Mystery process

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
week) access to programs got really sluggish. I checked my task manager and a
process called "hardcmd.exe" is now showing when it wasn't there before. Ran
Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
the process in the msconfig. It is currently eating up 152mb of my memory. I
looked at most places to find a solution, even the BlackViper site mentioned
in this newsgroup. Tried to "kill" the process, but it comes back. This
wasn't there before. I did a search and found it is related to something in
the "windows/repair" folder.

I also tried a system restore, but can't do a restore either. Had a similar
problem with another mystery process and was able to eliminate it by doing a
system restore.

Any ideas/solutions?
4 answers Last reply
More about mystery process
  1. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    Jim <Jim@discussions.microsoft.com> wrote:

    >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
    >week) access to programs got really sluggish. I checked my task manager and a
    >process called "hardcmd.exe" is now showing when it wasn't there before. Ran
    >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
    >the process in the msconfig. It is currently eating up 152mb of my memory. I
    >looked at most places to find a solution, even the BlackViper site mentioned
    >in this newsgroup. Tried to "kill" the process, but it comes back. This
    >wasn't there before. I did a search and found it is related to something in
    >the "windows/repair" folder.
    >
    >I also tried a system restore, but can't do a restore either. Had a similar
    >problem with another mystery process and was able to eliminate it by doing a
    >system restore.
    >
    >Any ideas/solutions?

    An unknown process such as this is usually a sign of a virus or
    spyware infestation.

    Get a "second opinion" about any possible virus by doing a free online
    virus scan at one of the following sites:
    http://housecall.trendmicro.com
    http://www.pandasoftware.com/activescan/

    Is your Spybot S&D the 1.3 version and did you update it before the
    scan?

    Is your AdAware the SE 1.05 version and did you update it before the
    scan?

    Good luck


    Ron Martell Duncan B.C. Canada
    --
    Microsoft MVP
    On-Line Help Computer Service
    http://onlinehelp.bc.ca

    "The reason computer chips are so small is computers don't eat much."
  2. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    "Ron Martell" wrote:

    > Jim <Jim@discussions.microsoft.com> wrote:
    >
    > >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
    > >week) access to programs got really sluggish. I checked my task manager and a
    > >process called "hardcmd.exe" is now showing when it wasn't there before. Ran
    > >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
    > >the process in the msconfig. It is currently eating up 152mb of my memory. I
    > >looked at most places to find a solution, even the BlackViper site mentioned
    > >in this newsgroup. Tried to "kill" the process, but it comes back. This
    > >wasn't there before. I did a search and found it is related to something in
    > >the "windows/repair" folder.
    > >
    > >I also tried a system restore, but can't do a restore either. Had a similar
    > >problem with another mystery process and was able to eliminate it by doing a
    > >system restore.
    > >
    > >Any ideas/solutions?
    >
    > An unknown process such as this is usually a sign of a virus or
    > spyware infestation.
    >
    > Get a "second opinion" about any possible virus by doing a free online
    > virus scan at one of the following sites:
    > http://housecall.trendmicro.com
    > http://www.pandasoftware.com/activescan/
    >
    > Is your Spybot S&D the 1.3 version and did you update it before the
    > scan?
    >
    > Is your AdAware the SE 1.05 version and did you update it before the
    > scan?
    >
    > Good luck
    >
    >
    >
    > Ron Martell Duncan B.C. Canada
    > --
    > Microsoft MVP
    > On-Line Help Computer Service
    > http://onlinehelp.bc.ca
    >
    > "The reason computer chips are so small is computers don't eat much."
    >

    Both spybot programs are completely up to date. Norton AV has the latest
    virus definitions.

    Will check the AV sites and let you know. Check back later today (late
    afternoon).
  3. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    As promised I have returned with the results of the scan. Turns out the
    Trends online virus checker found three Trojans. Cleaned those out; still had
    the "hardcmd.exe" running. Checked Spybot again using the startup list tool.
    There I was able to check off the "hardcmd.exe" so it doesn't run on startup.
    Still don't know where it is coming from, but may check it out using Test
    User's suggestion of renaming the extension. I was only going to use
    markdownsouth's method as a last resort. It sounded like killing the patient
    to cure the disease. I will check in to the broadband firewalls tho. Didn't
    need to use Shanen's suggestions. Frankly it was overwhelming to get that
    info. I know you are trying to cover all the bases but just a suggestion:
    maybe try to tailor your suggestions to the problems a little. All the
    suggestions presented is enough to make someone's head spin. You also hinted
    the same thing Test User did as well regarding re naming the file extension,
    so I thank you for that as well.

    Bottom line things are better now and my computer is just sipping at my
    resources (1-2%), instead of gorging on them. Thank you all for your
    responses and suggestions. I will be back if I run into other problems that
    have me stumped.

    "Jim" wrote:

    >
    >
    > "Ron Martell" wrote:
    >
    > > Jim <Jim@discussions.microsoft.com> wrote:
    > >
    > > >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
    > > >week) access to programs got really sluggish. I checked my task manager and a
    > > >process called "hardcmd.exe" is now showing when it wasn't there before. Ran
    > > >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
    > > >the process in the msconfig. It is currently eating up 152mb of my memory. I
    > > >looked at most places to find a solution, even the BlackViper site mentioned
    > > >in this newsgroup. Tried to "kill" the process, but it comes back. This
    > > >wasn't there before. I did a search and found it is related to something in
    > > >the "windows/repair" folder.
    > > >
    > > >I also tried a system restore, but can't do a restore either. Had a similar
    > > >problem with another mystery process and was able to eliminate it by doing a
    > > >system restore.
    > > >
    > > >Any ideas/solutions?
    > >
    > > An unknown process such as this is usually a sign of a virus or
    > > spyware infestation.
    > >
    > > Get a "second opinion" about any possible virus by doing a free online
    > > virus scan at one of the following sites:
    > > http://housecall.trendmicro.com
    > > http://www.pandasoftware.com/activescan/
    > >
    > > Is your Spybot S&D the 1.3 version and did you update it before the
    > > scan?
    > >
    > > Is your AdAware the SE 1.05 version and did you update it before the
    > > scan?
    > >
    > > Good luck
    > >
    > >
    > >
    > > Ron Martell Duncan B.C. Canada
    > > --
    > > Microsoft MVP
    > > On-Line Help Computer Service
    > > http://onlinehelp.bc.ca
    > >
    > > "The reason computer chips are so small is computers don't eat much."
    > >
    >
    > Both spybot programs are completely up to date. Norton AV has the latest
    > virus definitions.
    >
    > Will check the AV sites and let you know. Check back later today (late
    > afternoon).
  4. Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

    "Jim" <Jim@discussions.microsoft.com> wrote in message
    news:408FD7DE-83FE-40F1-9021-55F67BCE92EA@microsoft.com...
    >
    >
    > "Ron Martell" wrote:
    >
    > > Jim <Jim@discussions.microsoft.com> wrote:
    > >
    > > >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently
    (last
    > > >week) access to programs got really sluggish. I checked my task manager
    and a
    > > >process called "hardcmd.exe" is now showing when it wasn't there
    before. Ran
    > > >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to
    close
    > > >the process in the msconfig. It is currently eating up 152mb of my
    memory. I
    > > >looked at most places to find a solution, even the BlackViper site
    mentioned
    > > >in this newsgroup. Tried to "kill" the process, but it comes back. This
    > > >wasn't there before. I did a search and found it is related to
    something in
    > > >the "windows/repair" folder.
    > > >
    > > >I also tried a system restore, but can't do a restore either. Had a
    similar
    > > >problem with another mystery process and was able to eliminate it by
    doing a
    > > >system restore.
    > > >
    > > >Any ideas/solutions?
    > >
    > > An unknown process such as this is usually a sign of a virus or
    > > spyware infestation.
    > >
    > > Get a "second opinion" about any possible virus by doing a free online
    > > virus scan at one of the following sites:
    > > http://housecall.trendmicro.com
    > > http://www.pandasoftware.com/activescan/
    > >
    > > Is your Spybot S&D the 1.3 version and did you update it before the
    > > scan?
    > >
    > > Is your AdAware the SE 1.05 version and did you update it before the
    > > scan?
    > >
    > > Good luck
    > >
    > >
    > >
    > > Ron Martell Duncan B.C. Canada
    > > --
    > > Microsoft MVP
    > > On-Line Help Computer Service
    > > http://onlinehelp.bc.ca
    > >
    > > "The reason computer chips are so small is computers don't eat much."
    > >
    >
    > Both spybot programs are completely up to date. Norton AV has the latest
    > virus definitions.
    >
    > Will check the AV sites and let you know. Check back later today (late
    > afternoon).

    I've had great results with using Hijack This, CWShredder, Explorer, a
    command prompt, and mode, MSCONFIG and Google. It can take several passes
    to get things sorted.

    Use CWShredder for the first passes. Use Hijack This with Google to see
    what's running and to help clean out redirects and malware processes.

    Tip: *rescan* after you tell it to clean up, and pay close attention to the
    lists. Malware and trojans will often re-insert the entries you've just
    had Hijack This clean out. The names can give you good clues to the
    culprits.

    Use Explorer, set to show all files, to examine the \windows and \system32
    folders. Set to show details, sort by type, and read through the names of
    the .exe's and .dll's. You wil likely find some obviously wrong ones, and
    if you are unsure, Google is your friend, as is right-clicking and choosing
    Properties. Delete or rename the extension (I often use *.bad) and you can
    prevent tehm from running again... till you are sure.

    Note that if you use MSCONFIG, you can hide the problems.

    Close Internet Explorer and do a search for content.ie5 and delete all
    instances. That's teh fastest way to clear the caches. They will be
    recreated on demand. At a Start, Run, type
    %temp%
    and clean out that folder. These will get rid of the usual hiding places.

    Also, locate hardcmd.exe and rename its extension. You might need to do
    this from Safe Mode. The error messages on reboot will probably help locate
    its launcher.

    HTH
    -pk
Ask a new question

Read More

Windows XP