Sign in with
Sign up | Sign in
Your question

Mystery process

Tags:
  • Windows XP
Last response: in Windows XP
Share
October 31, 2004 11:43:06 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
week) access to programs got really sluggish. I checked my task manager and a
process called "hardcmd.exe" is now showing when it wasn't there before. Ran
Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
the process in the msconfig. It is currently eating up 152mb of my memory. I
looked at most places to find a solution, even the BlackViper site mentioned
in this newsgroup. Tried to "kill" the process, but it comes back. This
wasn't there before. I did a search and found it is related to something in
the "windows/repair" folder.

I also tried a system restore, but can't do a restore either. Had a similar
problem with another mystery process and was able to eliminate it by doing a
system restore.

Any ideas/solutions?

More about : mystery process

Anonymous
November 1, 2004 9:34:06 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

Jim <Jim@discussions.microsoft.com> wrote:

>I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
>week) access to programs got really sluggish. I checked my task manager and a
>process called "hardcmd.exe" is now showing when it wasn't there before. Ran
>Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
>the process in the msconfig. It is currently eating up 152mb of my memory. I
>looked at most places to find a solution, even the BlackViper site mentioned
>in this newsgroup. Tried to "kill" the process, but it comes back. This
>wasn't there before. I did a search and found it is related to something in
>the "windows/repair" folder.
>
>I also tried a system restore, but can't do a restore either. Had a similar
>problem with another mystery process and was able to eliminate it by doing a
>system restore.
>
>Any ideas/solutions?

An unknown process such as this is usually a sign of a virus or
spyware infestation.

Get a "second opinion" about any possible virus by doing a free online
virus scan at one of the following sites:
http://housecall.trendmicro.com
http://www.pandasoftware.com/activescan/

Is your Spybot S&D the 1.3 version and did you update it before the
scan?

Is your AdAware the SE 1.05 version and did you update it before the
scan?

Good luck



Ron Martell Duncan B.C. Canada
--
Microsoft MVP
On-Line Help Computer Service
http://onlinehelp.bc.ca

"The reason computer chips are so small is computers don't eat much."
November 1, 2004 9:34:07 AM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

"Ron Martell" wrote:

> Jim <Jim@discussions.microsoft.com> wrote:
>
> >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
> >week) access to programs got really sluggish. I checked my task manager and a
> >process called "hardcmd.exe" is now showing when it wasn't there before. Ran
> >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
> >the process in the msconfig. It is currently eating up 152mb of my memory. I
> >looked at most places to find a solution, even the BlackViper site mentioned
> >in this newsgroup. Tried to "kill" the process, but it comes back. This
> >wasn't there before. I did a search and found it is related to something in
> >the "windows/repair" folder.
> >
> >I also tried a system restore, but can't do a restore either. Had a similar
> >problem with another mystery process and was able to eliminate it by doing a
> >system restore.
> >
> >Any ideas/solutions?
>
> An unknown process such as this is usually a sign of a virus or
> spyware infestation.
>
> Get a "second opinion" about any possible virus by doing a free online
> virus scan at one of the following sites:
> http://housecall.trendmicro.com
> http://www.pandasoftware.com/activescan/
>
> Is your Spybot S&D the 1.3 version and did you update it before the
> scan?
>
> Is your AdAware the SE 1.05 version and did you update it before the
> scan?
>
> Good luck
>
>
>
> Ron Martell Duncan B.C. Canada
> --
> Microsoft MVP
> On-Line Help Computer Service
> http://onlinehelp.bc.ca
>
> "The reason computer chips are so small is computers don't eat much."
>

Both spybot programs are completely up to date. Norton AV has the latest
virus definitions.

Will check the AV sites and let you know. Check back later today (late
afternoon).
Related resources
November 1, 2004 11:31:04 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

As promised I have returned with the results of the scan. Turns out the
Trends online virus checker found three Trojans. Cleaned those out; still had
the "hardcmd.exe" running. Checked Spybot again using the startup list tool.
There I was able to check off the "hardcmd.exe" so it doesn't run on startup.
Still don't know where it is coming from, but may check it out using Test
User's suggestion of renaming the extension. I was only going to use
markdownsouth's method as a last resort. It sounded like killing the patient
to cure the disease. I will check in to the broadband firewalls tho. Didn't
need to use Shanen's suggestions. Frankly it was overwhelming to get that
info. I know you are trying to cover all the bases but just a suggestion:
maybe try to tailor your suggestions to the problems a little. All the
suggestions presented is enough to make someone's head spin. You also hinted
the same thing Test User did as well regarding re naming the file extension,
so I thank you for that as well.

Bottom line things are better now and my computer is just sipping at my
resources (1-2%), instead of gorging on them. Thank you all for your
responses and suggestions. I will be back if I run into other problems that
have me stumped.

"Jim" wrote:

>
>
> "Ron Martell" wrote:
>
> > Jim <Jim@discussions.microsoft.com> wrote:
> >
> > >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently (last
> > >week) access to programs got really sluggish. I checked my task manager and a
> > >process called "hardcmd.exe" is now showing when it wasn't there before. Ran
> > >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to close
> > >the process in the msconfig. It is currently eating up 152mb of my memory. I
> > >looked at most places to find a solution, even the BlackViper site mentioned
> > >in this newsgroup. Tried to "kill" the process, but it comes back. This
> > >wasn't there before. I did a search and found it is related to something in
> > >the "windows/repair" folder.
> > >
> > >I also tried a system restore, but can't do a restore either. Had a similar
> > >problem with another mystery process and was able to eliminate it by doing a
> > >system restore.
> > >
> > >Any ideas/solutions?
> >
> > An unknown process such as this is usually a sign of a virus or
> > spyware infestation.
> >
> > Get a "second opinion" about any possible virus by doing a free online
> > virus scan at one of the following sites:
> > http://housecall.trendmicro.com
> > http://www.pandasoftware.com/activescan/
> >
> > Is your Spybot S&D the 1.3 version and did you update it before the
> > scan?
> >
> > Is your AdAware the SE 1.05 version and did you update it before the
> > scan?
> >
> > Good luck
> >
> >
> >
> > Ron Martell Duncan B.C. Canada
> > --
> > Microsoft MVP
> > On-Line Help Computer Service
> > http://onlinehelp.bc.ca
> >
> > "The reason computer chips are so small is computers don't eat much."
> >
>
> Both spybot programs are completely up to date. Norton AV has the latest
> virus definitions.
>
> Will check the AV sites and let you know. Check back later today (late
> afternoon).
Anonymous
November 1, 2004 11:54:09 PM

Archived from groups: microsoft.public.windowsxp.perform_maintain (More info?)

"Jim" <Jim@discussions.microsoft.com> wrote in message
news:408FD7DE-83FE-40F1-9021-55F67BCE92EA@microsoft.com...
>
>
> "Ron Martell" wrote:
>
> > Jim <Jim@discussions.microsoft.com> wrote:
> >
> > >I have a laptop w/ WinXp Pro SP2, 1.4Ghz Centrino, 256mb Ram. Recently
(last
> > >week) access to programs got really sluggish. I checked my task manager
and a
> > >process called "hardcmd.exe" is now showing when it wasn't there
before. Ran
> > >Ad-aware, Spyware S&D, Antivirus but nothing has changed. Even tried to
close
> > >the process in the msconfig. It is currently eating up 152mb of my
memory. I
> > >looked at most places to find a solution, even the BlackViper site
mentioned
> > >in this newsgroup. Tried to "kill" the process, but it comes back. This
> > >wasn't there before. I did a search and found it is related to
something in
> > >the "windows/repair" folder.
> > >
> > >I also tried a system restore, but can't do a restore either. Had a
similar
> > >problem with another mystery process and was able to eliminate it by
doing a
> > >system restore.
> > >
> > >Any ideas/solutions?
> >
> > An unknown process such as this is usually a sign of a virus or
> > spyware infestation.
> >
> > Get a "second opinion" about any possible virus by doing a free online
> > virus scan at one of the following sites:
> > http://housecall.trendmicro.com
> > http://www.pandasoftware.com/activescan/
> >
> > Is your Spybot S&D the 1.3 version and did you update it before the
> > scan?
> >
> > Is your AdAware the SE 1.05 version and did you update it before the
> > scan?
> >
> > Good luck
> >
> >
> >
> > Ron Martell Duncan B.C. Canada
> > --
> > Microsoft MVP
> > On-Line Help Computer Service
> > http://onlinehelp.bc.ca
> >
> > "The reason computer chips are so small is computers don't eat much."
> >
>
> Both spybot programs are completely up to date. Norton AV has the latest
> virus definitions.
>
> Will check the AV sites and let you know. Check back later today (late
> afternoon).

I've had great results with using Hijack This, CWShredder, Explorer, a
command prompt, and mode, MSCONFIG and Google. It can take several passes
to get things sorted.

Use CWShredder for the first passes. Use Hijack This with Google to see
what's running and to help clean out redirects and malware processes.

Tip: *rescan* after you tell it to clean up, and pay close attention to the
lists. Malware and trojans will often re-insert the entries you've just
had Hijack This clean out. The names can give you good clues to the
culprits.

Use Explorer, set to show all files, to examine the \windows and \system32
folders. Set to show details, sort by type, and read through the names of
the .exe's and .dll's. You wil likely find some obviously wrong ones, and
if you are unsure, Google is your friend, as is right-clicking and choosing
Properties. Delete or rename the extension (I often use *.bad) and you can
prevent tehm from running again... till you are sure.

Note that if you use MSCONFIG, you can hide the problems.

Close Internet Explorer and do a search for content.ie5 and delete all
instances. That's teh fastest way to clear the caches. They will be
recreated on demand. At a Start, Run, type
%temp%
and clean out that folder. These will get rid of the usual hiding places.

Also, locate hardcmd.exe and rename its extension. You might need to do
this from Safe Mode. The error messages on reboot will probably help locate
its launcher.

HTH
-pk
!