pc tech ?

pauly · May 6, 2005

recently I was trying to dump some video, and though I 've done it before without any hiccups in the footage- lately dumping any audio or video isn't working smoothly- comes in all choppy

checked some things out- took all unused programs of the comp. defrag'd and when I boot up- get to my desktop- with nothing running, I can go to the task manager and the cpu is at 100%-

earlier I thought maybe one of my fans was dying but it stopped making noise so I figured all was cool- could this be the mother board beginning to overheat because a fan isn't keeping it cool?

if anyone has a clue let me know-thanks!!

Steve · May 6, 2005

In the Task Manager, click on the list of Processes. Which one is causing the problem?

pauly · May 6, 2005

LOL...taskmgr.exe -its at 99 and everything else is at 00

and the red led is off on the front of the comp. and the taskmanager icon in the lower right is also showing 0% usage but if I click on the performance tab- its peaked out at 100%-

so I just hit refresh and it went down to 2% but now the lower right icon is maxed out...never seen this before. maybe its nothing.

pauly · May 6, 2005

if I hit refresh again it goes down. but then in the processes tab System Idle Process is at 93% and iexplorer.exe at 7%....

now that worries me. when I close the task manager and re-open it, it is always back up at 100%. errrh.

rygon · May 7, 2005

dunno bout you lot but a hijackthis log may show the problem..post one up so i can ave a look then either dee or sigma can tell me to f off and show you the real problem

May 7, 2005

Pauly, I will have to remove your avatar, it's 5.27 MB and can cause browser lockups. URL for the gif is http://www.twat.tv/misc/woody.gif if you wanna save it.

pauly · May 7, 2005

no problem Dee,

sorry about that. I made it so no need to save but thanks for looking out.

rygon I don't know how to do a hijackthis log but thanks for trying.

May 7, 2005

OK, see this thread, pauly:

http://www.digitalvertigo.co.uk/index.php?showtopic=90

pauly · May 7, 2005

excellent......thanks!

pauly · May 7, 2005

Logfile of HijackThis v1.99.1

Scan saved at 11:03:22 PM, on 5/6/2005

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\System32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\gearsec.exe

C:\PROGRA~1\Iomega\System32\AppServices.exe

C:\WINDOWS\System32\mgabg.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe

C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe

C:\WINDOWS\system32\regsvc.exe

C:\WINDOWS\system32\MSTask.exe

C:\WINDOWS\system32\stisvc.exe

C:\WINDOWS\System32\WBEM\WinMgmt.exe

C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\DbServer.exe

C:\Program Files\Trend Micro\OfficeScan\PCCSRV\Web\Service\NSAgent.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

C:\Documents and Settings\administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R3 - Default URLSearchHook is missing

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logon

O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

O4 - HKLM\..\Run: [iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe

O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [hoxidoz] C:\WINDOWS\hoxidoz.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://oem:8080/officescan/console/html/AtxEnc.cab

O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - http://oem:8080/officescan/console/html/AtxPie.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.3.1/ttinst.cab

O20 - Winlogon Notify: nwprovau - C:\WINDOWS\SYSTEM32\nwprovau.dll

O23 - Service: Apache2 - Unknown owner - c:\Program Files\Trend Micro\OfficeScan\PCCSRV\Apache2\bin\Apache.exe" -k runservice (file missing)

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe

O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: OfficeScan Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan\PCCSRV\web\service\ofcservice.exe

O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

oh dear.... I can tell that dont look to good. but I hope its spyware over a hardware issue.

Steve · May 7, 2005

You have a spyware infection Pauly, which is why your homepage is that shitty search site. It could also explain why Task Manager is acting up, because some spyware infections attempt to close it or fuck it up so you can't end the dodgy tasks. It's easily removed but first off, which video card do you have in your machine? You have NVIDIA and Matrox drivers installed and one lot needs to be removed. I'm guessing you're using an NVIDIA card, but I just want you to confirm it before I tell you what to do next.

pauly · May 7, 2005

First off, Thanks for taking a look!

well, my browser has been fine for a while- could those be old spyware entries? My nightly scans have been coming up clean and I know My browser has been going straight to google. sometimes those scans dont get everything nor do they fully clean em off the machine. I 'd rather it be that then a motherboard issue though

but i did upgrade video cards a ways back to handle some other games and the matrox was the old card -more for CAD actually- and NVIDIA is the new one. Confirmed- any tips on removing the old matrox drivers or is it foolproof?

May 7, 2005

To remove those old drivers, there may possibly be an entry in Control Panel > Add or Remove Programs. If you see it in there, uninstall them, then do a cleanup of the registry with RegSeeker. Check the DVKB Index for a thread on RegSeeker.

http://www.digitalvertigo.co.uk/index.php?showtopic=3793

Steve · May 7, 2005

Here's the instructions then. First off, do what Dee says to get rid of the Matrox drivers and also Yahoo! Companion (it's bullshit!), then reboot. I wouldn't worry about the registry cleaning stage just yet - you might as well do that right at the end.

Next, run HijackThis and check off all of the following. Some may no longer exist after uninstalling the Matrox drivers and Yahoo! Companion so don't worry if you don't see all of these: -

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://thenewsearch.com/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://thenewsearch.com/search.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast

R3 - Default URLSearchHook is missing

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 websearch.com

O1 - Hosts: 216.130.185.143 www.adwave.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 adwave.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O1 - Hosts: 216.130.185.143 www.xzoomy.com

O1 - Hosts: 216.130.185.143 xzoomy.com

O1 - Hosts: 216.130.185.143 www.advnt01.com

O1 - Hosts: 216.130.185.143 advnt01.com

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [hoxidoz] C:\WINDOWS\hoxidoz.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com

O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.3.1/ttinst.cab

O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe

Now close ALL browser windows (IE/Firefox etc.) and hit Fix Checked. Now reboot your PC into Safe Mode by tapping F8 as the computer is starting up. Start Windows Explorer, not Internet Explorer, then hit Tools then Folder Options. Click on the View tab and make sure the following are set like this: -

Show hidden files and folders (Selected)

Hide extensions for known file types (NOT selected)

Hide protected operating system files (Recommended) (NOT Selected)

Then hit Apply then OK.

Next, browse to these files and folders and delete them if they exist: -

C:\Program Files\Yahoo!\Companion

C:\WINDOWS\hoxidoz.exe

C:\WINDOWS\System32\mgabg.exe

Run Disc Cleanup from the System Tools section of your Start Menu. Make sure you delete all temporary files, including the Recycle Bin.

Reboot your PC into regular Windows. Start Internet Explorer and hit Tools then Internet Options. Click on the Programs tab and hit Reset Web Settings, then hit the General tab and re-enter your desired homepage. Finally, click on the Security tab, Internet Zone icon, then make sure it's not been set to low - if it has, click on Default Level. Then hit Apply then OK.

Next, hit Start then Run and type "services.msc" without the quote and hit Enter. Scroll down to the NVIDIA Driver Helper Service, left click it to select it, then right click it and choose Properties. Set the Startup Type to disabled then hit Apply then OK. If you don't access your computer via a network or remotely via the Internet, then do the same thing for the Remote Registry Service.

I see you're using Trend as your antivirus. Do you use a firewall? Sygate Pro is very good and one of us can hook you up with that if you want to give it a go.

Finally, I would recommend doing this to get your PC nice and cleaned up: -

1. Download and install CCleaner from HERE. Install it and hit "Run Cleaner" bottom right. Simple as that. It's a good idea to reboot once it's done.

2. Download RegSeeker from HERE. Run it and make sure the box in the bottom left corner to backup before deletion is checked. Click "Clean The Registry" in the menu on the left hand side. Make sure all the boxes on the next screen are checked (one won't be), then hit "OK!". Once the scan is complete, hit "Select All" at the bottom of the screen - all the items should turn yellow. Right click any one of them on the list and choose "Delete selected items". Then exit the program. At this point you definitely must reboot.

3. Finally, download NTREGOPT from HERE. Run it and hit "OK" to scan your registry. It only takes a minute or two and then a prompt will appear telling you to reboot. Once the PC has rebooted, your clean compacted registry will replace the old bloated one and you should be good to go.

Repeat steps 1-3 above every so often and your PC should stay on top form. Any cookies will be lost when you run CCleaner (this can be changed in the options) so you'll need to log into any sites that require passwords again.

Let me know how you get on.

pauly · May 7, 2005

man...props to both of you for helping- I'm still at work tho(on a different comp), but will follow those orders as soon as I'm back at the crib-

I'll keep ya posted- Thanks again!

ps- steve I know I owe you a favor from way back before the board went down/got upgraded- I'll be on that as soon as the pc issue is resolved- if you didn't get sick of waiting and get it(mp3) from someone else

Steve · May 7, 2005

No problem Pauly. I already got hooked up elsewhere, but thanks anyway mate.

pauly · May 8, 2005

okay..finished that...and though I notice a difference in the bootup and operation....I'm still having the same problem.

I tried dumping video again in at min rate of 300 kb/s and its still coming in choppy..even audio by itself...they both appear to dump in fine but when I go to play either back the files are choppy.

and I still have the System Idle Process at 99% while nothing is running...I checked it while i was dumping video and the capture program was at 43% while the SIP was at 56% so the cpu seems to be too bogged down while I'm doing anything thereby causing the fragmented dumps.

hmmmmm.....

I'll have to look into this further...let me know if you think of anything else....that cleanup routine is pretty good.

to answer your other ?, Actually I'm not running a firewall outside of what came with the comcast cable modem- I keep trend running and the new microsoft antispyware beta program. thanks for the help .

Steve · May 8, 2005

System Idle Process being high is a good thing - that's the percentage of the system not being used. SIP = 100% - All the other processes running, so when it's at 99, it means only 1% of your CPU is being used at that moment in time. Here's a screenshot of Task Manager on my machine right now and as you can see, the SIP is at 96%: -

pauly · May 9, 2005

ok ..well then...along with feeling stupid I'm gonna have to see whats up with these programs I'm using- cakewalk pyro for audio stuff and pinacle studio for video dumps and edits- nothing spectacular but the stuff should work.

no Audio card on this pc- just one to dump video that came with the pinnacle software-pci card.

But atleast that relieves the worry of a more serious hardware issue-thanks again steve!

Steve · May 9, 2005

It's an easy mistake to make - you're not the first mate.

Perhaps an uninstall and reinstall of the software is worth a go?

May 9, 2005

Pauly, what hardware is in that PC? CPU, RAM, etc...

pauly · May 9, 2005

Intel pentium III 1.0 GHz with about 1.2G of RAM - standard 20G and 120G Quantum hard drives- not sure on the speed- 5400 rpm maybe- getting old I suppose but it should still be able to cut it for a while.

pc tech ?

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest Deeswift

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest Deeswift

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest Deeswift

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest Deeswift

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation