Страница 1 из 2 12 Последняя
Показано с 1 по 20 из 30.

explorer.EXE intercept? I/O other always increasing

  1. #1
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    Exclamation explorer.EXE intercept? I/O other always increasing

    Hi AVZ,

    I have a problem with explorer.EXE.

    in task manager, the "I/O Other bytes" always increases by 4k every time task manger refreshes. all the time.


    if I disconnect from the internet, it stops. the I/o is not reported or visible as network but I'm sure that is where its going. I suspect a hidden device sends my computer information out to the internet. this looks like a hidden trojan, but I am not an expert. but I am technically advanced.

    my system is pretty clean except for uphclean which is resident. I have unloaded that and the problem still exists.

    as long as the machine is connected to the internet, or a switch, or a router, the i/o other keeps increasing.

    I have run with no page file and no restore. same problem.

    problem does not happen in safe mode.
    problem does not happen in safe mode with networking.

    I followed all your instructions.
    also scanned with mcafee stinger.
    scanned with spybot 1.5 and ad-aware 2007 free.
    I cant find it.

    please give me a hand, I'm out of ideas.
    Thank you,
    James
    Вложения Вложения

  2. #2
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Hello
    Do you know this domain?
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jewelconsulting.org
    O17 - HKLM\Software\..\Telephony: DomainName = jewelconsulting.org
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jewelconsulting.org
    If not - fix these records over Hijackthis.
    I couldn't find any really bad thing in your logs.
    Pls. run this script
    Код:
    begin
     QuarantineFile('C:\WINDOWS\system32\Drivers\uphcleanhlp.sys','');
    RebootWindows(true);
    end.
    after reboot load the quarantine here up: http://virusinfo.info/upload_virus_eng.php
    Последний раз редактировалось Rene-gad; 04.04.2008 в 10:18.

  3. #3
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    Thats my domain

    Yes, that is my domain, jewelconsulting.org.
    The win2k3 Domain Controller is in the next room.
    This computer {polaris} is a domain member.

    Many times I run with the DC off, so I set a different DNS IP on polaris,
    and sometimes, even though I set dhcp leases to permanent, polaris does not keep the assigned ip, so i just just set a manual static IP. Thats how polaris operates without the domain, as a standalone computer.
    {the dc runs dns}.

    An interesting thing happened. I changed the shell to blackbox bblean, and made it the default shell. it also shows "i/o other" increasing by just under 4k every refresh!! odd, dont you think? I have a couple of jpg screen shots of just task manager showing the problem, would you like them?

    Thanks,
    James

    Добавлено через 8 минут

    Uphclean is from microsoft. it allows registry keys in use to be remapped if they are being unloaded, as when the machine is shutting down. this is a very common problem with XP and is why settings arent saved. the hive is busy when shutting down so it goes back to the previous version.
    Uphclean is a kernel mode util that intercepts unloadkey. close enough.
    I uninstalled it and the problem remains. I prefer to have my settings saved so i reinstalled it.
    Последний раз редактировалось James007Long; 04.04.2008 в 13:36. Причина: Добавлено

  4. #4
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    Цитата Сообщение от James007Long Посмотреть сообщение
    I have a couple of jpg screen shots of just task manager showing the problem, would you like them?
    Yes, it would be interesting. You can upload the pictures to your webspace and link them here, can't you?

  5. #5
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    no file in quarantine folder

    I pasted that script to custom scripts and ran it.
    the quarantine folder was created but no file appeared there.

    I must be Own3d. here are the links.

    http://i150.photobucket.com/albums/s...s/taskmgr1.jpg

    http://i150.photobucket.com/albums/s...s/taskmgr2.jpg

    look at i/o other. these two screen shots are only a few seconds apart.
    the machine was idle except to copy to clip, paste, and save the files.

    Thanks,

    James

  6. #6
    Senior Member Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    03.04.2006
    Сообщений
    21,108
    Вес репутации
    3000
    I cannot find any anomaly in these sreenshots

  7. #7
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    Here is uphclean

    I uploaded "program files" contents for uphclean folder and the installer.


    if you do the math subtracting for system overhead,
    you will see i/o other for explorer has increased much more than systm overhead required to generate and save the two screenshots.

    If I shell a copy of explorer (as in unix) so it runs as a separate process,
    the shelled copy generates i/o other count, and the first copy does not.

    If I go to safe mode, I/o other is not generated by explorer at all period.
    I have been watching task manager all the way back to windows 95
    and I am just letting you know there is an abnormal increase in the
    number of i/o other bytes being generated,
    AND its taking 2 cpu now. it was ALWAYS at zero.

    I wish you could sit here and watch this thing climb steadily. there is
    no end to it. it will go into the terrabyte range in a day.
    this never used to happen.

    I can think of one other instance where I saw this problem.
    a long time ago I hacked a few xp installations to make a new
    key and if the key was not right, this would happen.
    maybe i'm insane but I look for stuff like this. it lets me know
    the system is not straight.


    Thanks,
    James

  8. #8
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    @ James:

    Don't you think that could be related to your Graphics Editing Program (LViewPro)? In screenshot #2 I see it's using 90% of your system resources.

    Paul

  9. #9
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    not lview pro

    No, It's not related to lview pro. that was invoked to paste the clip into and then saved from. I've had lview pro for years and when it is not running there never was a problem before this new problem of i/o other started about 2 months ago.

    the i/o other constantantly increases when nothing is running. no lview, no outlook. the drive is defragged to the max and even the pagefile is contiguous. this is an older dell laptop with bigger pipes and is still very snappy under xp pro. like i said, in safe mode, io other is dead stopped
    while running task manager unless you go for files or folders.

    been to myspace a lot lately on this box. yep what have I been smokin.
    i'm sure thats part of the problem.

    to clean up this box i do things most users dont have a clue about
    and I fix pc's for a living. but this little spy has me stumped.

    another problem - I can't run sysinternals regmon.
    it reports its already running.

    I looked thru the registry and found a legacy regmon701 and deleted it.
    also deleted all other references to regmon in the registry,
    then deleted it from the drive and redownloaded it and ran it again and it says the same thing. so thats probably related.

    in procmon from sysinternals, if i watch registry activity for Explorer.EXE
    {IS THAT FILENAME CORRECT?? note the case} the registry is pretty much stuck on the DHCP and TCPIP parameters of my card all the time while idle. dont make sense to me.


    I made a manual full memory dump and i'll do a kernel dump.
    but even though i know assembly language (I was a game programmer),
    I dont know what I'm looking for and I dont know the windows api.
    all i know well was the bios,vectoring interupts and ship like that.
    it was before windows. so even getting the symbols and stepping thru all that is probly not going to enlighten me quicky.

    but its definately here. i know these boxed by feel. and its talkin to the world. it just bypasses the normal route. i do in fact realize that all the protocols necessary to such a thing are in the box and that since the patriot act and even before, information is the holy grail.

    all I want is my box to act normal, root kit or no. maybe some lamer programmer should have done a better job. I can always reload and
    hope I dont stumble into that one again.

    now this f**cker is on all my boxes and is on my win2k3 server but not as bad, only 200 bytes at a time there.

    I appreciate all the help so far and thany you all very much
    and am really open to more help and glad to answer every question.

    James

    Добавлено через 14 минут

    no matter which utility i would use to get a screen shot, and save it,
    it would be additive to i/o other.

    just looking at another box i have, its explorer.exe i/o other count is up to 60 meg and its been on for 2 hours.
    Последний раз редактировалось James007Long; 05.04.2008 в 02:10. Причина: Добавлено

  10. #10
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    @ James:

    OK. A couple of ideas (actually I don't think you have malware):

    * It seems to me that regmon's driver was not unloaded - it's still in your system and active in memory, although you may not see it in the Task Manager. AVZ didn't flag it because it's in the Trusted Database. I believe the driver is called REGSYS701.SYS. I suggest you do a search for that one in Safe Mode (probably system32 folder) and kill it. Only then should you delete any sysmon registry keys (they're probably still there).

    * Did you try inserting your XP install disc and 'Start' - 'Run' - cmd - sfc /scannow?
    Explorer might be corrupted, you know. Sometimes this happens after people install IE7.

    * Combofix, for example, might be able to fix this (link to instructions).

    P.S.: UPHClean is certainly not to blame. I'd suggest putting that back.

    Paul
    Последний раз редактировалось XP user; 05.04.2008 в 10:34.

  11. #11
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    thanks for regmon and other ideas.

    No its definately not malware. It's spyware/rootkit/idontknow.
    It's hooked in good, but there it is in front of my face.

    Thanks for the info on the regmon driver. I had to kill the file then rekill the legacy driver entry in the registry and make myself a debugger user and reboot before it would work. And now it does! Thank you for that. one less thing in the suspect list.


    I considered {heavily} explorer was damaged in some way. through some research I was able to determine there are multiple versions of explorer. mine is a version which was issued to solve some race condition with notification balloons. I am able to verify size date time version... for my copy but can't verify its internal ntegrity...checksum or md5 or other means.

    I ran that scf /sannow and It does not have a clue where to get files from. my stuff is in servicepackfiles and there is no reason to go for the cd. My cd is original before sp1 and Im not going that way ever again.

    The closest I would come is to reinstall sp2.


    I ran the combo fix but never got a log in an applet as they indicate,
    what I got looked like boot.ini in a text file named CF-RC.txt.
    That was clean. Combo-fix created some new folders with a bunch of
    stuff in them, AND I now have a restore console from safe mode.
    nifty. Also inherited two side affects, the clock format changed,
    and it disabled the nic card. Those were easily fixed.
    I didn't feel like joining another forum for that because
    I've already described it all right here.

    Thanks
    James
    Последний раз редактировалось James007Long; 06.04.2008 в 07:27.

  12. #12
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    @ James007Long

    OK. I still have some ideas left, although I'm pretty sure AVZ would have spotted spyware/rootkits. It's my guess that it's some genuine program running in memory, and probably having some explorer-extension of some kind.

    Could you please run Rootkit Revealer? Download link down the page. Show the log, please.

    I see you have the Ad-aware program in your system - I suggest you remove that one; don't want to offend anyone, but except for cookies it doesn't catch anything. Removing its service will do your system good. A more than worthy replacement would be SUPERAntiSpyware, which you can find here:
    http://www.superantispyware.com/
    Pick the free version on the left. Install, update and do a full scan. Show the log, please.

    Generally, it's not a good idea to have anti-spyware programs in memory running all the time - manual scans are good enough. That's why I would like you to disable *ANY* real-time options in the program (same goes for Spybot Search & Destroy). Just update your database regularly and the same applies to scanning your system - manually and manually only. A solid cookies and scripts policy in your browser is much more effective than two, three, or more anti-spyware programs, believe me.

    To check hashes you could use Hash by Robin Keir - no install needed. You can find it here:
    http://keir.net/hash.html

    And why don't you send explorer.exe or explorer.EXE, whatever to different anti-virus labs? Or check it on virustotal.com?

    Did you try any general-purpose cleaning tools like CCleaner? (direct download link to a version *without* the dreadful Yahoo Toolbar)

    Paul
    Последний раз редактировалось XP user; 06.04.2008 в 08:45.

  13. #13
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    here 2 of them

    Paul

    HKLM\SECURITY\Policy\Secrets\SAC* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    C:\$AttrDef 2/28/2006 12:41 PM 2.50 KB Hidden from Windows API.
    C:\$BadClus 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$BadClus:$Bad 2/28/2006 12:41 PM 27.95 GB Hidden from Windows API.
    C:\$Bitmap 2/28/2006 12:41 PM 894.24 KB Hidden from Windows API.
    C:\$Boot 2/28/2006 12:41 PM 8.00 KB Hidden from Windows API.
    C:\$Extend 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$ObjId 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$Quota 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$Reparse 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$LogFile 2/28/2006 12:41 PM 64.00 MB Hidden from Windows API.
    C:\$MFT 2/28/2006 12:41 PM 50.19 MB Hidden from Windows API.
    C:\$MFTMirr 2/28/2006 12:41 PM 4.00 KB Hidden from Windows API.
    C:\$Secure 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$UpCase 2/28/2006 12:41 PM 128.00 KB Hidden from Windows API.
    C:\$Volume 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.

    ------------------------

    HKU\.DEFAULT\Control Panel\International 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\.DEFAULT\Control Panel\International\Geo 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\S-1-5-18\Control Panel\International 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\S-1-5-18\Control Panel\International\Geo 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKLM\SECURITY\Policy\Secrets\SAC* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)


    firsrt of all I should tell you I already did this. the first set does not have the metafiles hidden. according to popular opinion, SAC and SAI are supposed to show up. The international and GEO im going to guess because the default clock format was changed, and now I have it some other way.


    I agree that Ad-Aware (free 200 has become lame and does nothing more than delete a few cookies. Hasta La Vista.

    working on the other log for you now {scanning} and i'm taking the rest of your advice. oh yes; you could not pay me to take the google toolbar.
    or any other freekin bar. computers dont drink, so no bars.

    Thank you
    James

  14. #14
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Цитата Сообщение от James007Long Посмотреть сообщение
    HKLM\SECURITY\Policy\Secrets\SAC* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    C:\$AttrDef 2/28/2006 12:41 PM 2.50 KB Hidden from Windows API.
    C:\$BadClus 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$BadClus:$Bad 2/28/2006 12:41 PM 27.95 GB Hidden from Windows API.
    C:\$Bitmap 2/28/2006 12:41 PM 894.24 KB Hidden from Windows API.
    C:\$Boot 2/28/2006 12:41 PM 8.00 KB Hidden from Windows API.
    C:\$Extend 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$ObjId 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$Quota 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$Extend\$Reparse 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$LogFile 2/28/2006 12:41 PM 64.00 MB Hidden from Windows API.
    C:\$MFT 2/28/2006 12:41 PM 50.19 MB Hidden from Windows API.
    C:\$MFTMirr 2/28/2006 12:41 PM 4.00 KB Hidden from Windows API.
    C:\$Secure 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.
    C:\$UpCase 2/28/2006 12:41 PM 128.00 KB Hidden from Windows API.
    C:\$Volume 2/28/2006 12:41 PM 0 bytes Hidden from Windows API.

    ------------------------

    HKU\.DEFAULT\Control Panel\International 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\.DEFAULT\Control Panel\International\Geo 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\S-1-5-18\Control Panel\International 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKU\S-1-5-18\Control Panel\International\Geo 4/5/2008 11:25 PM 0 bytes Security mismatch.
    HKLM\SECURITY\Policy\Secrets\SAC* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    HKLM\SECURITY\Policy\Secrets\SAI* 2/28/2006 9:21 PM 0 bytes Key name contains embedded nulls (*)
    Nothing out of the ordinary there.

    Paul

  15. #15
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36
    Paul

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com
    Generated 04/06/2008 at 05:16 AM
    Application Version : 4.0.1154
    Core Rules Database Version : 3432
    Trace Rules Database Version: 1424
    Scan type : Complete Scan
    Total Scan Time : 00:44:12
    Memory items scanned : 282
    Memory threats detected : 0
    Registry items scanned : 3838
    Registry threats detected : 0
    File items scanned : 14395
    File threats detected : 2
    Adware.Tracking Cookie
    C:\Documents and Settings\JLong\Cookies\jlong@yadro[1].txt
    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\W01C4433.INI

    these things always find some bs the first time just to impress us.

    I like spybot and the resident feature. been using that for a long time.
    one side affect- using the SD Helper bad download protecter-
    this make your host file huge and does slow you down, even
    getting folders on your own machine.

    doing a ccleaner now.


    Thanks
    James
    Последний раз редактировалось James007Long; 06.04.2008 в 12:38.

  16. #16
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Цитата Сообщение от James007Long
    Trojan.Unknown Origin
    C:\WINDOWS\SYSTEM32\W01C4433.INI
    This may be a false positive. Could you check the contents of that .ini file? You can open it in Notepad. Might be a hidden file. If you deem it appropriate, you may copy and paste the contents here.
    I also advise you to check your computer for any autorun.* files (ANY drives, especially of the removable type).

    Paul
    Последний раз редактировалось XP user; 06.04.2008 в 14:04.

  17. #17
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36
    Hey CCleaner is nice!

    superspywarecleaner toasted that file, and rebooted me.

    no autorun.ini is present on my thumb drive or hard drive.

    autoruns.exe in my utilities folder
    a hidden AutorunsDisabled in c:\documents and settings\all users\start menu\programs\startup
    autoruns.exe in systinternals
    autorunsc.exe in sysinternals
    autoruns.chm in sysinternals
    and they show up in the zip again.


    Analyzing explorer.exe v 6.0.2900.3156 now.
    ok its virus free.
    I checked it against the one in dllcache using HASH. (NICE!) TY. identical.

    I have the 6.0.2900.3156 gdr version. dont have an off system one to check against here,
    they all exhibit same behavior.
    close enough for me.
    explorer does whats its supposed it- its extensible.
    my boxes all have the same same hook.


    Thanks Paul,
    James

    Добавлено через 1 час 25 минут

    ok I use task manager on fast update. if I used "normal" or "slow"
    the amount that is added to i/o other bytes for explorer.exe would be
    even bigger.

    I invite everyone to look at this and tell me its normal.

    http://i150.photobucket.com/albums/s...s/taskmgr3.jpg

    look at i/o other bytes (column) for explorer.exe. The machine had been
    up long enough to do the work in the preceding message above. I'd say about 2 hours.

    Thanks,
    James
    Последний раз редактировалось James007Long; 06.04.2008 в 14:36. Причина: Добавлено

  18. #18
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    Цитата Сообщение от James007Long Посмотреть сообщение
    I invite everyone to look at this and tell me its normal.

    http://i150.photobucket.com/albums/s...s/taskmgr3.jpg

    look at i/o other bytes (column) for explorer.exe. The machine had been
    up long enough to do the work in the preceding message above. I'd say about 2 hours.
    It doesn't seem that high to me - actually my rate is a lot higher (my machine has been up for quite some time now - something like 8 hours). I suspect that's Norton GoBack, my recovery program...
    So, it *must* be one of your legitimate drivers communicating intensively with its I/O Manager, otherwise AVZ would have spotted it.

    Paul

  19. #19
    Junior Member Репутация
    Регистрация
    04.04.2008
    Сообщений
    16
    Вес репутации
    36

    legit.. possibly legit..and then again hafta prove it.

    well it isnt any service, I can stop all those {sans rpc and a very few}
    and the problem still persists.

    Would you believe I've aleady been here too? got a bootlog of everything loaded and startup state. but could use a tool that sees which drivers
    are actually used and then I can decide if I want to disable them...pretty dangerous, but hey I now have a recovery console to re-enable any that were needed...

    was all over msinfo32

    and performance counters

    thought about autoruns but it shows them all even if not used on this box.

    The feeling I get is a driver slaps data outbound to the internet; Because having disconnected the connection it stops dead right there, and the cpu useage of explorer.exe goes back to zero as well.

    I agree that AVZ is a very well writen tool. I've never seen _anything_ do what it does before.

    let me ask you something. you say your i/o other count is close. but is it dynamically updating while
    you watch it, while the machine is idle, other than the task manager?
    mine did not used to. only when I went for files/folders or invoked things did it change,
    but never sitting there doing nothing.

    my windows is a build 2600.xpsp_sp2_gdr.070227-2254.






    Thanks
    James


    James
    Последний раз редактировалось James007Long; 06.04.2008 в 17:57.

  20. #20
    Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация
    Регистрация
    27.08.2006
    Сообщений
    2,453
    Вес репутации
    0
    @ James007Long

    Maybe it makes sense to have a look at your Windows services? For example, I see you have the Application Layer Gateway Service (alg.exe) running. On SP2 it is no longer needed, but it keeps at least one port open...
    To answer your question about I/O - Yes, it's updating while I'm watching it in the task manager. Maybe you need a tool like Process Explorer (a more than nice replacement for the Windows Task Manager) to see what is linked to explorer.exe - at least there you can see all the threads and handles displayed in the process properties. It *must* be an application that has a driver + an extension in explorer.exe, I'm pretty sure about this...

    Paul
    Последний раз редактировалось XP user; 06.04.2008 в 22:31.

Страница 1 из 2 12 Последняя

Похожие темы

  1. Explorer и USB
    От Юрчебас в разделе Помогите!
    Ответов: 3
    Последнее сообщение: 14.03.2012, 09:27
  2. Ответов: 5
    Последнее сообщение: 05.12.2011, 15:41
  3. Explorer
    От devais в разделе Помогите!
    Ответов: 7
    Последнее сообщение: 08.07.2009, 08:32
  4. Explorer.exe
    От Сергей89 в разделе Помогите!
    Ответов: 1
    Последнее сообщение: 14.12.2007, 18:35
  5. explorer.exe
    От aurel в разделе Помогите!
    Ответов: 2
    Последнее сообщение: 08.12.2007, 19:14

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01149 seconds with 17 queries