Windows Legacy OS forum

General discussion

processes unknown for me running in my pc, help identify....

by spy HH / January 4, 2005 11:12 PM PST

hi,

i recently had a spyware and also im taking the cnet online course of combating spyware.

im surfing more lattely in the task manager, trying to find the process and cut it off from the task manager.

also tried from active ports, but what i want it's to cut it from running as a process.

but im afraid to cut some process of the system, so i only cut off the ones that says running by the owner not on the system.

there are some suspicius proceses that i cannot identify and i wish someone to tell me:

these are:

-realshed.exe
-qttask.exe
-rnathchk.exe
-itmsg.exe
-ctfmon.exe

can anyone tell me what these processes make in my pc while in internet or not in the internet.?

im running a win-xp home edition sp2, mem ram: 248 mb,
celeron 2.80 GHz, 80 Gb of hard disk.
my browser default browser it's netscape.

Discussion is locked
You are posting a reply to: processes unknown for me running in my pc, help identify....
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: processes unknown for me running in my pc, help identify....
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Reduce your list before you post. Here's how.
by R. Proffitt Forum moderator / January 4, 2005 11:17 PM PST
Collapse -
thanks, it really work out!!
by spy HH / January 6, 2005 11:19 AM PST

thanks, this also showed me up a new page: the process library!!

here's a tip for you if you didn't knew about.

in this site you can search dll's, exe's and exe's process running on your pc showed up in the task manager and you can check out the directory.

thanks, thanks to what you said i discovered this page and i looked up all those unknown proccess on my pc.

try and look up in this process library at

http:\\www.processlibrary.com

Collapse -
FYI,
by Cursorcowboy / January 4, 2005 11:34 PM PST

please be advised of the following:

1. Microsoft recently announced the availability of Windows XP Service Pack 1 (SP1). Initially, owners of HP Pavilion home PCs and Compaq Presario 6300 series desktop PCs installed with Windows XP, were recommended to delay installation of SP1. The reason for this recommendation is that SP1 was discovered to be incompatible with the PC system recovery tool. To resolve this incompatibility, HP developed a new patch named "SP1RcvryFix.exe." This patch can be installed before or after installing XP SP1 to correct the incompatibility with the PC system recovery tool.

2. The article [Q811493] explains that you may experience slower computer performance after you install the 811493 (MS03-013) security update package on a computer that is running WinXP Service Pack 1 (SP1) or after you upgrade to SP1 on a Windows XP-based computer on which the 811493 security update was previously installed, and that the patch can be removed if installed. This problem may be more likely to occur if you use some features of some third-party programs, such as antivirus programs. For example, this problem may occur if your antivirus program is configured to scan all files when you open (or you run) them. This is sometimes called "real-time" scanning.

3. For identifying devices on the computer, view the Setupapi.log file which is by default located in the %SystemRoot% folder. Sometimes a device name listed in Device Manager can be misleading. For example, a device may be listed as a serial device, when in reality it is not related to a serial port. This typically occurs when a partial Plug and Play ID is available that is interpreted it as a serial device and may occur because of a compatible ID specified by the device. This can usually be corrected by locating the device's startup program that may not be behaving properly and either reinstalling or configuring. Please review and understand the contents of the article, "How to Troubleshoot Unknown Devices Listed in Device Manager (Q314464)".

a. The TechNet article "Setting SetupAPI Logging Levels" explains that you can control the amount of information written to the SetupAPI.log -- either for all Setup applications or for individual Setup applications, by changing the level of information written for all Setup applications by creating (or modifying) the following registry value. By setting this value (using the values listed in the tables furnished in this article) you can choose the level of errors that are logged, modify the verbosity of logging, or turn off logging. You can also log information to a debugger as well as to the log file:

HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\LogLevel

b. The article [Q318187] explains that you may encounter various intermittent installation failures if you use a Cmdlines.txt file to install third-party drivers or one was used. These failures may include errors in the SetupAPI.log file, broken digital signatures, and corruption of other files. Cmdlines.txt is intended to install applications, to run registry updates, to install patches, and so on. Although you can use it to install OEM accessory software packages that do not contain hardware drivers, it was never intended to be used to install third-party drivers. Also review the article "How to Enable 48-bit Logical Block Addressing Support for ATAPI Disk Drives in Windows XP (Q303013)" for further information concerning what a Cmdlines.txt file is and its use.

c. The article [Q303128] explains how to find a processes in question by using a kernel debugger on a checked build system. If you try to disable or uninstall a device, and there are open handles to the device from any processes or programs, the PnP Configuration Manager will abort the query-remove operation on the device and prompt you to reboot the computer. This usually happens when there are legacy programs that are unaware of PnP notifications that are "talking" to your device. Currently, there is no easy way to find and fix those offending programs. This is because the PnP Configuration Manager does not log any information about the processes that have open handles to the device being removed.

4. The article [Q320560] states that when you start a Windows XP-based computer, the computer may seem to stop responding (hang) before the desktop is displayed and may occur if Sulfnbk.exe remains on the computer when you upgrade to Windows XP. Sulfnbk.exe is a Windows utility that is used to restore long file names. This utility is not included in Windows XP, Microsoft Windows 2000, or Microsoft Windows NT. If this file exists, rename or delete it.

5. When you start Windows, dozens of programs are already running - many of them invisible and running in the background. "AutoStart Viewer" allows you to see every autostart on your system, all on the one screen. In addition, it gives you complete control over the autostart references, and allows you to modify or delete them at will. Key features are:

? Over 50 different autostart locations monitored!

? Right-click menu allows you to take complete control over each autostart

? Add New Autostart feature allows you to add new programs to automatically start

? Save/Print functions allow you to take snapshots

? Resizable, easy-to-use interface that shows every autostart on the one display

? All sizes, positions and settings are remembered

6. The article [Q286350] discusses Autodump+ (ADPlus.vbs) a new tool from Microsoft Product Support Services (PSS) that can troubleshoot any process or application that stops responding (hangs) or fails (crashes) and is a console-based Microsoft Visual Basic script. AD+ has three modes of operation:

? Hang Mode is used to troubleshoot process hangs, 100 percent CPU utilization, and other problems that do not involve a crash. When you use AD+ in hang mode, you must wait until the process or processes hang before you run the script (that is, it is not perisistent like crash mode).

? Crash Mode is used to troubleshoot crashes that result in Dr. Watson errors, or any other type of error that causes a program or service to terminate unexpectedly. When you use AD+ in crash mode, you must start AD+ before the crash occurs. AD+ can be configured to notify an administrator or a computer of a crash through the '-notify' switch.

? Quick Mode is a light-weight version of hang mode that produces mini memory dumps of the specified processes and a debug log file with extended debugging information. For processes that consume large amounts of virtual memory, quick mode can be significantly faster than regular hang mode.

a. You should use AD+ to capture debugging information if you are experiencing the following problems:

? Processes that hang.

? Processes that consume 100 percent CPU on a single processor computer, 50 percent CPU on a dual processor computer, 25 percent CPU on a quad processor computer, and so on.

? Processes that crash or shut down unexpectedly.


b. You should not use AD+ in the following situations:

? If you need to troubleshoot a program or process that terminates unexpectedly upon startup. You can only use AD+ with processes that start successfully. If you need to troubleshoot processes that terminate unexpectedly upon startup, "User Mode Process Dump" may be a better solution.

? Alternatively, you can use the latest "debuggers" to manually debug the process.

? If there is a noticeable performance impact when you use AD+ in crash mode. This is usually caused by dynamic-link libraries (DLLs) or programs that throw a large number of Microsoft Visual C++ EH exceptions (which occur when you use the C++ throw statement or when you use try/catch blocks). Programs that write a large amount of information to the debug output stream can also cause a performance degradation. In the vast majority of cases, AD+ does not impact performance noticeably when it is running in crash mode.

Collapse -
itmsg.exe
by benkwok / January 21, 2005 2:45 AM PST

itmsg.exe is installed if you are running compaq laptop for the hotkey function.

Collapse -
your problem
by vandriver / January 21, 2005 4:05 AM PST

qttask.exe
ctfmon.exe
these two file are system files
i dont know about the others
from my experiences it is best to format the hard drive and start again after spyware is in your system
and then download all windows and explorer security updates

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.