High CPU Usage & High Memory Usage From dostask.exe

Joined
Oct 1, 2004
Messages
28
I'm running Win XP, and I was downloading some software over the last few days for popup blockers, and I downloaded Yahoo Blocker, Google Blocker, and then ran AdAware 6 [which I've since removed to get Ad Aware SE].

Anyway, I'm having very high CPU usage, and High Memory Usage in the Windows Task Manager. I keep closing dostask.exe because it keeps using nearly 90-100% of the CPU, and it keeps maxing out my memory which is 1/2 Gig.

When I start the machine, the system runs fine, but then it begins to climb. I close it, and it climbs again, and then repeat.

I also did a search for dostask.exe and found this file: DOSTASK.EXE-25D34F68.pf located in the F:\Windows\Prefetch folder. Any help is appreciated.

Important Note: F:\ is my main drive.

Can anyone tell me what I should do? :(
 
Joined
Oct 1, 2004
Messages
28
I have installed all the software, and I have also installed Firefox from the site you just gave me. I also deleted the file which the dostask.exe file was located in, however I also see the file showing up here in the "Hijack" program.

Problem: The dosktask.exe program keeps starting everytime my system begins and continues to hammer my system resources including CPU and memory. However, after running all of the software programs listed in the sticky - it no longer starts up again after I end the process.

The location of dostask.exe now is: F:\WINDOWS\System32\1033\dostask.exe - when I look in msconfig it says the location is: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

When I go to the location to find the file I do not find dostask.exe
 
Joined
Oct 1, 2004
Messages
28
I ran Hijack This - the program from the Sticky in this forum.

Here is the log. If anyone would be so kind as to tell me what I can and can't delete that may help too. The dostask.exe issue is obviously the most important. I've placed the dostask.exe entry in bold and red.

Log from Hijack This:

Logfile of HijackThis v1.98.2
Scan saved at 5:31:42 PM, on 11/21/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\System32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
F:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
f:\program files\mcafee.com\agent\mcagent.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\tbctray.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
f:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
F:\WINDOWS\System32\svchost.exe
f:\PROGRA~1\mcafee.com\vso\mcshield.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\taskmgr.exe
F:\Program Files\Outlook Express\msimn.exe
F:\Documents and Settings\Michael\My Documents\Mike & Sue's Personal Files\MB58SC\Programs For Extraction\HijackThis.exe
F:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - F:\Program Files\Kontiki\bin\bh309190.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - f:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "f:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "f:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] f:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] F:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TraySantaCruz] F:\WINDOWS\system32\tbctray.exe
O4 - HKLM\..\Run: [McRegWiz] F:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [*dostask] F:\WINDOWS\system32\1033\dostask.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [WinTools] F:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Linked Ima&ges - F:\Program Files\IEimage\IEimage.htm
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O9 - Extra button: Linked Images - {D8980DE8-9D4C-4fb0-8FB4-95B1FA4125AD} - F:\Program Files\IEimage\IEimage.htm
O9 - Extra 'Tools' menuitem: Linked Ima&ges - {D8980DE8-9D4C-4fb0-8FB4-95B1FA4125AD} - F:\Program Files\IEimage\IEimage.htm
O9 - Extra button: Support - {9F3EA673-973B-4151-A04D-014A62C2BA46} - http://www.comcastsupport.com (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {D980738F-A97A-4427-A0A4-DE6837437F82} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Help - {FF50BD80-103C-4B6D-97D0-A5E0047445D1} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
 
Joined
Oct 1, 2004
Messages
28
I'm running them separately. I keep McAfee running all the time, and use AVG if problems crop up that need further resolution.
 

Moto Guzzi

[H]ard|Gawd
Joined
Aug 9, 2002
Messages
1,122
I would rename DOSTASK.EXE to DOSTASK.BBB, and see what moans!

Google: Maybe it's a bad sign if Google does not know it!
Your search - dostask.exe - did not match any documents.
MSN search:
Sorry, no results were found containing "dostask.exe"
:mad:
I think you got something ugly there, Symantec has nothing on it either
 

Phoenix86

Supreme [H]ardness
Joined
Mar 28, 2002
Messages
6,653
I would remove anything google can't ID it, and you don't know what it is. There are SOOOO many posts and sites that track processes now it'd be a miracle for something legit to not be in the lists... It's much more likely that it's an unknown spyware exe than a new legit exe from say Nero or whatever application.
 
Joined
Oct 1, 2004
Messages
28
I deleted the file and the registry, and I haven't seen the problem since. I am still showing high CPU usage though when I run all these programs like AVG and Ad Aware - what is your average CPU usage when you run Ad Aware SE? 40-60?

I also deleted: HKCU\..\Run: [WinTools] F:\PROGRA~1\COMMON~1\WinTools\WTool sA.exe

Because I read up quickly that it's connected to sypware often.
 
Top