ProcessGuard V3.000 beta 2 problems

I agree 100% with everything you just said and share your sentiment. I sincerely hope that DCS will take the time needed to sort this out before releasing 3.0 as I would really regret another major release going by without being able to use this otherwise excellent software.

We will have to just wait for an official DCS comment on these issues.

 

Hi Andreas, sorry- your helpful post got lost among some of the clutter that is now in this thread. In any case, I have already completely removed all traces of PG 3.0 from my machine and I won't be retrying it until there is a new beta or release from DCS. But to answer your questions I left all settings at default and PG was in learning mode so actually nothing should really have been blocked at all.

Regardless, DCSUserProt.exe has full privs (or should) by default AFAIK since it would be rather pointless for PG to protect itself from ..... itself. Also, that Windows error about "The Memory could not be WRITTEN" is more of a general error and not necessarily indicative of an instruction that was blocked by PG, in fact I have several apps that crash in this way, and have seen that exact message from other problematic programs going back years and years. As for cURL.exe, I pretty much ruled that out as the cause of the problem when, several hours later, I got the very same crash just while doing basically nothing (browsing the forums in IE). So I think that was more of a coincidence than anything else. I do appreciate you trying to help though.

 

Hi,

one thing to test would be to disable everyting but the checksum execution feature, to see if it still crash.

regards,

gkweb.

 

That's too bad, LuckMan, it would have been nice to help troubleshoot the problem down to help ensure your problem gets fixed in the final release. Andreas' post was one of my initial thoughts as well, considering PG3 will block access to physical memory by default. Although learning mode SHOULD pick up anything that needs access, it's possible that it didn't recognize it. It would make sense that if PG is blocking the access it needs, and the program keeps trying, that it might crash.

Blaze's suggestion that the ATI driver may be causing a conflict would make sense as well. I could see problems with this not arising until PG enters the equation as I've seen many driver problems that weren't apparent until another driver is installed, whether it's a device driver or some other piece of software that runs at a low level (like PG.) Blaze's experience having similar symptoms with the ATI driver (along with his findings of others with the same problem) puts this pretty high on my suspect list.

 

got any links to the ATI driver conflict posts?
I did a search and didn't find anything specific.

I will be happy to help resolve/debug this issue but until I hear from DCS on it there's no point in me crashing 5x a day while I wait. If there's something they specifically want me to try or a new test version of course I will load it and test. If it means I can't use my video cards however then I'm afraid I'll have to shelve this release along with the last one. I have to see my screen after all.....

 

We'll have to wait for Blaze to post links, provided he's still willing to help (I can't say that I would be.)

In the meantime, he did mention that his problem went away when using the default Microsoft driver, it's worth a try as a troubleshooting step. Do you have the most current driver for your video card? (if not, try downloading the latest version, this is generally a good idea anyway.) You could also try disabling the utility that runs in the tray (I'm assuming that's what the ati2evxx.exe is) either within the driver settings or with msconfig.

 

I sent Blaze a "peace" message privately... so hopefully there are no hard feelings. As to the other-- yes I of course have the latest driver (catalyst 4.91) and I hate tray icons so yes I had disabled that long ago as well....

the default MS driver is not an option as it does not provide multi monitor support on my system.

 

Fact is, that kind of error can be caused by a wide variety of things including software error, hardware error, corruption, possibly even virus/trojan/spyware infection. It's also very possible that something that shouldn't have been protected was, and windows couldn't handle it gracefully. In addition to removing things that shouldn't be protected, I also had to give things like winlogon.exe terminate privledges manually. Learning mode in PG3 is great, but it still requires some user interaction.

Since you've already uninstalled, if you were to sit me down at your computer, I would:
-redownload PG3
-scan for virii, trojans, and spyware
-run SFC with a slipstreamed SP2 disk
-install PG3 clean
-get everything that needs to be protected in the list & remove what doesn't need protection or special privledges
-remove protection options for anything left in the list that's not security related
-make sure to restart at least once in learning mode
-and add Dr Watson to the list manually (giving it all allows)

Then go from there. You might try giving the ati...exe file all allows with no protections (except maybe modification), if that doesn't work you might try switching the driver just to see if it's even what's causing the problem.

 

Re: Process Guard V3.000 beta 2 problems

oops i came here first before checking my Private Messages

was hoping you found a fix

the ati drivers can be found at Microsoft update under drivers

they made one specifically for my graphics card

for ati radeon and heres the really strange part the newer drivers at ati crap out on me badly but this old Microsoft outdated looking one works thats sad but true

you just click on Microsoft update see if the ati driver shows up if not then you most likely don't need it

most people don't get it because the driver at ati web page is newer i skipped it allot a few times then my system crashed hard

said f it and got Microsoft version and it worked great

also ati has new drivers is your graphic card up to date on its drivers

ATI Technologies Inc. display software update released on December 12 2003.

 

oh and the worst software to ever crash my pc was the software that came with creative blaster 16 pci card not the driver or the sound card but the sound blaster media player and recorder

Creative Technology Ltd. multimedia software update released on June 18 2002.

 

https://www.wilderssecurity.com/showthread.php?t=20401
https://www.wilderssecurity.com/archive/index.php/t-23189.html
W32X86\3\E_S4I2G1.EXE F:\Program Files\ATI Technologies\ATI Control Panel ...
F:\WINDOWS\system32\drivers\dcfssvc.exe F:\Program Files\ProcessGuard Free\dcsuserprot ...
0x7c911e58 low memory 0x00001186 pci
nasty226
I'm using XP Pro, and recently, my internet has become very slow (I have cable modem). Sometimes, I click on links, and nothing happens at all. Other times, it starts to load the page and all I get is a blank screen and it gets stuck there. It looks like it is still loading, but never gets past the white screen. I checked the task manager and it says CPU usage is 100% for iexplore.exe. Here is the log from the hijack ... and clues or suggestions would be GREATLY appreciated! Thanks!!!

Logfile of HijackThis v1.97.7
Scan saved at 6:22:19 PM, on 8/20/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\csrss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\System32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Common Files\Stardock\SDMCP.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\WINDOWS\System32\ctfmon.exe
F:\Program Files\CursorXP\CursorXP.exe
F:\Program Files\eBay\eBay Toolbar\4.3.0.8\ebaytbar.exe
F:\WINDOWS\System32\CTSvcCDA.exe
F:\WINDOWS\system32\drivers\dcfssvc.exe
F:\Program Files\ProcessGuard Free\dcsuserprot.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\WINDOWS\System32\svchost.exe
F:\PROGRA~1\Ontrack\SYSTEM~1\MXTask.exe
F:\Documents and Settings\Russ\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {001F2570-5DF5-11d3-B991-00A0C9BB0874} - F:\Program Files\eBay\eBay Toolbar\4.3.0.8\eBayBand.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - F:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: eBay Toolbar - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - F:\Program Files\eBay\eBay Toolbar\4.3.0.8\eBayBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [EPSON Stylus CX5400] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [WinPatrol] "F:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] F:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [Cookie Pal] "F:\Program Files\CMan\CPBrWtch.exe"
O4 - HKLM\..\Run: [PCDRealtime] F:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] F:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [RoboForm] "F:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Startup: Process Guard Free.lnk = F:\Program Files\ProcessGuard Free\procguard.exe
O4 - Global Startup: eBay Toolbar.LNK = F:\Program Files\eBay\eBay Toolbar\4.3.0.8\ebaytbar.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu &4 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill && Submit &8 - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillSubmit.html
O8 - Extra context menu item: Fill Forms &] - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://F:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: eBay Toolbar (HKLM)
O9 - Extra 'Tools' menuitem: eBay Toolbar (HKLM)
O9 - Extra button: AIM (HKLM)
O10 - Broken Internet access because of LSP provider 'wps.dll' missing
O12 - Plugin for .pdf: F:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - http://active.macromedia.com/flash2/cabs/swflash.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38072.4797222222
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

i found a few stuffs like this only thing i saw in common was processguard and ati graphic cards

i think those are right links i was in a rush this morning to work didnt double check them

 

Hi Blazie, Not sure about your HJT log so have asked an expert to take a look.

Regarding iexplorer, on my protection list IE has "Other" allow flags for install global hooks & Allow access to physical memory.
I do not run MS's IE as Avant uses it's own version which I assume sits on top of ordinary IE and all that needs is allow global hooks.

Pilli

 

so my theory on ati graphics card bad driver and processguard problem might be wrong?

well it a learning experince lol hugsss

 

Your theory on ATI may be correct. I use Nvidia GFX cards on all my PC's, so cannot comment on that.

Pilli

 

lol

 

Nvidia here (and no pbs), but I have just installed the beta on a system with ATI, will report if any problem.

regards,

gkweb.

 

Mr. Blaze.

Do you have that ebay toolbar on purpose?

Regards,

Gerard

 

Off-topic:
one thing to remember about learning mode is that it gives th necessary privileges *after* they have had to be blocked for the first time. IOW, you specify general protection settings, go into learning mode, and something is blocked by your general prot. settings - *then* the corresp. application is given the necessary rights. Most times this works (because the application retries or doesn't crash on its action being blocked), but sometimes, you're out of luck and the app crashes, although you're in learning mode, and when you look into the protection list, it has the necessary rights - by then.

LuckMan, I agree it's not unreasonable to wait with further attempts until DCS get involved - and I want to thank you for being ready to help and try it again, when they do.
Worldcitizen, in order to fix those BlueScreens, DCS will need to talk to people who continue to get them, so by just uninstalling you're taking steps to insure PG will never work for you. Or you depend on good luck of having your problem fixed when DCS is actually fixing someone else's problem. Of course, PG is a product you purchase, and not an obligation to help the vendor, so one cannot really reproach this to you, but you would deserve and earn a great deal of gratitude if you would be ready to re-install and help beta-testing as well. I don't mean to be rude or reproaching, I just want to make sure that I understand your attitude and that you see how important your participation would be - and how much in your own interest.

Next time I'll stay more on-topic, I promise

 

nope that hijack log isnt mine thats from a search in google of similar threads all which seem to have ati cards and process guard on the same system

all have problems similar to whats going on

but that dosent really mean anything when i give it deep thought ati is a populer graphic card im perty sure it is

but you know the pictures he posted i seen same errors that look like those and it was the card that kept crashing my system

it wouldnt get along with certin applications and once it crashed the driver would have to be replace otherwise it just keep crahing it sucked

 

Hi LuckMan212,

Can you please send your system specs to support(at)diamondcs.com.au for a beta report, thanks !

Notok's suggestions of scanning are very good.. check drivers and make sure everything in the Device Manager is ok is the first thing I would do if sat at it, then make sure its clean

 

Please run with a default list for a while. Things dont look right, did you change any of the default settings ? I think learning mode has picked up TOO much for a start, and that program launching many many instances might have shown up a bug. Jason will be able to work it out.

Only run programs you want to protect when in Learning Mode, then disable it and set up allows for programs to RUN. Can you get it stable now like this, with a limited configuration change from the defaults ?

 

Hi Gavin, glad to see DCS joining in here
as far as system specs, is there anything in particular you need or any specific "dumping" app you want me to use?

I did not change any of the default settings. I posted screenshots of my settings at the top of this thread. If I understand you correctly, you are basically saying to enable learning mode only during the initial startup after installing PG, and then pretty much disable it immediately after that?

I am not sure what other apps I would need to "protect" other than the basic core set of system processes & services-- which would all appear during the initial launch. The rest of the manual configuration would mostly be exclusions for programs that need elevated privs to run. Is this what you mean?

If that's the case, I'm not sure I follow the logic of how a MORE restrictive environment would result in fewer crashes than my less restrictive (learning mode) setup, where I did get a high number of fatal errors from DCSUserProt.exe.

also, is it by design that should the DCSUserProt.exe itseld crash and die, that nothing else can be launched on the system? This makes testing difficult and somewhat dangerous because when this happens my only recourse is to Hard-Reset the computer since I can no longer even initiate a safe shutdown at that point, nor can I launch task manager, etc. I know we all hate hard reboots here due to possible data loss/corruption.

 

Hey Blaze....i will say this.......i too have always had problems with spelling.....like yourself never a problem with reading....by the time i was 19 i had read all of the most famous philosophers and much more to boot...please don't misunderstand me...i am not ego tripping......... when i started using a puter i discovered Spellcheck......without a doubt it has improved my spelling immensely.....what i mean is SEEING the corrected spelling has taught me......... so there my friend is a bit of food for thought

 

If DCS has no preference, PC Wizard is a really good tool for reporting your system specs:
http://www.cpuid.com/pcw.php
(freeware)

 

Notok, thank you for the suggestion. Pretty cool app! I have saved the report and sent it in to DCS. Hope to hear back from them soon.