1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HELP PLEASE CPU 100% services.exe

Discussion in 'Virus & Other Malware Removal' started by rlsoultz, Jul 16, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. rlsoultz

    rlsoultz Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    11
    Recently my WinXP home computer began running very slow.
    I noticed that it appeared to be lunging, so I started Task Manager and observed the CPU Usage alternating between 0 - 100%.

    I have also had problems with the computer suddenly rebooting especially, when I was using various security related programs.
    These programs included:

    1. SuperAntiSpyWare when scanning would get so far into the 'Files' scan, but after the memory and registry were scanned. I had to boot in safe mode to eventually get the program to scan without causing a reboot.

    2. MSConfig.exe when I would attempt to stop the event logging service.

    The CPU Usage is very low when I boot in Safe Mode and it doesn't reboot itself.

    The task that drives the usage up is services.exe.

    I downloaded Process Explorer to try to determine what was happening, and it also shows that Services.Exe is the process which drives the CPU usage up in a cyclic pattern. The processes that services.exe are responsible for appear to be Event Logger and Plug N Play. I cannot access the event logs thru Event Viewer.

    When I click on the services.exe process and look at the properties, the TCP/IP tab shows multiple TCP/IP Addresses that i do not recognize, starting and stopping.

    I have SBC DSL and a 2Wire DSL Wireless Router/Modem. This router is connected to the desktop via a CAT-5 cable, and my laptop connects via wireless. I have 32bit WEP security enabled and only allow my laptop to connect to this LAN.

    At the same time that I noticed the increased CPU usage, I also noticed that the trayicon for the 2Wire HomeNetwork Portal had turned gray and shows a status of network 'down'. Yet, I can connect to the Internet, albeit very slowly due to the CPU usage.

    At this point I do not know if I have a virus or trojan, or if someone is accessing my wireless router, or if I have a hardware problem.

    Any guidance or suggestions would be greatly appreciated.

    I have posted the HiJackThis Log file, the Un-Install List and the SuperAntiSpyware Scan Log, in hopes that someone can help me.

    Thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:33 PM, on 7/14/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Yahoo!\Antivirus\ISafe.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\system32\RunDll32.exe
    F:\Program Files\2Wire\2PortalMon.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    F:\WINDOWS\system32\wuauclt.exe
    F:\Program Files\Trend Micro\HijackThis\fred.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [2wSysTray] F:\Program Files\2Wire\2PortalMon.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3B4B24-78F0-413A-857F-4059239579B4}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8C87EB-4A91-4388-8AD6-0F451EE2F04A}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AABBF634-64CC-42EB-B449-6F6A518C014B}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E69E7D68-4F0A-437E-89EC-F74F221F4758}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS3\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE

    --

    UNINSTALL_LIST.TXT

    Adobe Flash Player 9
    Adobe PhotoDeluxe 2.0
    Adobe Reader 8
    Adobe® Photoshop® Album Starter Edition 3.0
    AT&T Yahoo! Applications
    Canon PIXMA iP4000
    Canon Utilities Easy-PhotoPrint
    C-Media 3D Audio
    HijackThis 2.0.2
    Hollywood FX Pack 26 - Extra FX
    InterVideo WinDVD Creator 2
    Java(TM) SE Runtime Environment 6 Update 1
    Microsoft Office 2000 Professional
    Pinnacle Hollywood FX 4.6
    Plextor ConvertX AV100U A/V Capture Device Driver
    QuickTime
    Reader Rabbit Preschool(R) Sparkle Star Rescue!(TM)
    Reader Rabbit Thinking Adventures Ages 4-6
    SBC Yahoo! DSL Home Networking Installer
    Sonic RecordNow!
    Sonic Update Manager
    Street Atlas USA 4.0
    Studio 8
    SUPERAntiSpyware Free Edition
    Update for Windows XP (KB931836)
    VideoLAN VLC media player 0.8.6b

    -----

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/15/2007 at 00:27 AM

    Application Version : 3.9.1008

    Core Rules Database Version : 3259
    Trace Rules Database Version: 1270

    Scan type : Complete Scan
    Total Scan Time : 00:39:33

    Memory items scanned : 258
    Memory threats detected : 0
    Registry items scanned : 4781
    Registry threats detected : 0
    File items scanned : 37827
    File threats detected : 1

    Adware.Tracking Cookie
    F:\Documents and Settings\[MYNAME]\Cookies\[MYNAME]@doubleclick[1].txt
    -----
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

    Close all applications and browser windows before you click "fix checked".

    Does this belong to your ISP? NameServer = 202.171.32.38
     
  3. rlsoultz

    rlsoultz Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    11
    Thanks CyberTech, i clicked the items that you specified and the had HT fix them.
    Rebooted, but still cyclical 100% usage.

    I do not recognize the IP address: 202.171.32.38 shown in the O17 NameServer= entries that you asked about, so I did a search on that addy and found:

    i1dns.i-sentrix.com in Skudai, Malaysia

    I also have some other new information:

    When I look at the properties for the Services.Exe in Process Explorer, the TCP/IP tab shows numerous addresses that I dont' recognise, and many that would pop into, then out of the list. Following are a few of the adrresses:

    *.s8a1.psmtp.com:smtp
    *.s8b2.psmtp.com:smtp
    156.122.50.72:smtp
    198.63.51.36:smtp
    202.43.219.195:smtp
    208.101.3.58-statis.reverse.softlayer.com
    208.65.144.12:smtp
    209.205.173.54:smtp
    216.39.51.1:smtp
    bay0.mc6-f.bay0.hotmail.com:smtp
    bay0-mc12-f.bay0.hotmail.com:smtp
    dsl092-180-020.sfo1.dsl.speakeasy.net
    eforwardct.name-services.com:smtp
    h8.prohosting.com.ua:smtp
    host-69-59-82-245
    Il-234.39.109.212.sovam.net.ua:smtp
    m15-136.126.com:smtp
    mail.global.frontbrid
    mail.netins.com:smtp
    mail.sulanet.net:smtp
    mail1.corpmaisvcs.com:smtp
    marsupilami.mailclub.fr:smtp
    mary.csd.plymouth.ac.uk:smtp
    md.mx.aol.com:smtp
    mercury.toad.net:smtp
    mta12.grp.scd.yahoo.com:smtp
    mta142.mail.in2.yah
    mta147.mail.in2.yah
    mta3.vsnl.net:smtp
    mta-v12.mail.vip.re4.yahoo.com:smtp
    mta-v13.mail.vip.re4.yahoo.com:smtp
    mta-v2.mail.vip.re3
    mta-v7.mail.vip.mud.yahoo.com:smtp
    mta-v8.mail.vip.mud.yahoo.com:smtp
    mx.pochta.ru:smtp
    mx0.rrv.net:smtp
    mx01.perfora.net:smtp
    mx1.hotmail.com:smtp
    mx4.hotmail.com:smtp
    mx6.business.minds
    p3presmtp01-v01.p
    server.fwahost.com:smtp
    wa-in-f114.google.c

    I do not fully understand what the TCP/IP tab of the services.exe properties window is showing me, but it looks like a bunch of email servers. I have an SBC DSL connection and use the Yahoo email exclusively. I do have 3 grown children that also have sub-accounts on my primary sbcglobal.net account, and as such have their own email addresses.

    This list and the O17 NameServer entries of has me concerned. Can my connection be being used by others for email or other things?

    ------------

    My DSL router is a 2Wire 1000HW and since this problem began, the tray icon for the 2Wire Home Portal has been gray. When I click it, it shows that the Network is down, even though it is not.

    I called 2Wire tech support and they told me to disable the Tray Icon from starting and to just use the dedicated IP address for accessing my settings. I did this to make sure that the Firewall was still enabled, it was.

    Then I just left the computer running and a message box popped up that stated that Microsoft Windows had encountered an error and could not continue. I selected for it to send the report to Microsoft, which it did. Then I was redirected to a Microsoft Help screen that stated that the reported error indicated that there was a problem with either a Hardware or Software service that was being loaded. It suggested that I restart in safe mode and utilize devmgmt.msc to begin a process of excluding half of the drivers to see if I could locate the problem hardware driver. It further recommended to do the same thing with services in msconfig if the hardware driver location procedure didn't locate the offensive service.

    When I attempt to run the devmgmt.msc on this computer, the device list is blank. If I access the device list thru control panel/system/hardware manager, it shows my hardware devices.

    At this point I don't know if I am looking at a hardware or software problem, driver problem, security problem, or coincidental anomalies. I have run anti-virus and spyware programs and they come up clean.

    Every time I attempt to open File Explorer, It opens without listing any drives in the left pane, then a flashlight appears in the right pane and after approx. 1 minute the drives are listed. I right clicked on my system drive and the driver details are blank. I installed this IDE drive approx. 4-5 months ago and it has been working great.

    It has me stumped.:confused:
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O17 - HKLM\System\CCS\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3B4B24-78F0-413A-857F-4059239579B4}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8C87EB-4A91-4388-8AD6-0F451EE2F04A}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AABBF634-64CC-42EB-B449-6F6A518C014B}: NameServer = 202.171.32.38
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E69E7D68-4F0A-437E-89EC-F74F221F4758}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS1\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS2\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
    O17 - HKLM\System\CS3\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38

    Close all applications and browser windows before you click "fix checked".


    Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

    CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.

    • Double-click the Network Connections icon
    • Right-click the Local Area Connection icon and select Properties.
    • Hilight Internet Protocol (TCP/IP) and click the Properties button.
    • Be sure Obtain DNS server address automatically is selected.
    • OK your way out.


    Go to Start > Run and type in cmd
    • Click OK.
    • This will open a command prompt.
    • Type the following line in the command window:

      ipconfig /flushdns

    • Hit Enter
    • Exit the command window


    Now restart your machine.

    Post your log again and let me know if that helps.
     
  5. rlsoultz

    rlsoultz Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    11
    I checked the above O17 items in HJT and then 'fixed' them.

    Checked Local Area Network Connection's TCP/IP Properties and 'Obtain DNS server address automatically' was already selected. I clicked OK anyhow.

    Started Run/Cmd/ipconfig /flushdns and received the message:

    Windows IP Configuration

    Could not flush the DNS Resolver Cache: Function failed during execution.

    Rebooted the PC into Safe Mode and reattempted flushdns. Did not work because networking not started.

    Rebooted the PC into Safe Mode with Netwroking and reattempted flushdns. Received same message:

    Windows IP Configuration

    Could not flush the DNS Resolver Cache: Function failed during execution.

    I have attached my ProcessExplorer file for the services.exe, and posted the latest HJT log below:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:19:55 PM, on 7/16/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\Program Files\Yahoo!\Antivirus\ISafe.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    F:\WINDOWS\system32\wscntfy.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    F:\Program Files\Trend Micro\HijackThis\fred.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [YOP] F:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
    O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
    O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
    O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\ISafe.exe
    O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
    O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 4253 bytes
     

    Attached Files:

  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Looks fine. Is everything ok now?
     
  7. rlsoultz

    rlsoultz Thread Starter

    Joined:
    Nov 3, 2004
    Messages:
    11
    No, not yet Cybertech. The cpu usage still continues to spike every 5-10 seconds, and the computer will eventually reboot. The devmgmt.msc still does not display devices, and the File Explorer still comes up blank and then displays the searching flashlight cursor, and eventually displays the drives and contents. The cpu usage does not spike, and the computer does not reboot while in Safe Mode. However the File Explorer and devmgmt.msc act the same.

    After coming back up from one of the reboots, I had a message stating that the computer had experienced an unrecoverable error. It asked if I wanted to send a report to Microsoft.The details from Microsoft indicated that either a hardware or software service had caused the reboot. This would explain why it doesn't occur in safe mode. I will try their recommendation on disabling half of the drivers. If the problem still exists, then reenable those drivers and disable the other half. If this prevents the problem, then spilt that half in half, and keep repeating until the defective driver is located. The then recommended that if testing the drivers did not fix it, to perform the same procedure on all non essential services. What would be helpful is to know which drivers and services are being loaded in Safe Mode, as these are obviously not the culprits.

    If none of this works, then I will perform a data only backup of the hard drive and reformat and reinstall windoze.

    If that does not work, then I have to look to defective hardware, motherboard northbridge, southbridge, ram, etc., or defective hard drive.
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, good luck!
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/596409

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice