Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ProcessExplorer

Posted on 2004-11-11
35
Medium Priority
?
186 Views
Last Modified: 2013-12-04
Lobo, I am preparing for ProcessExplorer assistance needed.  
0
Comment
Question by:JuaritaMoore
  • 23
  • 11
35 Comments
 

Author Comment

by:JuaritaMoore
ID: 12554198
I have done all that i can do.  Actially after taking a good look at the folder that I thought was causing the system to reboot.  I noticed that the folder was loaded with files and folders.  Therefore, this folder is probrobably not the culprit just a large folder.  The system reboot is going to happen anyway.  I can run any other softwares, as well as leave the system on, however, as soon as i run Ad-adware se it will re-boot before termination of Ad-adware completion; and if i subsequently stop ad-adware prematurly the system will re-boot as i start to clean the infected files.  HELP
0
 

Author Comment

by:JuaritaMoore
ID: 12554203
I am ready to move forward
0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 12554590
You directed this to Lobo, and will surely respond when he logs in.  May help, if this is urgent, to know more about your Operating System and environment, how current you are with WindowsUpdate and if you tried doing the AdAware scan (after getting all updates) and configuring it to do deep scanning (all drives) including the Hosts file (to extension) in Safe Mode.  Running a Viruscan all drives with updated definition files should be done prior to working on spyware  removals, but you may already have done this.  Sounds like this is a continuing issue, so may also help for you to post the prior link, if applicable.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:JuaritaMoore
ID: 12556105
Hi... astaec the prior link is on full to much stuff.  I want to just concentrate on the ProcessExplorer stuff.  Boy, in regards to the deep scanning yes i have ran ad-ware deep scanning.  where in the software can i configure all the other stuff?
0
 

Author Comment

by:JuaritaMoore
ID: 12556128
other stuff meaning host files (to extension), now i can handle Safe Mode ... LOL
0
 

Author Comment

by:JuaritaMoore
ID: 12558434
Lobo, after taking astaec advise, i changed the ad-adware finally got it to complete.  However, the system still reboots I am ready to do the ProcessExplorer stuff
0
 

Author Comment

by:JuaritaMoore
ID: 12561407
Hello out there in Lobo ... Land
0
 
LVL 17

Accepted Solution

by:
Lobo042399 earned 2000 total points
ID: 12562147
Hi Juarita,

Sorry, was away for a while.

Okay, the first thing to do is to run ProcessExplorer from a folder in your Desktop. It will give you a detailed list of the processes running in the machine. Double-clicking on any item in the list will produce more details like linked files, location, and other data. For now, from the ProcessExplorer window, hit File > Save to create a log. It'll generate a TXT log in the same folder from where you're running. You can open it with Notepad, copy the contents and paste it here.

Thanks
0
 

Author Comment

by:JuaritaMoore
ID: 12565664
Process      PID      CPU      Description      Company Name
System Idle Process      0      99            
 Interrupts      n/a            Hardware Interrupts      
 DPCs      n/a            Deferred Procedure Calls      
 System      4                  
  smss.exe      476            Windows NT Session Manager      Microsoft Corporation
   csrss.exe      524            Client Server Runtime Process      Microsoft Corporation
   winlogon.exe      548            Windows NT Logon Application      Microsoft Corporation
    services.exe      592            Services and Controller app      Microsoft Corporation
     svchost.exe      780            Generic Host Process for Win32 Services      Microsoft Corporation
     svchost.exe      816            Generic Host Process for Win32 Services      Microsoft Corporation
      wuauclt.exe      2260            Automatic Updates      Microsoft Corporation
     svchost.exe      900            Generic Host Process for Win32 Services      Microsoft Corporation
     svchost.exe      924            Generic Host Process for Win32 Services      Microsoft Corporation
     CCSETMGR.EXE      968            Common Client Settings Manager Service      Symantec Corporation
     CCEVTMGR.EXE      1072            Common Client Event Manager Service      Symantec Corporation
     spoolsv.exe      1316            Spooler SubSystem App      Microsoft Corporation
     alg.exe      1416            Application Layer Gateway Service      Microsoft Corporation
     AOLacsd.exe      1428            AOL Connectivity Service      America Online, Inc.
     CCPROXY.EXE      1448            Common Client Network Proxy Service      Symantec Corporation
     MDM.EXE      1512            Machine Debug Manager      Microsoft Corporation
     NAVAPSVC.EXE      1648            Norton AntiVirus Auto-Protect Service      Symantec Corporation
     nvsvc32.exe      1676            NVIDIA Driver Helper Service, Version 45.23      NVIDIA Corporation
     symlcsvc.exe      1784            Symantec Core Component      Symantec Corporation
     SAVSCAN.EXE      952            Symantec AntiVirus Scanner      Symantec Corporation
    lsass.exe      604            LSA Shell (Export Version)      Microsoft Corporation
explorer.exe      1656            Windows Explorer      Microsoft Corporation
 ctfmon.exe      456            CTF Loader      Microsoft Corporation
 IEXPLORE.EXE      2056            Internet Explorer      Microsoft Corporation
 procexp.exe      2884      1      Sysinternals Process Explorer      Sysinternals

Process: Procexp Pid: -2

Type      Name
0
 

Author Comment

by:JuaritaMoore
ID: 12571370
Lobo ... I am available for the rest of the evening.
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12571461
Hi Juarita,

that log looks clean. Did you say that you ran a full scan with Giant and now AdAware runs okay? If so, did you let AdAware do a cleanup. Another thing... What is the status on
 File name: Ad-Adware Se = c:\DocumentsandSettings\Owner\Desktop\Username\00190-7492696.~  ??
0
 

Author Comment

by:JuaritaMoore
ID: 12571827
I removed that file from the system deleted it
0
 

Author Comment

by:JuaritaMoore
ID: 12571829
this system still reboots while running adware se customs
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12571877
okay. let's try a different one. If you got Registrar....  please open it and navigate to the following path:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Can you post what's in there?
0
 

Author Comment

by:JuaritaMoore
ID: 12571926
I will download this and proceed to post.
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12571967
ok.

it's at the same ULR I posted before:

http://www.gatesofdelirium.com/ee/tools/
0
 

Author Comment

by:JuaritaMoore
ID: 12577077
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\(default)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe

Lobo, this is all I found at that location
0
 

Author Comment

by:JuaritaMoore
ID: 12577122
HKEY_CURRENT_USER\Software\Oak Technology\\(default)

I remember seeing an error message regarding Oak Technology should this be set to default

also what am i really doing right now... How would one know which values to change?
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12577279
Hi Juarita,

Oak Technologies used to make video and audio processing chips, but that was back in the 90's. They dropped out of that business in '98. They also made drivers for Okidata printers. A program called SimpliCD for burning CD's was also made by Oak a few years ago but that would not require a driver to load on boot. My suggestion would be that if the machine is not that old and uses video and sound cards that were not made by Oak, and does not have an Okidata printer, then I would remove that entry.

Could you please check the
 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce key?
0
 

Author Comment

by:JuaritaMoore
ID: 12579149
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\(default)

Here ya go Lobo ...

0
 

Author Comment

by:JuaritaMoore
ID: 12579150
Hey Lobo... Giant alway finds this ad-ware called DSO and usually can not remove it.  i run software again it is there again.  Most of the adwares take a few days or never show up again.  Why is this one so different?  It reads:

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-21-1651190144-2292464892-575712214-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, fixed)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


0
 

Author Comment

by:JuaritaMoore
ID: 12579155
could DSO cause this system to reboot?
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12579273
Hi Juarita,

a DSO Exploit is not a virus or a spyware but a bug in IE. The values you see (1004 and 3) are the right ones. To be on the safe side I would make sure the latest Windows Updates are installed, since Microsoft has a fix for the bug.

I'm baffled. Both Run and RunOnce reports are clean.

Is the machine rebooting when you log into the net or when you open IE? What happens if you log into the net and don't browse or do anything?
0
 

Author Comment

by:JuaritaMoore
ID: 12579295
no it actually reboots when i run ad-adware se 2 always i can run others and no prob
0
 

Author Comment

by:JuaritaMoore
ID: 12579308
so my thought is this... if it reboots when i run this software why i do not know... then the system will reboot when the cust gets it back when they try to do things that ad-adware does to certain folders.  However, the reboot was when on the internet at first we have fixed all that.  It does not reboot like it use to.  Mostly on the internet at first.  It would say the internet would shut down in a few minutes and then it would.  Now and then it would reboot at the desktop.  Now no reboots only when i run ad-adware se.  at least that is the only software that is rebooting this system right now.  
0
 

Author Comment

by:JuaritaMoore
ID: 12579383
Lobo... I tried to install SP2 over the internet yesterday on this system it stopped in the middle and said access denied unable to installl SP2.  LOL this sysytem is going to be the death of me.  Since then the system takes a long time to get to the desktop however, once at the desktop I am back to square one.  Hate to through this on you but why would a system take a long time to reach the desktop.  what could be the problem? Microsoft says maybe some files are missing.  However, the system would not boot at all.  They suggest do a restore with a full version of XP home.  I do not have full version, I have XP upgrade and most of my systems come with a restore disk that is manufactured by its maker which is no good.  
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12579386
Okay, wasn't sure about that.

This is what I'd do then. Uninstall AdAware, reboot, then run Windows Update, reboot (keep in mind not to run ALL updates at once, do it in batches of 4 or 5 at a time starting with the Critical Updates).

After doing that and having rebooted and tested that the Internet connection is ok, I would reinstall AdAware again.
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12580291
Arrrgghhh *L*

The new problem might have been caused by the aborted SP2 update. Didn't the machine come with a OS CD? I hate when manufacturers give you those repair CD's and not the real OS that you're paying for.
0
 

Author Comment

by:JuaritaMoore
ID: 12580842
No... this system didn't.  This system has presented more problems than it is worth.  I have been able to stabalize the system.  It still will not let Ad-ware do a complete install nor will it install SP2 can you believe that!
0
 

Author Comment

by:JuaritaMoore
ID: 12580857
SP2 get the error message access denied as it trys to install the updates right at the end.  I tried 3 times.  I finally found out from Microsoft that SP2 changes the local system settings to NT and that was why i was having problems with slow bootup.  After i changed those setting in the registry boot up was OK.  However, this system will not install SP2 nor will ad-adware completely run.  So, No SP2 nor Ad-adware Pro.  This system needs a complete restore of it with the original CD from HP.  Which means moving files and stuff.  TRIED
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12580876
I think you can go to Control Panel > Add/Remove Programs and uninstall SP2 if the installation got blotched halfway through.

If you have Norton Systemworks I would run a Registry Cleanup using the CleanSweep utility that comes with it, too. Maybe there are some Registry entries that belong to AdAware and are preventing it from running properly.
0
 

Author Comment

by:JuaritaMoore
ID: 12580923
Tried ... this system reboots before it will complete the actual uninstall.  Again right at the end.  I do not have Nortons system works.  However, you have the keen ability to come up with another software that would do the trick.  A good Idea!
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12581289
Hi Juarita,

Here's a link to a review of the top Registry cleaner software in the market right now:

http://www.registry-repair-software-review.toptenreviews.com/?ttreng=1&ttrkey=registry+cleaner+win98

The top scorer there is Advanced System Optimizer. You can review it and download a demo from:

http://www.systweak.com/asov2/

An all time favourite, Registry Mechanic, scored last in that roundup. You can look it up at:

http://www.winguides.com/regmech/

Good Vibes!

Lobo
0
 

Author Comment

by:JuaritaMoore
ID: 12586064
thanks for everything Lobo... Peace and Out
0
 
LVL 17

Expert Comment

by:Lobo042399
ID: 12586691
No problemo. Let me know how it goes.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question