Big problem... help.

Discussion in 'Windows Desktop Systems' started by st4rk, Sep 11, 2006.

  1. st4rk

    st4rk OSNN Addict

    The computer i am working on is basically crashing after a few minutes of use, when i look in processes it shows that after a while the cpu usage starts going from around zero up to 80-90 in peaks that repeat until the computer is totally unusable. I have removed any programs that i have recently installed that could be causing this and and i shut down most user processes to make sure that there is nothing that could be causing it running.

    It started 5 or 6 days ago when i couldn't find another way to uninstall norton av because the uninstaller had been removed somehow by the comp owner who had obviously tried to remove it previously in a very odd fashion, i then used a norton removal tool to get rid of the msi and installed another anti virus program which once installed picked up two viruses, but never completed a full scan. This problem first occured while running an av program that was searching the system volume infrmation/ system restore folder, there seemed to be a huge delay on one file but it did not pick it up as a virus. I am not sure whetjer this is a trojan of some sort causing this problem. I have tried everything i can think of to fix this problem the event reporter shows that the is alot of activety in the sytem volume information/cataloge.wci and the process NMSSvc continually stops and has errors, there are also bits of the system that when you try and access them like the user options in control panel and the system restore function that just appear blank when you run them.

    I was also wondering if there was any external program that can be installed that reads your system restore points and is able to restore to an earlier time.

    And i also just noticed an error on the harddisk was detected during a paging operation.

    Does anyone have any idea what could be causing this? I was wonder

    any help would be greatly appreciated.
    Last edited: Sep 12, 2006
  2. Gus K

    Gus K NTFS abuser

  3. st4rk

    st4rk OSNN Addict

    Thanks for your advice gus k, it is such an annoying prodlem that i have to go ahead and reformat and reinstall windows however i have run into another small problem, when booting into the windows install cd it asks you to accept by pressing F8 but the function keys seem not to be switched on at this point how do i turn this on?
  4. Mastershakes

    Mastershakes Moderator

  5. st4rk

    st4rk OSNN Addict


    Logfile of HijackThis v1.99.1
    Scan saved at 11:27:33 μμ, on 12/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Logitech\MouseWare\System\Em_exec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Pan. Vellianitis\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Smapp] "C:\Program Files\Analog Devices\SoundMAX\Smtray.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
    O4 - HKCU\..\Run: [CPQHotkeys] hotkeysvc.exe
    O4 - HKCU\..\Run: [CTHelper] cthelper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
    O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF:(Windows Genuine Advantage Validation Tool) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{697B8D77-2064-4448-806E-AE6B6CD75A84}: NameServer =
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

    After turning off system restore the computer seems to be running alot better so i'm guessing there was a corrupt file in the system restore cataloge. There are still alot of things wrong so i may still do the reformat.
    Last edited: Sep 13, 2006