ProcessExplorer

Lobo, I am preparing for ProcessExplorer assistance needed.  
JuaritaMooreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JuaritaMooreAuthor Commented:
I have done all that i can do.  Actially after taking a good look at the folder that I thought was causing the system to reboot.  I noticed that the folder was loaded with files and folders.  Therefore, this folder is probrobably not the culprit just a large folder.  The system reboot is going to happen anyway.  I can run any other softwares, as well as leave the system on, however, as soon as i run Ad-adware se it will re-boot before termination of Ad-adware completion; and if i subsequently stop ad-adware prematurly the system will re-boot as i start to clean the infected files.  HELP
0
JuaritaMooreAuthor Commented:
I am ready to move forward
0
Asta CuTechnical consultant & graphic designCommented:
You directed this to Lobo, and will surely respond when he logs in.  May help, if this is urgent, to know more about your Operating System and environment, how current you are with WindowsUpdate and if you tried doing the AdAware scan (after getting all updates) and configuring it to do deep scanning (all drives) including the Hosts file (to extension) in Safe Mode.  Running a Viruscan all drives with updated definition files should be done prior to working on spyware  removals, but you may already have done this.  Sounds like this is a continuing issue, so may also help for you to post the prior link, if applicable.
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

JuaritaMooreAuthor Commented:
Hi... astaec the prior link is on full to much stuff.  I want to just concentrate on the ProcessExplorer stuff.  Boy, in regards to the deep scanning yes i have ran ad-ware deep scanning.  where in the software can i configure all the other stuff?
0
JuaritaMooreAuthor Commented:
other stuff meaning host files (to extension), now i can handle Safe Mode ... LOL
0
JuaritaMooreAuthor Commented:
Lobo, after taking astaec advise, i changed the ad-adware finally got it to complete.  However, the system still reboots I am ready to do the ProcessExplorer stuff
0
JuaritaMooreAuthor Commented:
Hello out there in Lobo ... Land
0
Lobo042399Commented:
Hi Juarita,

Sorry, was away for a while.

Okay, the first thing to do is to run ProcessExplorer from a folder in your Desktop. It will give you a detailed list of the processes running in the machine. Double-clicking on any item in the list will produce more details like linked files, location, and other data. For now, from the ProcessExplorer window, hit File > Save to create a log. It'll generate a TXT log in the same folder from where you're running. You can open it with Notepad, copy the contents and paste it here.

Thanks
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JuaritaMooreAuthor Commented:
Process      PID      CPU      Description      Company Name
System Idle Process      0      99            
 Interrupts      n/a            Hardware Interrupts      
 DPCs      n/a            Deferred Procedure Calls      
 System      4                  
  smss.exe      476            Windows NT Session Manager      Microsoft Corporation
   csrss.exe      524            Client Server Runtime Process      Microsoft Corporation
   winlogon.exe      548            Windows NT Logon Application      Microsoft Corporation
    services.exe      592            Services and Controller app      Microsoft Corporation
     svchost.exe      780            Generic Host Process for Win32 Services      Microsoft Corporation
     svchost.exe      816            Generic Host Process for Win32 Services      Microsoft Corporation
      wuauclt.exe      2260            Automatic Updates      Microsoft Corporation
     svchost.exe      900            Generic Host Process for Win32 Services      Microsoft Corporation
     svchost.exe      924            Generic Host Process for Win32 Services      Microsoft Corporation
     CCSETMGR.EXE      968            Common Client Settings Manager Service      Symantec Corporation
     CCEVTMGR.EXE      1072            Common Client Event Manager Service      Symantec Corporation
     spoolsv.exe      1316            Spooler SubSystem App      Microsoft Corporation
     alg.exe      1416            Application Layer Gateway Service      Microsoft Corporation
     AOLacsd.exe      1428            AOL Connectivity Service      America Online, Inc.
     CCPROXY.EXE      1448            Common Client Network Proxy Service      Symantec Corporation
     MDM.EXE      1512            Machine Debug Manager      Microsoft Corporation
     NAVAPSVC.EXE      1648            Norton AntiVirus Auto-Protect Service      Symantec Corporation
     nvsvc32.exe      1676            NVIDIA Driver Helper Service, Version 45.23      NVIDIA Corporation
     symlcsvc.exe      1784            Symantec Core Component      Symantec Corporation
     SAVSCAN.EXE      952            Symantec AntiVirus Scanner      Symantec Corporation
    lsass.exe      604            LSA Shell (Export Version)      Microsoft Corporation
explorer.exe      1656            Windows Explorer      Microsoft Corporation
 ctfmon.exe      456            CTF Loader      Microsoft Corporation
 IEXPLORE.EXE      2056            Internet Explorer      Microsoft Corporation
 procexp.exe      2884      1      Sysinternals Process Explorer      Sysinternals

Process: Procexp Pid: -2

Type      Name
0
JuaritaMooreAuthor Commented:
Lobo ... I am available for the rest of the evening.
0
Lobo042399Commented:
Hi Juarita,

that log looks clean. Did you say that you ran a full scan with Giant and now AdAware runs okay? If so, did you let AdAware do a cleanup. Another thing... What is the status on
 File name: Ad-Adware Se = c:\DocumentsandSettings\Owner\Desktop\Username\00190-7492696.~  ??
0
JuaritaMooreAuthor Commented:
I removed that file from the system deleted it
0
JuaritaMooreAuthor Commented:
this system still reboots while running adware se customs
0
Lobo042399Commented:
okay. let's try a different one. If you got Registrar....  please open it and navigate to the following path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Can you post what's in there?
0
JuaritaMooreAuthor Commented:
I will download this and proceed to post.
0
Lobo042399Commented:
ok.

it's at the same ULR I posted before:

http://www.gatesofdelirium.com/ee/tools/
0
JuaritaMooreAuthor Commented:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\(default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe

Lobo, this is all I found at that location
0
JuaritaMooreAuthor Commented:
HKEY_CURRENT_USER\Software\Oak Technology\\(default)

I remember seeing an error message regarding Oak Technology should this be set to default

also what am i really doing right now... How would one know which values to change?
0
Lobo042399Commented:
Hi Juarita,

Oak Technologies used to make video and audio processing chips, but that was back in the 90's. They dropped out of that business in '98. They also made drivers for Okidata printers. A program called SimpliCD for burning CD's was also made by Oak a few years ago but that would not require a driver to load on boot. My suggestion would be that if the machine is not that old and uses video and sound cards that were not made by Oak, and does not have an Okidata printer, then I would remove that entry.

Could you please check the
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce key?
0
JuaritaMooreAuthor Commented:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\(default)

Here ya go Lobo ...

0
JuaritaMooreAuthor Commented:
Hey Lobo... Giant alway finds this ad-ware called DSO and usually can not remove it.  i run software again it is there again.  Most of the adwares take a few days or never show up again.  Why is this one so different?  It reads:

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1651190144-2292464892-575712214-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


0
JuaritaMooreAuthor Commented:
could DSO cause this system to reboot?
0
Lobo042399Commented:
Hi Juarita,

a DSO Exploit is not a virus or a spyware but a bug in IE. The values you see (1004 and 3) are the right ones. To be on the safe side I would make sure the latest Windows Updates are installed, since Microsoft has a fix for the bug.

I'm baffled. Both Run and RunOnce reports are clean.

Is the machine rebooting when you log into the net or when you open IE? What happens if you log into the net and don't browse or do anything?
0
JuaritaMooreAuthor Commented:
no it actually reboots when i run ad-adware se 2 always i can run others and no prob
0
JuaritaMooreAuthor Commented:
so my thought is this... if it reboots when i run this software why i do not know... then the system will reboot when the cust gets it back when they try to do things that ad-adware does to certain folders.  However, the reboot was when on the internet at first we have fixed all that.  It does not reboot like it use to.  Mostly on the internet at first.  It would say the internet would shut down in a few minutes and then it would.  Now and then it would reboot at the desktop.  Now no reboots only when i run ad-adware se.  at least that is the only software that is rebooting this system right now.  
0
JuaritaMooreAuthor Commented:
Lobo... I tried to install SP2 over the internet yesterday on this system it stopped in the middle and said access denied unable to installl SP2.  LOL this sysytem is going to be the death of me.  Since then the system takes a long time to get to the desktop however, once at the desktop I am back to square one.  Hate to through this on you but why would a system take a long time to reach the desktop.  what could be the problem? Microsoft says maybe some files are missing.  However, the system would not boot at all.  They suggest do a restore with a full version of XP home.  I do not have full version, I have XP upgrade and most of my systems come with a restore disk that is manufactured by its maker which is no good.  
0
Lobo042399Commented:
Okay, wasn't sure about that.

This is what I'd do then. Uninstall AdAware, reboot, then run Windows Update, reboot (keep in mind not to run ALL updates at once, do it in batches of 4 or 5 at a time starting with the Critical Updates).

After doing that and having rebooted and tested that the Internet connection is ok, I would reinstall AdAware again.
0
Lobo042399Commented:
Arrrgghhh *L*

The new problem might have been caused by the aborted SP2 update. Didn't the machine come with a OS CD? I hate when manufacturers give you those repair CD's and not the real OS that you're paying for.
0
JuaritaMooreAuthor Commented:
No... this system didn't.  This system has presented more problems than it is worth.  I have been able to stabalize the system.  It still will not let Ad-ware do a complete install nor will it install SP2 can you believe that!
0
JuaritaMooreAuthor Commented:
SP2 get the error message access denied as it trys to install the updates right at the end.  I tried 3 times.  I finally found out from Microsoft that SP2 changes the local system settings to NT and that was why i was having problems with slow bootup.  After i changed those setting in the registry boot up was OK.  However, this system will not install SP2 nor will ad-adware completely run.  So, No SP2 nor Ad-adware Pro.  This system needs a complete restore of it with the original CD from HP.  Which means moving files and stuff.  TRIED
0
Lobo042399Commented:
I think you can go to Control Panel > Add/Remove Programs and uninstall SP2 if the installation got blotched halfway through.

If you have Norton Systemworks I would run a Registry Cleanup using the CleanSweep utility that comes with it, too. Maybe there are some Registry entries that belong to AdAware and are preventing it from running properly.
0
JuaritaMooreAuthor Commented:
Tried ... this system reboots before it will complete the actual uninstall.  Again right at the end.  I do not have Nortons system works.  However, you have the keen ability to come up with another software that would do the trick.  A good Idea!
0
Lobo042399Commented:
Hi Juarita,

Here's a link to a review of the top Registry cleaner software in the market right now:

http://www.registry-repair-software-review.toptenreviews.com/?ttreng=1&ttrkey=registry+cleaner+win98

The top scorer there is Advanced System Optimizer. You can review it and download a demo from:

http://www.systweak.com/asov2/

An all time favourite, Registry Mechanic, scored last in that roundup. You can look it up at:

http://www.winguides.com/regmech/

Good Vibes!

Lobo
0
JuaritaMooreAuthor Commented:
thanks for everything Lobo... Peace and Out
0
Lobo042399Commented:
No problemo. Let me know how it goes.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.