initialization!!!Gosh..I thot that was enuf and did a clean install!! Anyway..thanks for your help..and i am sorry abt this delayed response..
regards..
no problem for the delay..... happy that ur system is breathing in fresh air now ;-)
Cheers ^_^
Cheers ^_^
http://www.hijackthis.de/index.php?langselect=english
Good Luck :)