Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Shaun E on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Win XP Loop in System 2

Status
Not open for further replies.
hjmc

hjmc

Technical User
Nov 20, 2002
38
GB
On Sat 13th Sept I received an update (automatic) from Microsoft.

I also downloaded some Real One software so that I could listen to the match commentary of my favorite team Sunderland.

Ever since Saturday my PC goes into a loop (System 99 or 100%) at random intervals . I have to switch off and reboot. I have seen that SYSTEM is running at 99+ through CNTL/ALT/DEL.

I can't use my Norton Antivirus to check for probs as the problem kicks in before it can finish.

There does not seem to be any damage to my files etc

Any tips on how I can debug this problem.

Thanks
 
Sort by date Sort by votes
If you use Msconfig to remove the Real One Player from startup, does the problem disappear after a reboot?
 
Upvote 0 Downvote
bcastner:
Thanks for the reply.
I removed the RealOne player by Remove from the Control Panel Add/Remove Programs.
The problem still persists
 
Upvote 0 Downvote
Control Panel, Administrative Tasks, Event Viewer. Look and see if there are any red or yellow warnings in both the System and Application logs.
 
Upvote 0 Downvote
In the System Log I saw a warning of a paging error. So I did a complete disk scan/repair after reboot. No probs with this but problem still occurs.

I will look at these tonight after work and get more info.
 
Upvote 0 Downvote
If I had a paging error, I would:

1. Under System Properties, Virtual Memory, set the paging file to 0 in both minimum and maximum sizes.

2. Then under the "Error Checking" tool for the drive (found under its Properties, Tools menu) check both boxes and then reboot.

3. After the reboot, enable the Virtual Memory settings and set to "system" determined sizing.

4. Then defrag. I would use the freeware tool from this site:
XP does not like hard errors in the paging file reserved area, and it does not like the paging area to become defragmented.

If the issue re-occurs, running chkdsk /r from the Recovery Console would be my next step.
 
Upvote 0 Downvote
BCastner (or anyone!),

Sorry I took so long to get back.
I've done what you said and I still get the problem of System running at 99%

I have noted the following: I dont get any problems if I am connected to the Internet. I can work for hours with no problem.

I have done a full scan with my Norton Antivirus - no reports of a virus.

Yesterday I tried to send an email with a .EXE attachment. MS Hotmail said it had a virus and wouldnt attach it!

Any thoughts.
 
Upvote 0 Downvote
I would guess that you have a Trojan Horse on your machine that is continuosly looking for a internet connection. Download a free piece of software called Hijack This from this when run will list all the things that start when your computer starts. Save the list as a txt file and then post it here. From that we should be able to help you.


Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
Norton does not catch everything. Run at least two on-line virus scanners, one being Trend Micro Housecall: faq760-3862
 
Upvote 0 Downvote
GPalmer,

Here is the StartUp List. After it is the HIJACK LOG.

StartupList report, 23/09/2003, 20:04:41
StartupList version: 1.52
Started from : C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VSdotNET\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft Works Calendar Reminders.lnk = ?
OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
DellTouch = C:\WINDOWS\DELLMMKB.EXE
UpdReg = C:\WINDOWS\Updreg.exe
AHQInit = C:\Program Files\Creative\SBLive\Program\AHQInit.exe
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
DIAGENT = C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
MsmqIntCert = regsvr32 /s mqrt.dll
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
GSICONEXE = GSICON.EXE
DSLAGENTEXE = dslagent.exe USB
RemHelp = remhelp.exe
WorksFUD = C:\Program Files\Microsoft Works\wkfud.exe
Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
nwiz = nwiz.exe /install

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE =
[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE =
[IEAnimBehaviorFactory Class]
InProcServer32 = C:\Program Files\Common Files\Microsoft Shared\msorun\MSORUN.DLL
CODEBASE =
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE =
[MSN Chat Control 4.0]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MSNCHA~1.OCX
CODEBASE =
[SDKInstall Class]
InProcServer32 = C:\WINDOWS\sdkinst.dll
CODEBASE =
--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 7,138 bytes
Report generated in 0.156 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



HIJACKTHISLOGHIJACKTHISLOGHIJACKTHISLOG
---------------------------------------

Logfile of HijackThis v1.97.2
Scan saved at 20:00:39, on 23/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VSdotNET\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: OpenMG Jukebox Startup.lnk = C:\Program Files\Sony\OpenMG Jukebox\Omgtray.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} (MSN Chat Control 4.0) - O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{E4D107E3-C1E8-4B2B-9B9F-5F9201826C2C}: NameServer = 194.72.9.34 194.74.65.68
 
Upvote 0 Downvote
Well after looking at them I cannot see anything that resembles a Trojan or Virus, they all look legit.

Do you know which update you received from Microsoft?

It might be worth removing it and seeing if you have the same problem.

Sorry I could not be more help!!


Greg Palmer

----------------------------------------
Any feed back is appreciated.
 
Upvote 0 Downvote
"Yesterday I tried to send an email with a .EXE attachment. MS Hotmail said it had a virus and wouldnt attach it!

Any thoughts."

You have a lot of startup applications running, including a lot of things for Sound Blaster Live. You might go to the Creative site and download an update. I suspect as it has been reported here in the past, that it is the culprit in your high resource usage.

For the Hotmail issue there is a ban at the moment on attachments in email through Hotmail.



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

k3sun
  • Locked
  • Question
TBS Accounting system. Foxpro
Replies
1
Views
505
k3sun
k3sun
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
964
pjw001
pjw001
bobadams52
  • Locked
  • Question
error 12 program swcocx in mas90
Replies
0
Views
589
bobadams52
bobadams52
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
823
pjw001
pjw001
K
  • Locked
  • Question
Recover Data Windows 10 1
Replies
2
Views
4K
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top