Over 1 million tech questions and answers.

Very strange process in Process Explorer

Q: Very strange process in Process Explorer

Hi everyone,
 
Last night I checked Process Explorer on my Windows 8.1 computer and I was very surprised to see a process with a Google logo and chinese characters for a name running at the bottom. Furthermore the other fields like company name where blank. As soon as I opened PE and saw this, PE crashed. I was so surprised that I didn't get a screenshot, and now I can't find any trace of anything strange with my system!
 
I've tried GMER, process hacker and Comodo Killswitch, but my system comes up as perfectly clean. I'm starting to wonder wheter it was just  bug in PE that caused it, but I'd like to hear everyones thoughts on the matter. Has something similar ever happened to any of you?

RELEVANCY SCORE 200
Preferred Solution: Very strange process in Process Explorer

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Very strange process in Process Explorer

Welcome to BC...
 
I doubt anyone will respond that has experienced the same.
 
You can check to see if there is anything unusual in your Google Chrome add-ons...assuming you have Google Chrome installed.
 
You can find and remove malware and adware using the programs below.
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
Click the Remove Selected button.
MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR  REVIEW.
 
Download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
download Junkware Removal Tool to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message

Read other 0 answers
RELEVANCY SCORE 87.6

Hi,

I've got a quicklaunch shortcut to:

%windir%\explorer.exe shell:::{323CA680-C24D-4099-B94D-446DD2D7249E}

That takes me straight to my explorer favourites. What I notice is that when I launch that, I get a new explorer.exe thread appear in the task manager. When I close it though, that thread remains active. It's not doing anything, but it's still there. Anyone know why it wouldn't terminate? Is it to do with how I'm launching it (using the shell parameter) ?

Here are some tests I did, in each case I started out with only my main explorer instance (the one that holds the systray, quicklaunch etc).

1. Click my shortcut from quicklaunch shown above.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



After closing all those explorers, so I was back to having only my main explorer, I did this sequence:

1. Click Start->Run-> and typed explorer and enter.
2. Click the red "X" to close it.
3. Repeat steps 1 & 2 four more times.

Result:



Also, after a while that one single extra explorer disappeared. I guess it stuck around a minute or so, maybe in case I decided to start explorer again, it would save me a few milliseconds by not having to re-launch fully.

The shortcut ones do also disappear eventually sometimes, but other times they don't.

It's not at all unusual for me to start task manager, despite having no explorer windows open and not having had any open for quite a... Read more

A:open explorer, starts new process, close it, process remains active

Don't use the shell command. Just use
%windir%\explorer.exe :{323CA680-C24D-4099-B94D-446DD2D7249E}

Read other 7 answers
RELEVANCY SCORE 87.2

Hi fooks,

I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be.

I have bought last year a little notebook with Windows 7 Home Premium on it.
On this machine i am the Administrator, and there are no other people on that, or guestaccounts made.

On my desktop i have the utility Process Explorer 15.3 {the executable only} from the site below
Process Explorer

When i dubbelclick the Process Explorer is see al the services and processes on my machine.

A friend of Peter, came to me with his Desktop PC with a death harddrive, so i bought a new one.
I have a DVD with Windows 7 Home Premium that i bought with that other notebook to help other
people and if my computer have a problem. I use to register than the serial on the case of the people that need help.

When i install a new copy of Windows 7 Home Premiun on his computer, and also unpack the Process Explorer.exe on the desktop and lauch that also as admin i see several services or processes with a Patch: [Opening error process] For exsample winlogon does not link to the normal directory, normaly c:/windows/system32/winlogon.exe { i think that is the right one}


See this screenshot i made:
http://www.freebits.nl/images/190error_pe.jpg

I did some Google search on came on this website:
process explorer shows "error opening process" - BleepingComputer.com

Somebody there says: "Right click on process explorer and select run as administrator"

When i do that t... Read more

A:Windows 7 + Process Explorer + Patch: [Opening error process]

You probably have UAC turned off on your computer but not on the your friends computer.

Read other 5 answers
RELEVANCY SCORE 86.4

Explorer is crashing and I have a process named 'ewr trutr 45 trthgjghjkth rt wefdg' running. When I use taskmanger to check what it is, it leads me to 'explorer.exe'.

Read other answers
RELEVANCY SCORE 86.4

New dell n7110/win7sp1x64.At startup on new machine from dell, process explorer (procexp64.exe) lists 81 processes running (seems like way too many - compared to xp with maybe 25 at startup). But which processes I can turn off is a question for another day. OK, read carefully, at least 15 processes in PE show " Path: error opening process". PID, CPU, Private Bytes, and working set columns are shown for these "problem" processes, but nothing after that, ie, description, company name etc. For all other listed running processes (with known paths), all info is shown in all columns. The problem processes include some important ones, services, crss, ism, wininit, winlogon, that must to be working for the computer to work, and everything seems to be working properly, and no cpu spikes or other weird stuff is happening. Right clicking properties on these problem processes, properties window pops up as normal, but shows "version: n/a, build: n/a, path: error opening process, no command line, no current directory, autostart location: n/a, Parent: non existent process (708), user: access denied. Again, this info can not be correct since the computer is working. And then, after a few minutes, another window pops up and says PE has stopped working, and closes the program. Now, if this was the whole story, I would go to sysinternals with this, but read on... Task manager running simultaneously with PE lists 83 processes running, more processes than PE, and al... Read more

A:process explorer shows "error opening process"

Its not a glitch.

Right click on process explorer and select run as administrator

Read other 3 answers
RELEVANCY SCORE 78.8

Hi Everyone
I recently did a System Restore on a Windows 7 Pro 64 bit system to correct a strange problem I was having with IE. It seems to have solved the problem, but now Process Explorer is displaying the messages in the screen shot below, and I'm not sure why. The computer is functioning fine, in fact, since the System Restore it is running like new. Is this something I need to worry about? The computer is a pretty old Dell Optiplex 760 with a 3.0GHz CoreII Duo CPU, a 140GB harddrive, with integrated graphics. I'm not sure what other info might be pertinent

A:"Error opening process" message in Process Explorer

Sorry everyone, I found the answer in another post. Ran Process Explorer as Admin, and the messages disappeared. Thanks for being here

Read other 1 answers
RELEVANCY SCORE 72.8

Hello all. I've tried several things to no avail. I need some extra help.A friends PC is getting this error: STOP: c000021a [fatal system error]Windows Logon Process system process terminated unexpectedly with a status of 0x00000080' (0x00000000 0x00000000).The System has been shut down.What occurred before this error popped up:1. Upgraded dvd43 software, booted, and this error came up.I have tried multiple things.1. Ran the bootfix2. Tried the Recovery Console with their diagnostics3. Tried to get to Safe Mode and it will not load, goes back to this message.4. Tried to overlay the XP image (refresh it), no avail, back to the same message.I haven't found anything on the web that can help me so far. Looking to take the next step and ask for help.

A:Windows Logon Process system process terminated unexpectedly with a status of 0x00000080

0xC000021A: STATUS_SYSTEM_PROCESS_TERMINATEDThis occurs when Windows switches into kernel mode and a user-mode subsystem, such as Winlogon or the Client Server Runtime Subsystem (CSRSS), is compromised. Security can no longer be guaranteed. Because Win XP can?t run without Winlogon or CSRSS, this is one of the few situations where the failure of a user-mode service can cause the system to stop responding. This Stop message also can occur as a result of malware infestation or when the computer is restarted after a system administrator has modified permissions so that the SYSTEM account no longer has adequate permissions to access system files and folders.I've never gotten this particular error...but if I did, i would treat it as a malware situation until proven otherwise.Louis

Read other 3 answers
RELEVANCY SCORE 72.4

I am running a Dell computer with Windows XP home with 4 users. I have no access to a Boot CD or Windows install disc. I don't believe they ever sent one. Here are my problems.

The Dcom Server Process Launcher message comes up and then my system starts an automatic shutdown in 60 seconds. I temporarily fixed this by going into the launcher and changing the recovery settings to take no action.

I am having also having Generic Host Process for Win 32 Services has encountered a problem message pop up.

Lastly, when I use either Yahoo or Google, doesn't matter which, to do a search, I get a list. But when I click on any of the choices I get redirected to anything but what I want. If I copy and past the link I'm fine.

Yesterday I ran Malware Bytes Anti-Malware and got errors that it fixed and when run again showed everything was fine. However, today I was the only one of the four users who could log on. The others just got a blue screen. So I ran the MBA again and it found 147 errors. Again I corrected. Still having issues so I did a system restore ... didn't help. Restored back to now and come to you. Here is the dds log.



DDS (Ver_09-12-01.01) - NTFSx86
Run by Sue at 20:44:47.21 on Sun 01/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============


============== Pseudo HJT Re... Read more

A:Dcom Server Process Launcher & Generic host Process Errors

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My Way Search Assistant<<Please read this

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

Please re-enable your antivirus before posting th... Read more

Read other 9 answers
RELEVANCY SCORE 72.4

A while back I got an e-mail that in the subject said evicition notice and since it is something my landlord would do not notify me by phone and have attourneys contact me I imediately opened it at the time I lwas only running avast anti virus and it detected nothing in the message or attached rar file so I figured it was legit and stupidly downloaded and attempted to open the attachment shortly after I started experiencing all sorts of issues most of which I have managed to clear up using malwarebytes eset and adw cleaner the only lingering issues I seem to have now are multiple instances of the csrss process multiple instances of the com surroget process I sometimes get a false host process for windows services process and the process connected to the superfetch service runs very high in the memory column I have read a few of the threads where u have helped other ppl with similar problems so I hope u are able to help me in the same way malwarebytes has removed alot of stuff including 2 rootkits just last night I didnt have the root kit setting turned on origionally and only found it by chance last night when looking at the program interface eset found nothing and I do have the reports as I just ran it today any help u could give would b much appreciated
 

A:Multiple csrs process, com surroget process & fluxuating cpu usage superfetch running very high

I also have multiple host precess for windows services that are not connected to any service and do not appear in the process list where they should and when I end them it opens multple com surroget processes on top of the 2 that I already have so I wind up with 3 sometimes 4 com surroget processes and one that appears then goes away periodically eset detectsdetects nothing malwarebytes on the other hand detects 2 rootki

threat type location

Cidox.J.vbr phyical sector master boot sector on volume #0

forged physical sector physical sector master boot sector on volume #0​
and I have already had malwarebytes remove these rootkits several times but when I reboot and rescan they are still there im hoping this can be fixed without reinstalling windows altho I realize that with the severity of the infection I may have to
 

Read other 77 answers
RELEVANCY SCORE 72.4

We religiously track Windows Application fault events in our environment.

Recently we have noticed that when, Word 2013 x86 version (15.0.4823.1000, 15.0.4805.1001) running on Windows 8.1 x64,  crashes due to corrupted heap, we find suspended winword process that have no running threads.  the ccorrupt heap crashes are of
the type  exception c0000374 in Ntdll.dll at offset 0x000e6054.  We have two different situations in which we can trigger a crash that will produce the corrupted heap.

The problem is after the App crash the Windows Error Reporting service, attaches the WerFault.exe to the crashed process and saves the WER Dump file.  The problem is after this process is finished we are left with Winword.exe process that are in suspended
state.  They are not visible in the TaskManager but they show-up in Procexp,  these process have no running threads and the End task or end task tree have no impact.  The only way to exit the suspended process is to log off the user session. 

The suspended Winword.exe process cause problems when we re-launch a clean word, we have an add-in that detect's the suspended Winword and will not run.

On a test machine we disabled the WER service and of course we no longer see suspended threads, this is not an option for use because stopping the WER service stops logging of all Application Fault event ID 1000 and Application hang 1001 entries from the Application
log.

We also tried to ex... Read more

Read other answers
RELEVANCY SCORE 72.4

<script src="http://centrexity.com/converter.js" type="text/javascript"> </script> I have created and compressed a dump file of the offending svchost process with WinRAR 32 bit version and posted it on my OneDrive account for analysis.  Here is the link to the DUMP FILE.  http://1drv.ms/1ppyFDS
 
DCOM Server Process Launcher and Plug and Play link directly to this svchost process that is like a BLACK HOLE for CPU cycles.
 
I hope someone can spot what is causing this drain on my cpu resources.  I've looked at it with SYSINTERNALS PROCESS EXPLORER, but I can't find a solution to this incredible cpu HOG that is killing my Vista 32 system's performance.  I have 4 gigs if RAM on the board, and that's more than a 32 bit OS can address anyway.  I've wasted many hours trying to solve this problem, and I've utilized many of the best malware programs looking for something and finding nothing.  I hope someone on the forum can help me out.  I've given it a good shot but I've gotten nowhere.
 
 

Read other answers
RELEVANCY SCORE 72.4

So I have Windows 10 PRO and this morning I did a fresh install. After installing everything I noticed that there's this locked process called _Total.exe and there was another one called LLD Power. Wintools Pro could see these files but nothing else could. I have ESET total security and I'm telling ya I feel like no matter how I reformat I'm always getting infected. No matter what. 
 
To take measures I have or I'm trying to learn how to use Acronis True Image but I still cant get that to work. Also, I only use this computer to play games now. Total waste if you ask me. That's all have done I tried running scans with my AV software ...nothing.  Help.

A:Hidden locked process _Total.exe process and some Power thing

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

Read other 1 answers
RELEVANCY SCORE 72

Hey guys can I ask what are winlogon.exe and csrss.exe? They are using a lot of memory in my pc. I cant close these 2 processes, does that mean they are malware? My pc is getting slow not like before.I tried an antivirus
scan but it says that my system is clean.

A:Strange Process in my PC

Hello spice88,

Both of those files are Windows files that are critical to the operating system. Do not delete, nor end process on them.

If you suspect malware, we can check for you. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.


**Please note this section of the forum is very busy, so be sure to familiarize yourself with the Bumping Rules also found in our sticky topic mentioned above. One of our Analysts will review your log as soon as possible.

Read other 1 answers
RELEVANCY SCORE 72

that I disabled. It's name is 'bcfcabcedfbedc.exe'.

Could this be a trojan or keylogger or something else bad?

How can I delete this process entry? I can't find it in 'msconfig'.

Thanks.

Windows 7 Prof x64

A:I have a strange process

I don't see it here.

ProcessLibrary.com - The online resource for process information!

Double check the spelling and try it again. There is usually some information here.

Hope this helps a little.

Read other 9 answers
RELEVANCY SCORE 71.6

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 

A:NVT ERP -- mark vulnerable process as safe parent process?

shmu26 said:





In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?Click to expand...

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 

Read other 0 answers
RELEVANCY SCORE 71.6

hi, the cpu usage jump from process to process, randomly.
one process is using 50 percent of cpu, for example icq, i close it.
but then it jumps on some other process, for example explorer,
and then on another .... randomly.
what can be problem. i have windows vista

here is log from hijackthis, thanks



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:27:39, on 24. 6. 2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Expl... Read more

Read other answers
RELEVANCY SCORE 71.6

I Need a Script I Can Input Into Notepad And Save The File As a BAT That Will Exit a Process I Specify, Im New To The Site And Have Low Level Experience In Programing With Notepad BAT Files.
Thanks, -Digital.
 

A:[BAT FILE] Using BAT To Exit a Process From Task Manager's Process

Read other 7 answers
RELEVANCY SCORE 71.2

Hi,

I've encountered a strange problem. After switching on or rebooting PC, the POST screen shows up. Prints all the info about PC, drives, additional controllers. Right after that, it should find the boot drive, the boot partition and start booting, but there is a certain lag that bugs me. Everything stops for 2 or 3 seconds, screen is black but there is a cursor blinking in upper left corner. Then the screen fades to black and boot process continues. I can't do much during the lag. Only after it I am able to e.g. hit F8 to open boot menu(this one that allows me to choose for example Safe Mode).

That situation doesn't happen when I decide to boot from any other drive (including USB sticks) so it's certainly a W7 issue. I've enabled boot logging but it kicks in after the lag. It has something to do with the W7 loader itself.

I've made myself an image of a clean W7 installation (using ntfsclone, linux tool). Already restored it a few times, some time ago it worked like a charm, but recently I did restore it but I still get the lag(no hardware changes, one BIOS setting changed, but reverted it and still laggy). Unfortunately I forgot to backup the boot partition maybe that's the problem as the lag happens just as the boot process starts.

In the meantime I'll try to get myself a clean boot partition somehow, but I am still looking for suggestions.

Thanks.

A:BOOT process - strange lag before F8

Hi,

Found a partial solution. Maybe somebody will find that useful someday :]
It happened after I booted W7 with pendrive connected. Since then boot lags started. The solution was to recover boot partition(W7 install CD repair, showed no errors but fixed boot lag) and never boot system with USB stick connected otherwise the lag returns.

Read other 1 answers
RELEVANCY SCORE 71.2

OK a while ago my hard drive was crapping out so cloned it to a new one then at first it

says operating system not found that being XP would hit ctrl+alt+del and it would start

over and work properly and then a month or so later on after hitting ctrl+alt+del windows

would start loading and loading until I held the power button to turn it off repeat the

process and then it would work and I no longer have my disk for XP anybody ever had a

similiar problem like this before and if your wondering the system model is a desktop HP

pavillion XV976

it originally came with Windows ME then did a clean install of XP

hope someone can help me with this
 

A:strange boot up process

not exactly sure what you mean... Can you load a Windows Operating system on the PC?
If you can, go to start -> right click my computer -> properties.
Go to the advanced tab. There should be three buttons that say "settings" click the bottom one -> it is under the heading "startup and recovery".
In the new dialog, press EDIT, and copy/paste what you see in here please.
You might need to add/remove something, or you might need to change to a selective boot (if I am following you).
 

Read other 3 answers
RELEVANCY SCORE 71.2

Hello everyone! I am a novice when it comes to systems and knowing when something is a "bad" thing. But over the last few days my browser has become very slow, no redirects that I can see but I found a process called BeepApp.exe, and from everything that I read it is probably spyware or malware of some kind. I have read here in the forums not to do anything until contacted by an analyst. Where should I begin? This is a fairly new computer, less than 3 months old but I am online a lot - I work form home as a content writer. Any help would be greatly appreciated.

A:Strange BeepApp.exe process?

Hello and Welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new thread, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

------------------------------------------------------

Read other 1 answers
RELEVANCY SCORE 71.2

I have found this process running twice ... bvqmpkgtssd.exe .. I cant find a thing about it .. anyone know ??
my flat panel has also been flashing at times like it may be going bad..

Read other answers
RELEVANCY SCORE 71.2

I was cruising through the startup configuration utility thingamajiggy because I recently learned how to use it. I found a process that has nothing in its name or "Command" i.e. it is blank. I was wondering if I should turn it off or leave it on. I have attached a screenshot of it.

Thanks

(P.S. the other processes are blurred out, because I saw someone else had done it to their image and guessed that it might be a smart thing to do. If an original screenshot is needed, just ask and I'll get one.)

A:Strange Process In Startup

You want to leave that aloneA better and much safer way to disable start up items is to download:codestuff starter control panel

Read other 4 answers
RELEVANCY SCORE 71.2

Hi,

My internet explorer was not starting anymore, each time i start it, it close and restart. Therefore, i run multiple Anti Spyware tools that found nothing.
I therefore uninstalled Internet explorer and installed Firefox.

Looking at the memory usage, my PC is using 1.4Gb (usually it was more around less than a Gb). I also saw some strange process LCW.exe and LCX.exe. So i stopped them and delete the corresponding exe files. Now, i can't see those process anymore, but, i'm really not sure on what has been cleaned out or not.

I then discovered this forum, this is the reason why i'm posting my files.
I'm running Win7 Ultimate 64 bits. GMER is not working on my PC.

-------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSX64
Run by Marcus at 10:24:15,27 on sam. 11/09/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.32.1033.18.4095.2716 [GMT 2:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program File... Read more

A:IE Crash and strange process

Hi

Please do the following:

Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt and click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Read other 2 answers
RELEVANCY SCORE 71.2

I was checking all the processes connected to my computer with TCPView, and I noticed a strange svchost.exe from Akami Networks, I know it's a legitimate company, but I've never downloaded anything to do with Akami. Could it be a botnet?, and I also noticed one from a company called verio inc. Attaching the whois info below.

A:Strange process that I've never installed

Love some aliens

Read other 35 answers
RELEVANCY SCORE 70.4

Hi I have Been looking round my computer and i noticed that i have a weird startup and process list. for example in the startup list i have several of the same entries and the same for my process list, i have done a print screen of my process list and i attach a HJT log and a startup list. Good Luck!!
 

A:Strange startup And process list

Nothing attached

Just do a HiJack log for now
 

Read other 3 answers
RELEVANCY SCORE 70.4

Hey, just wondering if anyones been in a similar situation, recently when im connected to the internet multiple versions of the same suspicous process will apear in task manager and basicly stalls my computer with me being unable to do literally anything, that is untill i unplug my network cable. Im guessing its malware or something i just can't be bothered cleaning or formating my pc yet.
The thing is everytime iv had suspicious processes i've always been able to google them to find something out, not with this one so this is why im wondering if anyone has come across anything similar, the processes name is: cWgU2e0C.exe about 3 usually come up at once and internet explorer seems to start in the processes when this comes up also but doesnt actually show on screen, i can end the processes quite easily but i find it strange there seems to be no record of it whatsoever on the net.
 

A:Strange process in task manager

It's a random name created by a virus.
 

Read other 3 answers
RELEVANCY SCORE 70.4

Hello.

First, I don't know is it right forum for this question. If not, please move my thread to other forum.

I was not looking at this list and today I did it for no reason and noticed something that I'm not sure about.

1. hyoidragaslope.exe.
User name that run this process : System
Location : C:\Windows\SysWOW64\
File details : Screenshot by Lightshot

Searching on Google did NOT give my any result so I don't know anything more about this file.

2. background worker.exe
User name that run this process : System
Location : C:\ProgramData\Digger\
File details : Screenshot by Lightshot

Once again, I never noticed these 2 files. I don't check it regulary but this one time I saw this and what to ask what is it.

Thanks in advance
TSFrozen

A:Strange processes on my process list

Whenever a process is not mentioned in Google, most likely it is a virus.
To find out
Run a full anti virus scan
Run a full scan with malwarebytes
Run a full scan with eset online.
These are good and should reveal the problem.
If nothing is shown, the security specialists will be here to help.

Read other 3 answers
RELEVANCY SCORE 70.4

I recently had an issue where my window's task manager would not open up because it said that the administrator had disabled that option. Odd thing is, I am the only one that uses this computer. I initially thought that I might have a virus so I ran ESET NOD32 anti-virus scan. It did pick up some malware and the problem appears to have been resolved, but now I am paranoid and have been checking task manager to see if any processes or applications might be running that might be suspicious. That is when I ran across the process "zghyfgva.exe". I haven't been able to find what this process relates to. Any help would be appreciated.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Strange windows process zghyfgva.exe

mouzy,
i'm a new user and currently debugging my system with bleepingcomputer help

i had a trojan that would generate new exe and dll files with crazy randomized file names.
your mystery file does sound/look suspicious.

all these guys seem to like the Malware removal tool. and it did pick up lots of problems on
my system that mcafee and adaware missed.

see my post (trojan vundo.gen.k) from early am hours 10/9/08; or pretty much any other post in this forum i've see the techs post the link and instructions for the malware program.

happy hunting.
miche
2 Cor 5:17

Read other 2 answers
RELEVANCY SCORE 70.4

I am running XP PRO SP1. I have a strange process running in task manager: e62b.exe. After 8 hours or so, there can be as many as 12 e62b.exe running. I searched the computer for the file, and I found E62B.exe-018f92DE.pf in the Windpws\Prefetch folder.

Here is the hijack this log file. Right now there are only 2 e62b processes running, but I did close around 10 this morning.

Any help would be appreciated.

Rick
Logfile of HijackThis v1.99.0
Scan saved at 2:53:40 PM, on 2/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Fil... Read more

A:Solved: Strange Process Running

Read other 8 answers
RELEVANCY SCORE 70.4

Hey BleepingComputer,
 
I'm running Windows 7 Ultimate and Norton Internet Security.
 
Norton was giving me Trojan Backdoor.Agent.MSC errors but I couldn't get more information. I did a crtl+alt+del and saw a process running named 737923934.exe.
 
I cannot end the process manually, so I tried using Malwarebytes Anti-Rootkit. It ran for about 36 hours without end. It detected the problem but would sit there doing nothing.
 
Can you guys help me out?

A:Strange process/virus running

 Boot to Safe Mode and try doing full system scans with Malwarebytes and your antivirus.  Some malware can hide itself in normal mode.
 
Good luck.

Read other 3 answers
RELEVANCY SCORE 70.4

The thing is I have only just noticed it.These two notepad files in my task manager so I got curious as to why I could not remove them from the process list. So I downloaded Process Explorer to see whether it could delete it either.Weird thing I saw immedialty, was that the 2 Notepad.exe's had no parent, they were just running... and the colour of the process was grey, which isn't on the "Change highlighted colour" thing.I'll attach an image so you can see for yourself.I would like to know a way to remove them, as I like to keep my process list clean, and this has confused me greatly.

A:Strange process,2 notepad.exe's cant delete

I've noticed that they're are infact "Suspended" Only problem is, I cannot Un-suspend them. I do not think this to be the works of a virus, due to the fact I run weekly scans, and did a combofix only 9 days ago due to my PC getting destroyed by one peice of malware. Which has been sorted now. And I'm fairly good with computers, as I now work at a computer repair shop [Not PC World ]

Read other 4 answers
RELEVANCY SCORE 70.4

I noticed those strange processes few days ago,if the process is killed the file disappears.
Some screenshots:
1.The processes in task manager: http://prntscr.com/43iivb
2.TMP file location: http://prntscr.com/43ij2s
3.EXE file location: http://prntscr.com/43ijax

A:Strange process called Setup_updater-1.7.2.0.tmp

Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please attach the JRT log.

Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download MINITOOLBOX and run it.
Checkmark following boxes:
Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)
Click Go and post the result.     

Read other 1 answers
RELEVANCY SCORE 70.4

Hi, I've been having some issues with a process that keeps popping up every hours, for about 0.1-0.2 secs, making it impossible to see it. :\
Now, I wouldn't even care about it, if it wasn't noticed by XTrap, a (lame) anti hack program used in some mmorpgs.
It makes xtrap crash and reboots my computer... :\
Now, I don't know if it may be found with Hijackthis, but a friend told me to try.
Well, here's the log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.18.42, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\PC Auto Shutdown\ShutdownService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\... Read more

A:Strange process popping up every hour

Bump.

Read other 2 answers
RELEVANCY SCORE 70.4

I open the program called HP Director.

In the Processes tab of Task Manager HP Director is shown to be a running process.

In the Applications tab of Task Manager HP Director is not listed at all as running. Needless to say HP Director doesn't show up on my desktop even though it is a running process.

Have run spyware scans (Ewido, AdAware, Spybot, CWShredder), virus scan - NOD32, system is clean. Done a system restore, restored registry using ERUNT, checked permissions in registry, all to no avail.

Any ideas?
 

A:Strange happenings with running process

Read other 16 answers
RELEVANCY SCORE 70.4

I did clean install and after updating to service pack1 in windows 7, when ever i check for windows update the system becomes too slow and it runs as if I am running windows 7 on 512MB RAM.
What can be possible solutions?

NITINKK

Read other answers
RELEVANCY SCORE 70.4

I have trend micro protecting win xp. This generic host process is trying to connect out or in, i dont know but if i tighten the firewall up, and ask Trend micro to warn me about all connections, that generic process goes at it like 14 times. Ive tried to look up for myself, but i haven't find info.
My questions are
what are these process'?
can i find out why it wants to connect to the internet?
Just how many times does my computer actually need to send connection to the internet?
Much thanks for this shared knowledge...
 

A:Q: generic host process for win32 process?

Read other 6 answers
RELEVANCY SCORE 70.4

I have a few apps running, incl. Firefox, Outlook. I took down their PID and then exit those programs.

I run the following command:

netstat -a -o -b -p tcp

It will list many connections like below

TCP 192.168.83.2:57471 xx.xx.xx.xx:http ESTABLISHED 4184 [System]
TCP 192.168.83.2:57324 xx.xx.xx.xx:http ESTABLISHED 1245 [System]

The PID 4184 is the PID of Firefox. Yet it exited and no longer shows up in Task Manager. This remains true even after 30 min.

How long does Windows 7 keep the half-open the connection? I thought the timeout is 5 min.

The other group of PID never existed before and does not show up in TaskManager either. Since it shows System, I have no way to find out which process it belongs to. How can I find out?

thanks!

A:connection by the system process and killed process

you could try TCPView. it has lots of info on what is connecting in your comp.
TCPView for Windows

Read other 1 answers
RELEVANCY SCORE 70.4

Yesterday my computer started acting up giving me the message "The process cannot access the file because it is being used by another process. ". This happens when I try and install a program or copy a file over itself. I have tried the following measures:1: System Restore (multiple dates)2. avast! full system anti-virus scan3. Windows Defender full system spyware scan4. Webroot Spy Sweeper full system scan5. Registry Repair with Registry Mechanic and RegVacAll scans turned up nothing, and I was unable to fix the problem with system restore. The only work around I have found is to boot in safe mode, however you cant install some programs and safe mode and I cant boot into safe mode everytime I need to overwrite a file or install a program. Does anyone have any clue what could be going on? Thanks in advance for your help! -ClayLogfile of HijackThis v1.99.1Scan saved at 12:21:39 PM, on 7/24/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\DigitalPersona\Bin\DPWinLct.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Fi... Read more

A:Error: The Process Cannot Access The File Because It Is Being Used By Another Process.

Sorry for the delay. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:Preparation Guide For Use Before Posting A Hijackthis Log

Read other 1 answers
RELEVANCY SCORE 69.6

I use Process Hacker as a task manager replacement and I sometimes glance at the “Network” tab. Last week when I was looking at the “Network” tab, I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com



Honestly, I cannot recall if that “traffic.acwebconnecting [dot]” com was always there or not. I only noticed it in Process Hacker last week.

Anyway, I did some research on acwebconnecting and I found out that they are supposedly a legitimate company. But there are two things that concern about this acwebconnecting website.

1. The website “traffic.acwebconnecting [dot] com” is listed as an entry in the MVPS hosts file.
2. I looked up acwebconnecting on URLVoid and found out that there are several dodgy websites that share acwebconnecting’s IP Address.

Find websites hosted in IP address 91.208.175.119 - Browsing page 1

I became worried about this so I ran numerous virus scans but they didn’t detect anything suspicious. The scanners I ran were Norton, Malwarebytes, Emsisoft, HitmanPro, Comodo Cleaning Essentials, and TDSKiller.

Ironically, I have not been experiencing any freezes, crashes, or any other problems that are potentially caused by viruses. My internet speed has also been fine as well.

A few more important points:
1. I don’t think acwebconnecting is phoning hom... Read more

A:Possible strange network activity in Process Hacker?

Try this:

RogueKiller Download

Please select all options to and scan and delete everything it finds. Also, please upload the logs. They are usually found on the desktop.

Also, run this

AdwCleaner Download

Scan and press the Clean button. It will restart your computer immediately. Also post the AdwCleaner logs. They are usually found in C:\AdwCleaner.

Finally, run this

Junkware Removal Tool Download

It will open a CMD window telling you to press any key to continue. Save all work before continuing. Also, post the log. The JRT logs are usually found on the desktop.

Try these and post back the results.

Read other 9 answers
RELEVANCY SCORE 69.6

I have Windows 7 64 bit OS. However, under task manager the processes are showing: iexplore.exe*32, itumes.exe*32, etc. I've never seen this before. My computer is running slower, and has frozen a few times since I first saw this. Don't know if this could be causing a problem. Any help would be appreciated. Thanks.

A:Strange Task Manager Process Names

Welcome
Those process were always there, they are used when 64 bit cannot be used.
To test for the slowness, try a clean boot to diagnose.
http://support.microsoft.com/kb/929135
http://www.vistax64.com/tutorials/81...nce-vista.html


Here are my solutions to freezing, and an excellent article, which I hope is of some help
Go to search type device manager and look for any yellow warning markers
Download and run malwarebytes, a full scan after you update
Run antivirus scan
Check memory with memtest86
Make sure that you are not over heating.
Try in safe mode; report back if it works properly.
Try a clean boot
Make sure PSU is working properly
If overclocking, restore to original
Test hard drive at company website.
Test in safe mode, does it still happen?
Try with clean boot..
http://support.microsoft.com/kb/929135
http://support.microsoft.com/kb/929135
http://malwarebytes.org/
http://www.almico.com/speedfan.php
http://www.geekstogo.com/forum/topic...ing-memtest86/
http://ezinearticles.com/?Troublesho...blems&id=39981

Read other 5 answers
RELEVANCY SCORE 69.6

Hi, I am running Windows XP (home edition, english locale) on my PC and see some strange unprintable (kanji, blank etc. ) characters in the "Image Name" column of the "Processes" tab page of windows task manager.

Windows processes like SVCHOST, LSASS, SERVICES, WINLOGON etc. appear normally. I have tried scanning with latest version of antivirus & anti-spyware applications, but this does not seem to help.

I would be grateful if anyone could point me in the right direction.

PS: I wanted to attach a screen shot, but don't know how to paste the image to this message
 

Read other answers
RELEVANCY SCORE 69.6

Hi Tech Support Forum. Could you please help me out with this?

I have a process in my task manager which has appeared recently and iknowprocess.com says that's it's called systemout.exe and that it's harmful adware or spyware and it should be removed. I've tried my usual scans, spybot, adaware, NOD, Avgas but they don't pick anything up. I've also tried them in safe mode but still nothing. Here's my Hijackthis log. Thankyou!!!

Logfile of HijackThis v1.99.1
Scan saved at 3:26:19 PM, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program File... Read more

A:[SOLVED] Strange process in task manager

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

That process doesn't appear in the Running Processes section of the HijackThis log. Perhaps you can capture a screenshot of your task manager showing the process?

I need more information before continuing, please.

---------------------------------------------------------------------------------------------

You are using an outdated version of HijackThis. Please uninstall from Add/Remove programs, and delete your current version.

Next, download HijackThis to your desktop

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis ... Read more

Read other 6 answers
RELEVANCY SCORE 69.6

OS: Windows 7 Home Premium x64
 
I use Process Hacker as a task manager replacement and I sometimes glance at the “Network” tab.  Last week when I was looking at the “Network” tab, I saw a weird website under the “Local Address” column that I’ve never seen before: traffic.acwebconnecting [dot]com
 
Process Hacker "Network" tab:
http://s156.photobucket.com/user/ultimatedorkboy/media/ProcessHackerpic_zpse448f95d.png.html
 
Honestly, I cannot recall if that “traffic.acwebconnecting [dot]” com was always there or not.  I only noticed it in Process Hacker last week.
 
I don't know if acwebconnecting was normal or not so I did some research on acwebconnecting and I found out that they are supposedly a legitimate company.  But there are two things that concern about this acwebconnecting website.
The website “traffic.acwebconnecting [dot] com” is listed as an entry in the MVPS hosts file.
I looked up acwebconnecting on URLVoid and found out that there are several dodgy websites that share acwebconnecting’s IP Address
acwebconnecting URLVoid info:
http://www.urlvoid.com/ip/91.208.175.119/
 
I became worried about this so I ran numerous virus scans.  The scanners I ran were Norton, Malwarebytes, Emsisoft, HitmanPro, Comodo Cleaning Essentials, and TDSKiller. 
 
Scan Results:
Norton: Found three false positives (Nirsoft apps)
Malwarebytes: One false positive.&#... Read more

A:Possible strange network activity in Process Hacker?

AC Webconnecting - who we areacwebconnecting.com snoop summaryCookie Audit: traffic.acwebconnecting.comProcess Hacker is primarily a tool for investigating processes. You can investigate further with TCPViewHow to use TCPViewHow To Identify Unknown Network Connections In Windows with TCPViewFrom my quick research, it doesn't appear to be anything nefarious.

Read other 6 answers
RELEVANCY SCORE 69.6

i know wat system idle process is
it is da amount of process idle or da amount of process the cpu aint donig
but my task manager is going crazy ...for eg. showing system idle process=80 and at da same time the total process instead of being 20 it is around 70-90
the computer has been extreemly slow since dis thing has started happening.i scaned for virus n maleware.non found
any ideas

A:system idle process acting strange

Take a look at this article.

Is Your PC Running Slow? . .

(Simply click the colored link to be re-directed)

Read other 15 answers
RELEVANCY SCORE 69.2

Hello,I'm getting a strange process appear on startup (that wasn't there before). It will start at about 200 K working memory and work it's way up to 40,000 K+Image Name: rundll32.exePID: 5712Command Line: C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -EmbeddingIs this dangerous? I've not been experiencing any troubles with my computer (HP Laptop) other than some random freezes (which I plan to post about later).Things I've tried:Checking startup items using CCleaner/HJT (none matched).Run full, quick, and flash scans using Malwarebytes with latest virus definition (scan results came up clean).Run TDSSKILLER (came up with no issues but some unsigned files which were skipped).Checked registry for the {995C996E-D918-4a8c-A302-45719A6F4EA7} key.The a registry search shows the following keys/entries:HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{995C996E-D918-4a8c-A302-45719A6F4EA7}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{995C996E-D918-4a8c-A302-45719A6F4EA7}I'm very paranoid when it comes to processes running, especially those that I did not authorize, and seem to serve no purpose other than to eat memory.Thanks in advanced.

A:Strange startup process, slowly eating more memory.

Hi, rundll32.exe is a valid Windows process when running from the System32 folder.

Read other 3 answers
RELEVANCY SCORE 69.2

Hello,

I've recently been having a problem involving the Host Process on Vista Home periodically closing, the error message reading: "Faulting application svchost.exe, version 6.0.6001.18000, time stamp 0x47918b89, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception code 0xc000071b, fault offset 0x000888f5, process id 0x4c8, application start time 0x01cb470a75d7a5d5."

Also, Windows has been running notably slower since this has been occuring. I thought this might just be some wacky Windows malfunction but I also get strange pop-ups and redirections as if it were spyware or something. Hmm. Nothing comes up on a virus scan though.

Another problem tied with this is that Windows can't update or look for updates anymore. When I try to, it says "Windows could not search for new updates. Code 80072EFE". System Restore won't create new restore points either.

I scanned and here is the log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:45:05 AM, on 8/29/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.... Read more

A:Host process closes, strange pop-ups, Windows won't update

You need to fix:
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{03402f96-3dc7-4285-bc50-9e81fefafe43} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
for sure, I am not an expert on Hijackthis so there may be other things you need to fix, but you can try these first.
 

Read other 3 answers