Hi, I recently replaced taskmgr with procexp and noticed strange things. I have duplicates of the same process and there are constantly new processes opening and old ones closing. The process list in procexp keeps changing every second. In my other account, everything seems normal.
I was wondering if this is a virus.
Here is a copy of what is displayed:
Strange Account:
Process PID CPU Description Company Name
System Idle Process 0 83.60
procexp.exe 5604 3.83 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
bittorrent.exe 5028 3.83
DPCs n/a 3.07 Deferred Procedure Calls
Interrupts n/a 1.53 Hardware Interrupts
dwm.exe 1612 1.53 Desktop Window Manager Microsoft Corporation
TmPfw.exe 2524 0.77
SynTPEnh.exe 4176 0.77 Synaptics TouchPad Enhancements Synaptics, Inc.
Notifications Microsoft Corporation
wpcumi.exe 5520
wmpnscfg.exe 3216 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
wmpnscfg.exe 3260
wmpnetwk.exe 3436
WmiPrvSE.exe 5656
[color=red]winlogon.exe 1352
winlogon.exe 2892 wininit.exe 664
upeksvr.exe 1696
upeksvr.exe 2516 unsecapp.exe 5664
tmproxy.exe 2580
Tmntsrv.exe 2504
taskeng.exe 3364
taskeng.exe 3288 Task Scheduler Engine Microsoft Corporation
taskeng.exe 312 System 4
SynTPEnh.exe 3316
svchost.exe 1120
svchost.exe 1440
svchost.exe 1412
svchost.exe 1044
svchost.exe 892
svchost.exe 996
svchost.exe 1092
svchost.exe 1140
svchost.exe 460
svchost.exe 1936
svchost.exe 2220
svchost.exe 2476
svchost.exe 2652
svchost.exe 4968 stacsv.exe 2392
sprtsvc.exe 2356
sprtcmd.exe 4048 SupportSoft, Inc.
sprtcmd.exe 3448
spoolsv.exe 392
smss.exe 532
SLsvc.exe 1256
services.exe 708
SearchProtocolHost.exe 3940
SearchIndexer.exe 2720
SearchFilterHost.exe 4840
rundll32.exe 1620
rundll32.exe 3856 Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 788 Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 3952
rundll32.exe 3044
rundll32.exe 2300 RoxWatch9.exe 2268
RegSrvc.exe 2240
PnkBstrB.exe 2192
PnkBstrA.exe 2128
pg2.exe 5344
PcCtlCom.exe 1136
pccguide.exe 3636 PCCGuide Trend Micro Inc.
pccguide.exe 5296 nvvsvc.exe 968
mDNSResponder.exe 1772
lsm.exe 748
lsass.exe 740
Launchy.exe 3144
Launchy.exe 4488 iTunesHelper.exe 3944 iTunesHelper Module Apple Inc.
iTunesHelper.exe 2500 iPodService.exe 5736
GoogleToolbarNotifier.exe 2372
firefox.exe 4076 Firefox Mozilla Corporation
explorer.exe 6060 Windows Explorer Microsoft Corporation explorer.exe 5956 EvtEng.exe 1928
ehtray.exe 4044 Media Center Tray Applet Microsoft Corporation
ehsched.exe 4540
ehrecvr.exe 4800
ehmsas.exe 2576 Media Center Media Status Aggregator Service Microsoft Corporation
dwm.exe 3148
csrss.exe 676
csrss.exe 600
csrss.exe 1200 conime.exe 2460 Console IME Microsoft Corporation
btdna.exe 4492
audiodg.exe 1224
AppleMobileDeviceService.exe 1820
AEstSrv.exe 1776
AcroRd32.exe 4268 Adobe Reader 8.1 Adobe Systems Incorporated
------------------------------------------------------------------------
Normal Account:
Process PID CPU Description Company Name
System Idle Process 0 71.46
Interrupts n/a 0.76 Hardware Interrupts
DPCs n/a 6.84 Deferred Procedure Calls
System 4
smss.exe 532
csrss.exe 600
wininit.exe 664
services.exe 708
svchost.exe 892
ehmsas.exe 2576
WmiPrvSE.exe 5656
unsecapp.exe 5664 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
nvvsvc.exe 968
rundll32.exe 1620
rundll32.exe 3952
svchost.exe 996
svchost.exe 1044
svchost.exe 1092
audiodg.exe 1224
svchost.exe 1120 1.52
dwm.exe 1612
dwm.exe 3148 1.52 Desktop Window Manager Microsoft Corporation
svchost.exe 1140
taskeng.exe 3364
taskeng.exe 3288
taskeng.exe 312 Task Scheduler Engine Microsoft Corporation
SLsvc.exe 1256
svchost.exe 1412
svchost.exe 1440
spoolsv.exe 392
svchost.exe 460
AEstSrv.exe 1776
AppleMobileDeviceService.exe 1820
mDNSResponder.exe 1772
svchost.exe 1936
EvtEng.exe 1928
PcCtlCom.exe 1136
PnkBstrA.exe 2128
PnkBstrB.exe 2192
svchost.exe 2220
RegSrvc.exe 2240
RoxWatch9.exe 2268
sprtsvc.exe 2356
stacsv.exe 2392
svchost.exe 2476
Tmntsrv.exe 2504
TmPfw.exe 2524
tmproxy.exe 2580
svchost.exe 2652
SearchIndexer.exe 2720
SearchProtocolHost.exe 3940
SearchFilterHost.exe 1324
wmpnetwk.exe 3436
ehsched.exe 4540
ehrecvr.exe 4800
svchost.exe 4968
iPodService.exe 5736
lsass.exe 740
lsm.exe 748
csrss.exe 676
winlogon.exe 1352
procexp.exe 5604
upeksvr.exe 1696
pccguide.exe 3636
sprtcmd.exe 4048
wpcumi.exe 4080
Syslogin.exe 556 0.76
rundll32.exe 3856
rundll32.exe 788
iTunesHelper.exe 3944
ehtray.exe 4044
Launchy.exe 3144
wmpnscfg.exe 3216
firefox.exe 4076 0.76
AcroRd32.exe 4268 0.76
SynTPEnh.exe 4176
csrss.exe 1200
winlogon.exe 2892
procexp.exe 6076 12.92 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
upeksvr.exe 2516
explorer.exe 5956 0.76 Windows Explorer Microsoft Corporation
pccguide.exe 5296 PCCGuide Trend Micro Inc.
sprtcmd.exe 3448 SupportSoft, Inc.
rundll32.exe 3044 Windows host process (Rundll32) Microsoft Corporation
rundll32.exe 2300 Windows host process (Rundll32) Microsoft Corporation
iTunesHelper.exe 2500 iTunesHelper Module Apple Inc.
GoogleToolbarNotifier.exe 2372 GoogleToolbarNotifier Google Inc.
btdna.exe 4492 DNA BitTorrent, Inc.
bittorrent.exe 5028 2.28 BitTorrentBitTorrent, Inc.
Launchy.exe 4488
SynTPEnh.exe 3316 Synaptics TouchPad Enhancements Synaptics, Inc.
wmpnscfg.exe 3260 Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation
pg2.exe 5344
conime.exe 2460
explorer.exe 6060
It is probably doing just what it was designed to do:
Quote:Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.
If you?re a ?Geek? with a Capital G. you?ll understand it..
If you?re not a geek, Why do you need it???
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
