JuaritaMoore
asked on
ProcessExplorer
Lobo, I am preparing for ProcessExplorer assistance needed.
ASKER
I am ready to move forward
You directed this to Lobo, and will surely respond when he logs in. May help, if this is urgent, to know more about your Operating System and environment, how current you are with WindowsUpdate and if you tried doing the AdAware scan (after getting all updates) and configuring it to do deep scanning (all drives) including the Hosts file (to extension) in Safe Mode. Running a Viruscan all drives with updated definition files should be done prior to working on spyware removals, but you may already have done this. Sounds like this is a continuing issue, so may also help for you to post the prior link, if applicable.
ASKER
Hi... astaec the prior link is on full to much stuff. I want to just concentrate on the ProcessExplorer stuff. Boy, in regards to the deep scanning yes i have ran ad-ware deep scanning. where in the software can i configure all the other stuff?
ASKER
other stuff meaning host files (to extension), now i can handle Safe Mode ... LOL
ASKER
Lobo, after taking astaec advise, i changed the ad-adware finally got it to complete. However, the system still reboots I am ready to do the ProcessExplorer stuff
ASKER
Hello out there in Lobo ... Land
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Process PID CPU Description Company Name
System Idle Process 0 99
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 476 Windows NT Session Manager Microsoft Corporation
csrss.exe 524 Client Server Runtime Process Microsoft Corporation
winlogon.exe 548 Windows NT Logon Application Microsoft Corporation
services.exe 592 Services and Controller app Microsoft Corporation
svchost.exe 780 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2260 Automatic Updates Microsoft Corporation
svchost.exe 900 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 968 Common Client Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 1072 Common Client Event Manager Service Symantec Corporation
spoolsv.exe 1316 Spooler SubSystem App Microsoft Corporation
alg.exe 1416 Application Layer Gateway Service Microsoft Corporation
AOLacsd.exe 1428 AOL Connectivity Service America Online, Inc.
CCPROXY.EXE 1448 Common Client Network Proxy Service Symantec Corporation
MDM.EXE 1512 Machine Debug Manager Microsoft Corporation
NAVAPSVC.EXE 1648 Norton AntiVirus Auto-Protect Service Symantec Corporation
nvsvc32.exe 1676 NVIDIA Driver Helper Service, Version 45.23 NVIDIA Corporation
symlcsvc.exe 1784 Symantec Core Component Symantec Corporation
SAVSCAN.EXE 952 Symantec AntiVirus Scanner Symantec Corporation
lsass.exe 604 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1656 Windows Explorer Microsoft Corporation
ctfmon.exe 456 CTF Loader Microsoft Corporation
IEXPLORE.EXE 2056 Internet Explorer Microsoft Corporation
procexp.exe 2884 1 Sysinternals Process Explorer Sysinternals
Process: Procexp Pid: -2
Type Name
System Idle Process 0 99
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 476 Windows NT Session Manager Microsoft Corporation
csrss.exe 524 Client Server Runtime Process Microsoft Corporation
winlogon.exe 548 Windows NT Logon Application Microsoft Corporation
services.exe 592 Services and Controller app Microsoft Corporation
svchost.exe 780 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 816 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 2260 Automatic Updates Microsoft Corporation
svchost.exe 900 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
CCSETMGR.EXE 968 Common Client Settings Manager Service Symantec Corporation
CCEVTMGR.EXE 1072 Common Client Event Manager Service Symantec Corporation
spoolsv.exe 1316 Spooler SubSystem App Microsoft Corporation
alg.exe 1416 Application Layer Gateway Service Microsoft Corporation
AOLacsd.exe 1428 AOL Connectivity Service America Online, Inc.
CCPROXY.EXE 1448 Common Client Network Proxy Service Symantec Corporation
MDM.EXE 1512 Machine Debug Manager Microsoft Corporation
NAVAPSVC.EXE 1648 Norton AntiVirus Auto-Protect Service Symantec Corporation
nvsvc32.exe 1676 NVIDIA Driver Helper Service, Version 45.23 NVIDIA Corporation
symlcsvc.exe 1784 Symantec Core Component Symantec Corporation
SAVSCAN.EXE 952 Symantec AntiVirus Scanner Symantec Corporation
lsass.exe 604 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1656 Windows Explorer Microsoft Corporation
ctfmon.exe 456 CTF Loader Microsoft Corporation
IEXPLORE.EXE 2056 Internet Explorer Microsoft Corporation
procexp.exe 2884 1 Sysinternals Process Explorer Sysinternals
Process: Procexp Pid: -2
Type Name
ASKER
Lobo ... I am available for the rest of the evening.
Hi Juarita,
that log looks clean. Did you say that you ran a full scan with Giant and now AdAware runs okay? If so, did you let AdAware do a cleanup. Another thing... What is the status on
File name: Ad-Adware Se = c:\DocumentsandSettings\Ow ner\Deskto p\Username \00190-749 2696.~ ??
that log looks clean. Did you say that you ran a full scan with Giant and now AdAware runs okay? If so, did you let AdAware do a cleanup. Another thing... What is the status on
File name: Ad-Adware Se = c:\DocumentsandSettings\Ow
ASKER
I removed that file from the system deleted it
ASKER
this system still reboots while running adware se customs
okay. let's try a different one. If you got Registrar.... please open it and navigate to the following path:
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Run
Can you post what's in there?
HKEY_CURRENT_USER\Software
Can you post what's in there?
ASKER
I will download this and proceed to post.
ASKER
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Run\\( default)
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\Run\\c tfmon.exe
Lobo, this is all I found at that location
HKEY_CURRENT_USER\Software
Lobo, this is all I found at that location
ASKER
HKEY_CURRENT_USER\Software \Oak Technology\\(default)
I remember seeing an error message regarding Oak Technology should this be set to default
also what am i really doing right now... How would one know which values to change?
I remember seeing an error message regarding Oak Technology should this be set to default
also what am i really doing right now... How would one know which values to change?
Hi Juarita,
Oak Technologies used to make video and audio processing chips, but that was back in the 90's. They dropped out of that business in '98. They also made drivers for Okidata printers. A program called SimpliCD for burning CD's was also made by Oak a few years ago but that would not require a driver to load on boot. My suggestion would be that if the machine is not that old and uses video and sound cards that were not made by Oak, and does not have an Okidata printer, then I would remove that entry.
Could you please check the
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunOnc e key?
Oak Technologies used to make video and audio processing chips, but that was back in the 90's. They dropped out of that business in '98. They also made drivers for Okidata printers. A program called SimpliCD for burning CD's was also made by Oak a few years ago but that would not require a driver to load on boot. My suggestion would be that if the machine is not that old and uses video and sound cards that were not made by Oak, and does not have an Okidata printer, then I would remove that entry.
Could you please check the
HKEY_CURRENT_USER\Software
ASKER
HKEY_CURRENT_USER\Software \Microsoft \Windows\C urrentVers ion\RunOnc e\\(defaul t)
Here ya go Lobo ...
Here ya go Lobo ...
ASKER
Hey Lobo... Giant alway finds this ad-ware called DSO and usually can not remove it. i run software again it is there again. Most of the adwares take a few days or never show up again. Why is this one so different? It reads:
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-165119 0144-22924 64892-5757 12214-1003 \Software\ Microsoft\ Windows\Cu rrentVersi on\Interne t Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Softwa re\Microso ft\Windows \CurrentVe rsion\Inte rnet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-18\Softwa
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-21-165119
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-20\Softwa
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\S-1-5-19\Softwa
DSO Exploit: Data source object exploit (Registry change, fixed)
HKEY_USERS\.DEFAULT\Softwa
ASKER
could DSO cause this system to reboot?
Hi Juarita,
a DSO Exploit is not a virus or a spyware but a bug in IE. The values you see (1004 and 3) are the right ones. To be on the safe side I would make sure the latest Windows Updates are installed, since Microsoft has a fix for the bug.
I'm baffled. Both Run and RunOnce reports are clean.
Is the machine rebooting when you log into the net or when you open IE? What happens if you log into the net and don't browse or do anything?
a DSO Exploit is not a virus or a spyware but a bug in IE. The values you see (1004 and 3) are the right ones. To be on the safe side I would make sure the latest Windows Updates are installed, since Microsoft has a fix for the bug.
I'm baffled. Both Run and RunOnce reports are clean.
Is the machine rebooting when you log into the net or when you open IE? What happens if you log into the net and don't browse or do anything?
ASKER
no it actually reboots when i run ad-adware se 2 always i can run others and no prob
ASKER
so my thought is this... if it reboots when i run this software why i do not know... then the system will reboot when the cust gets it back when they try to do things that ad-adware does to certain folders. However, the reboot was when on the internet at first we have fixed all that. It does not reboot like it use to. Mostly on the internet at first. It would say the internet would shut down in a few minutes and then it would. Now and then it would reboot at the desktop. Now no reboots only when i run ad-adware se. at least that is the only software that is rebooting this system right now.
ASKER
Lobo... I tried to install SP2 over the internet yesterday on this system it stopped in the middle and said access denied unable to installl SP2. LOL this sysytem is going to be the death of me. Since then the system takes a long time to get to the desktop however, once at the desktop I am back to square one. Hate to through this on you but why would a system take a long time to reach the desktop. what could be the problem? Microsoft says maybe some files are missing. However, the system would not boot at all. They suggest do a restore with a full version of XP home. I do not have full version, I have XP upgrade and most of my systems come with a restore disk that is manufactured by its maker which is no good.
Okay, wasn't sure about that.
This is what I'd do then. Uninstall AdAware, reboot, then run Windows Update, reboot (keep in mind not to run ALL updates at once, do it in batches of 4 or 5 at a time starting with the Critical Updates).
After doing that and having rebooted and tested that the Internet connection is ok, I would reinstall AdAware again.
This is what I'd do then. Uninstall AdAware, reboot, then run Windows Update, reboot (keep in mind not to run ALL updates at once, do it in batches of 4 or 5 at a time starting with the Critical Updates).
After doing that and having rebooted and tested that the Internet connection is ok, I would reinstall AdAware again.
Arrrgghhh *L*
The new problem might have been caused by the aborted SP2 update. Didn't the machine come with a OS CD? I hate when manufacturers give you those repair CD's and not the real OS that you're paying for.
The new problem might have been caused by the aborted SP2 update. Didn't the machine come with a OS CD? I hate when manufacturers give you those repair CD's and not the real OS that you're paying for.
ASKER
No... this system didn't. This system has presented more problems than it is worth. I have been able to stabalize the system. It still will not let Ad-ware do a complete install nor will it install SP2 can you believe that!
ASKER
SP2 get the error message access denied as it trys to install the updates right at the end. I tried 3 times. I finally found out from Microsoft that SP2 changes the local system settings to NT and that was why i was having problems with slow bootup. After i changed those setting in the registry boot up was OK. However, this system will not install SP2 nor will ad-adware completely run. So, No SP2 nor Ad-adware Pro. This system needs a complete restore of it with the original CD from HP. Which means moving files and stuff. TRIED
I think you can go to Control Panel > Add/Remove Programs and uninstall SP2 if the installation got blotched halfway through.
If you have Norton Systemworks I would run a Registry Cleanup using the CleanSweep utility that comes with it, too. Maybe there are some Registry entries that belong to AdAware and are preventing it from running properly.
If you have Norton Systemworks I would run a Registry Cleanup using the CleanSweep utility that comes with it, too. Maybe there are some Registry entries that belong to AdAware and are preventing it from running properly.
ASKER
Tried ... this system reboots before it will complete the actual uninstall. Again right at the end. I do not have Nortons system works. However, you have the keen ability to come up with another software that would do the trick. A good Idea!
Hi Juarita,
Here's a link to a review of the top Registry cleaner software in the market right now:
http://www.registry-repair-software-review.toptenreviews.com/?ttreng=1&ttrkey=registry+cleaner+win98
The top scorer there is Advanced System Optimizer. You can review it and download a demo from:
http://www.systweak.com/asov2/
An all time favourite, Registry Mechanic, scored last in that roundup. You can look it up at:
http://www.winguides.com/regmech/
Good Vibes!
Lobo
Here's a link to a review of the top Registry cleaner software in the market right now:
http://www.registry-repair-software-review.toptenreviews.com/?ttreng=1&ttrkey=registry+cleaner+win98
The top scorer there is Advanced System Optimizer. You can review it and download a demo from:
http://www.systweak.com/asov2/
An all time favourite, Registry Mechanic, scored last in that roundup. You can look it up at:
http://www.winguides.com/regmech/
Good Vibes!
Lobo
ASKER
thanks for everything Lobo... Peace and Out
No problemo. Let me know how it goes.
ASKER