OBMM Launcher firing a network connection

[QuiteTheTail]

 

And the processes/threads you want to identify are what is being called/initiated by OBSE. Any of those tools I mentioned earlier in the thread would be able to do that. Then compare what occurs (or doesn't) after a fresh boot vs. already booted and Oblivion already booted once. I would assume something should be different; like that process OBSE wants to use/access already running. Then once you identify the process/thread that OBSE wants to start, but cannot try changing affinity and/or priority, or auto boot at startup, vs. manual and see if it helps.

I'll try that, thanks.

 

By the way, once removed the registry keys related to Windows Game Explorer, the network connection isn't initiated anymore.

So at least the OT could be marked solved. Now all that remains is the failed dll injection thingy.

 

The tools you mentioned are indeed related to network analysis, I think this new task would be better performed with another of Russinovich's tools, FileMon.

Readme:

 

FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.

 

 

 

P.S.

FileMon looks outdated. ProcessExplorer or ProcessMonitor should be the updated version.

[varenne]

oops! My bad! Yes, we've moved from monitoring network activity to file system, registry, process, thread and DLL activity. Both tools are very good and I think I've used both in the past to troubleshoot issues. And I don't think FileMon is being updated or maintained any longer.

[QuiteTheTail]

Well, I made a couple of tests with ProcessMonitor. I monitored registry and file system activity restricting the filter to obse_loader.exe process only, and there are indeed some differences between the first and subsequent execution attempts. Comparing the logfiles (an all but easy task) it appears that somehow the Windows Prefetch feature is involved, but I'm not sure how to make use of this new bit of information.

I have Prefetch enabled for system files and applications (default). The .pf files are generated to speed up system and applications startup, and are located in the Windows\Prefetch folder. Deleting obse_loaderxxxxxxx.pf would be pointless, I think.

Last thing I could try is deleting the cache, and disabling prefetch for applications, but I already know it won't work.

[fejeena]

Not OBMM but the CS

Yesterday my CSE stop working again. "program must be closed oe search online for a solution" message and some seconds later "couldn't inject .dll" error.

 

The error details

Problem Event Name: BEX

vipcxj_plugin_collection.dll  ( a OBSE Plugin )

 

I backuped the file and delete it in the OBSE\Plugins folder and could start CSE again....one time....then the next error message with another OBSE dll file.

 

Problem was Windows Defender.

My whole Oblivion folder is set in AVG to "ignore list"  but the Windows Defender still controlled the whole computer, included Oblivion.

I deactivated Windows Defender after AVG installation ...but it's Windows...think after one of the last Win Updates it was activated again. And two anti virus/spyware programs at once not work well.

After shut off Windows Defender the CSE works fine again with all OBSE Plugins.

[varenne]

Well, I made a couple of tests with ProcessMonitor. I monitored registry and file system activity restricting the filter to obse_loader.exe process only, and there are indeed some differences between the first and subsequent execution attempts. Comparing the logfiles (an all but easy task) it appears that somehow the Windows Prefetch feature is involved, but I'm not sure how to make use of this new bit of information.

I have Prefetch enabled for system files and applications (default). The .pf files are generated to speed up system and applications startup, and are located in the Windows\Prefetch folder. Deleting obse_loaderxxxxxxx.pf would be pointless, I think.

Last thing I could try is deleting the cache, and disabling prefetch for applications, but I already know it won't work.

 

I did some quick reading on Windows Prefetch (Superfetch on Win7) and two things I noted. One, it can be problematic with early generation SSD drives, and two it is better for business types of applications and can be problematic with games.

 

I too have it set as default which is to run on system files and apps.

[QuiteTheTail]

As expected, cleaning the cache and disabling prefetch for applications had no influence, but I haven't tried disabling it completely.

And yes, I do have a SDD drive, so it may be related. Honestly, I don't know whether Windows Defender is installed or not, as fejeena said it could have been introduced in a system update. Added to my checklist.  

[fejeena]

To check if Win Defender is active.

Open the Security Center

In Windows 7, Windows Security Center has been renamed Action Center.

 

If a anti virus AND Win defender are active you will see a warning. I have only AVG active.

 

Shut off WinDefender:

Start TaskManager

double click WinDefend and deactivate it

 

Or click Win Start button and enter Defender, click defender, and deactivate it

 

 

 

[QuiteTheTail]

Well, deactivating Windows Defender and my antivirus software won't help with the DLL injection error message, at least for me.

But then again, I can live with it. I will simply run the launcher twice.