List of Services with Layperson's Clarifications

I wondered if anyone here or elsewhere has put together a list of Windows services, that a lay person could read and understand to know whether the service is needed or not.

I've been getting a mystery window popping up about once a boot-up for some weeks, which appears and disappears so quickly, I can't see what it is. For the moment, I've gone through Process Explorer to see what all is running and have looked through the list of services, but I'm at a loss to explain the behavior of this particular pop-up.

It has the speed of a snapshot, like someone taking a picture. It's about 4" wide by 3" tall, overlaps the browser about one inch into the left side of the browser and the rest of the window is outside of the browser in the upper left-hand corner of the screen. It has a black background with white print which fills the pop-up screen, but it doesn't look like the "dos" screen you get with Run.

If this were malware, I wouldn't expect it to appear at all, except if it were some harassing type of malware asking me to purchase something. Therefore, I was thinking I would turn off different services to see if I can figure out what it's related to. That's when I realized it would be better to know the importance of a service before I turn it off and the definitions I get when I click on the services are not quite understandable for the most part.

In other words, I'm looking for a list which more easily says ... these services you can turn off without worry, turning off these other services will lose you your internet connection, your printer connection, your back-up system, etc.

I don't know if the popup started after a Windows update or a program update, but that is possible. It's not one I've heard of or seen before.

 

Black Viper is probably the best site to visit.
http://www.blackviper.com/

Scroll down at select your OS. Then you can click on any service (in blue) and read what it does.

 

Depending on when this started I would usually try a system restore before anything else, and if that didn't help I'd start studying the Windows Event Viewer. Turning off services or changing system settings on a trial and error basis is definitely not the way to go.

 

Norgates...

I think if you run HijackThis, you or someone here should be able to spot what is causing the pop up on boot. If you do run it, place the log in a zip folder and attach it to your next post...

Don't think you have a service problem, although whatever it is may be making use of one somehow...

 

Hi Eldon,
Thanks for the good tip!

Earthling,
I tried a new restore point right when it started. When that didn't work, I put it back where it was. It did start right after an update, unfortunately I didn't write down which updates, whether Windows or Adobe or something else that would have been a typical normal update.

I'm looking at the errors in the Event Viewer - ah-ha!... no more the old yellow warning icons! I don't know how to see what errors there were before this problem started so I could compare them with what errors there are now. The errors only go back 7 days.

I'm not sure how else to understand the errors to see how they would relate to this problem. I turned off Adobe and FoxitCloud updates and haven't seen the pop-up since then, however, it's so fast and so seldom, like once a day, that I might have simply missed it.

AtlBo,
Bleeping Computer lists Hijack This as not recommended for systems newer than XP. I wish it were recommended or something were available to replace it. It's a good tool.

 

Want to add a note here because I'm too late to edit the last post:

The pop-up flashed again today, always in the same spot in the upper left-hand side of the screen, overlapping the browser. In this case I was opening an email account, but I don't think it's ever opened systematically with a particular website.

 

Is there a way to see what is running on my computer at a specific time? I know I can run Process Explorer and see what is running, but is there a log of some type that I could look at for a specific day and time that would show me what was running at that time?

 

I found out this pop-up keeps appearing at the same time everyday, so I installed OBS and did a recording of the desktop and was able to capture a screen shot. It seems to be something called taskeng.exe. I've found several entries in the internet about this popup which indicate it is either a problem with Windows or a virus. I'll post the screen shot.

If I click on Start and enter taskeng.exe, the program shows up, but I don't know if I select it and click on it, if this will cause it to run. I would like to figure out where it's located and am not sure how to do this in Win7?

 

Lets see if this will shed any light on the issue.
Download Farbar Recovery Scan Tool and save to your Desktop.

FRST 32 bit - http://www.majorgeeks.com/mg/getmirror/farbar_recovery_scan_tool,1.html
FRST 64 bit - http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ (Download Now 64-bit Version)

• Right click and select Run as administrator. When the tool opens click Yes to the disclaimer.
• Press the Scan button.
• When finished, FRST will produce two logs, FRST.txt and Addition.txt in the same directory the tool is run from.
• Zip both logs and attach to your post.

 

Here's some info from Microsoft regarding taskeng.exe.

https://answers.microsoft.com/en-us...e/526f43d3-d311-4637-a19a-a76f1ce351fb?auth=1

 

Hi Eldon,

I had looked at that MS article before and noticed when I do a search for taskeng.exe, there is only one which comes up. If I enter Task Scheduler, nothing comes up. This may be (or may not be) because my computer is not English, but when looking for the equivalent name of the process in German, it was still called Task Scheduler, so I would expect it to show up.

The location of that one taskeng.exe is in System32 in the Windows folder and the file size is what I would expect it to be: 454 kb.

I'm tending towards the idea that there is a windows process which is trying to do something, once a day, at the same time, and probably isn't able to do it for some reason. I haven't tried turning off the running processes in msconfig, but that might be worth a try. It seems to have started after I did some Windows updates and I think also Flash Player. Unfortunately I didn't note the date. My bad.

_nullptr: Thanks for your post. Would the running of Farbar be for malware or does it also look for faulty processes? I've been reading through the tutorial about it at Geekstogo. I'm still a little confused about whether it needs to be run from the administrative user or whether running it from another user simply causes the warning pop-up to appear.

 

FRST gives a good overview of running processes, services, loaded modules, auto start locations etc.
I suspect that what you are seeing is possibly an invalid scheduled task.

Run FRST elevated (as administrator) on the account that you see the flashing taskeng.exe.

 

Hi _nullptr,

First a brief grumble about software which automatically switches languages to the location of the computer. Malware Bytes seems to be one of the few softwares to note that people need a language choice. I clicked on a button in Farbar which, when translated, comes closest to the word "Examine" and I think this is probably the scan button. Is there any way to get an English copy of Farbar?

Since I have only found one instance of taskeng.exe on my computer through a simple search and it is located in the System32 folder and is a file from 2010 and may or may not be the right size, I'm wondering if the pop-up is the result of a Windows error. Unfortunately, I don't get any Error message, just a blink of the dos-like window.

However, in the Farbar "Addition" log, they list an error I think could be relevant. That is this one:

Error: (08/27/2015 09:40:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

I found instructions from Microsoft which are for WinServer 2003, but which might work for my Win7/SP1-64x, if they somehow reset the file back to some previous state. Do you think that following the instructions in the link below would be helpful or is it a waste of time to try that? One of the files that appears in the farbar scan is the sa.dat file which is referred to in this article:

https://support.microsoft.com/en-us/kb/958837

One other thing which I found confusing is that the Farbar logs list my system restore as being disabled. Since I can reset the restore points successfully as evidenced by previously installed stuff requesting new installation (Java versions and Windows Updates), and also, because I'm getting a confirmation that the system restore was successfully carried out, I'm not sure why Farbar would list it as disabled?

I've removed some personal info from the logs and am posting them here. I was a little surprised to see that the logs were not only stored in the folder where I downloaded the program, but additionally in a folder directly under C.

 

Hi Dr. Moriarty,

Thanks for reminding me of virustotal. As for the farbar download, I got it from Bleeping Computer to begin with. There's something in the software which insists on putting it in the language of where you are located and that ... sks (i.e. is not always helpful).

Thanks for the MS link. I ran across that once and lost it. That might help.