# HELP PLEASE CPU 100% services.exe



## rlsoultz (Nov 4, 2004)

Recently my WinXP home computer began running very slow.
I noticed that it appeared to be lunging, so I started Task Manager and observed the CPU Usage alternating between 0 - 100%.

I have also had problems with the computer suddenly rebooting especially, when I was using various security related programs.
These programs included:

1. SuperAntiSpyWare when scanning would get so far into the 'Files' scan, but after the memory and registry were scanned. I had to boot in safe mode to eventually get the program to scan without causing a reboot.

2. MSConfig.exe when I would attempt to stop the event logging service.

The CPU Usage is very low when I boot in Safe Mode and it doesn't reboot itself.

The task that drives the usage up is services.exe.

I downloaded Process Explorer to try to determine what was happening, and it also shows that Services.Exe is the process which drives the CPU usage up in a cyclic pattern. The processes that services.exe are responsible for appear to be Event Logger and Plug N Play. I cannot access the event logs thru Event Viewer.

When I click on the services.exe process and look at the properties, the TCP/IP tab shows multiple TCP/IP Addresses that i do not recognize, starting and stopping.

I have SBC DSL and a 2Wire DSL Wireless Router/Modem. This router is connected to the desktop via a CAT-5 cable, and my laptop connects via wireless. I have 32bit WEP security enabled and only allow my laptop to connect to this LAN.

At the same time that I noticed the increased CPU usage, I also noticed that the trayicon for the 2Wire HomeNetwork Portal had turned gray and shows a status of network 'down'. Yet, I can connect to the Internet, albeit very slowly due to the CPU usage.

At this point I do not know if I have a virus or trojan, or if someone is accessing my wireless router, or if I have a hardware problem.

Any guidance or suggestions would be greatly appreciated.

I have posted the HiJackThis Log file, the Un-Install List and the SuperAntiSpyware Scan Log, in hopes that someone can help me.

Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:44:33 PM, on 7/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Yahoo!\Antivirus\ISafe.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\RunDll32.exe
F:\Program Files\2Wire\2PortalMon.exe
F:\WINDOWS\system32\wscntfy.exe
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Program Files\Trend Micro\HijackThis\fred.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [2wSysTray] F:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3B4B24-78F0-413A-857F-4059239579B4}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8C87EB-4A91-4388-8AD6-0F451EE2F04A}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{AABBF634-64CC-42EB-B449-6F6A518C014B}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69E7D68-4F0A-437E-89EC-F74F221F4758}: NameServer = 202.171.32.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CS3\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE

--

UNINSTALL_LIST.TXT

Adobe Flash Player 9
Adobe PhotoDeluxe 2.0
Adobe Reader 8
Adobe® Photoshop® Album Starter Edition 3.0
AT&T Yahoo! Applications
Canon PIXMA iP4000
Canon Utilities Easy-PhotoPrint
C-Media 3D Audio
HijackThis 2.0.2
Hollywood FX Pack 26 - Extra FX
InterVideo WinDVD Creator 2
Java(TM) SE Runtime Environment 6 Update 1
Microsoft Office 2000 Professional
Pinnacle Hollywood FX 4.6
Plextor ConvertX AV100U A/V Capture Device Driver
QuickTime
Reader Rabbit Preschool(R) Sparkle Star Rescue!(TM)
Reader Rabbit Thinking Adventures Ages 4-6
SBC Yahoo! DSL Home Networking Installer
Sonic RecordNow!
Sonic Update Manager
Street Atlas USA 4.0
Studio 8
SUPERAntiSpyware Free Edition
Update for Windows XP (KB931836)
VideoLAN VLC media player 0.8.6b

-----

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2007 at 00:27 AM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:39:33

Memory items scanned : 258
Memory threats detected : 0
Registry items scanned : 4781
Registry threats detected : 0
File items scanned : 37827
File threats detected : 1

Adware.Tracking Cookie
F:\Documents and Settings\[MYNAME]\Cookies\[MYNAME]@doubleclick[1].txt
-----


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com

*Close all applications and browser windows before you click "fix checked".*

Does this belong to your ISP? NameServer = 202.171.32.38


----------



## rlsoultz (Nov 4, 2004)

Thanks CyberTech, i clicked the items that you specified and the had HT fix them.
Rebooted, but still cyclical 100% usage.

I do not recognize the IP address: 202.171.32.38 shown in the O17 NameServer= entries that you asked about, so I did a search on that addy and found:

i1dns.i-sentrix.com in Skudai, Malaysia

I also have some other new information:

When I look at the properties for the Services.Exe in Process Explorer, the TCP/IP tab shows numerous addresses that I dont' recognise, and many that would pop into, then out of the list. Following are a few of the adrresses:

*.s8a1.psmtp.com:smtp
*.s8b2.psmtp.com:smtp
156.122.50.72:smtp
198.63.51.36:smtp
202.43.219.195:smtp
208.101.3.58-statis.reverse.softlayer.com
208.65.144.12:smtp
209.205.173.54:smtp
216.39.51.1:smtp
bay0.mc6-f.bay0.hotmail.com:smtp
bay0-mc12-f.bay0.hotmail.com:smtp
dsl092-180-020.sfo1.dsl.speakeasy.net
eforwardct.name-services.com:smtp
h8.prohosting.com.ua:smtp
host-69-59-82-245
Il-234.39.109.212.sovam.net.ua:smtp
m15-136.126.com:smtp
mail.global.frontbrid
mail.netins.com:smtp
mail.sulanet.net:smtp
mail1.corpmaisvcs.com:smtp
marsupilami.mailclub.fr:smtp
mary.csd.plymouth.ac.uk:smtp
md.mx.aol.com:smtp
mercury.toad.net:smtp
mta12.grp.scd.yahoo.com:smtp
mta142.mail.in2.yah
mta147.mail.in2.yah
mta3.vsnl.net:smtp
mta-v12.mail.vip.re4.yahoo.com:smtp
mta-v13.mail.vip.re4.yahoo.com:smtp
mta-v2.mail.vip.re3
mta-v7.mail.vip.mud.yahoo.com:smtp
mta-v8.mail.vip.mud.yahoo.com:smtp
mx.pochta.ru:smtp
mx0.rrv.net:smtp
mx01.perfora.net:smtp
mx1.hotmail.com:smtp
mx4.hotmail.com:smtp
mx6.business.minds
p3presmtp01-v01.p
server.fwahost.com:smtp
wa-in-f114.google.c

I do not fully understand what the TCP/IP tab of the services.exe properties window is showing me, but it looks like a bunch of email servers. I have an SBC DSL connection and use the Yahoo email exclusively. I do have 3 grown children that also have sub-accounts on my primary sbcglobal.net account, and as such have their own email addresses.

This list and the O17 NameServer entries of has me concerned. Can my connection be being used by others for email or other things?

------------

My DSL router is a 2Wire 1000HW and since this problem began, the tray icon for the 2Wire Home Portal has been gray. When I click it, it shows that the Network is down, even though it is not.

I called 2Wire tech support and they told me to disable the Tray Icon from starting and to just use the dedicated IP address for accessing my settings. I did this to make sure that the Firewall was still enabled, it was.

Then I just left the computer running and a message box popped up that stated that Microsoft Windows had encountered an error and could not continue. I selected for it to send the report to Microsoft, which it did. Then I was redirected to a Microsoft Help screen that stated that the reported error indicated that there was a problem with either a Hardware or Software service that was being loaded. It suggested that I restart in safe mode and utilize devmgmt.msc to begin a process of excluding half of the drivers to see if I could locate the problem hardware driver. It further recommended to do the same thing with services in msconfig if the hardware driver location procedure didn't locate the offensive service.

When I attempt to run the devmgmt.msc on this computer, the device list is blank. If I access the device list thru control panel/system/hardware manager, it shows my hardware devices.

At this point I don't know if I am looking at a hardware or software problem, driver problem, security problem, or coincidental anomalies. I have run anti-virus and spyware programs and they come up clean.

Every time I attempt to open File Explorer, It opens without listing any drives in the left pane, then a flashlight appears in the right pane and after approx. 1 minute the drives are listed. I right clicked on my system drive and the driver details are blank. I installed this IDE drive approx. 4-5 months ago and it has been working great.

It has me stumped.


----------



## cybertech (Apr 16, 2002)

*Run HJT again and put a check in the following:*

O17 - HKLM\System\CCS\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A3B4B24-78F0-413A-857F-4059239579B4}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D8C87EB-4A91-4388-8AD6-0F451EE2F04A}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{AABBF634-64CC-42EB-B449-6F6A518C014B}: NameServer = 202.171.32.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{E69E7D68-4F0A-437E-89EC-F74F221F4758}: NameServer = 202.171.32.38
O17 - HKLM\System\CS1\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CS2\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38
O17 - HKLM\System\CS3\Services\Tcpip\..\{16AEF566-A274-4F1F-9A78-96344CDB1436}: NameServer = 202.171.32.38

*Close all applications and browser windows before you click "fix checked".*

Go to Control Panel. - If you are using Windows XP's Category View, select the Network and Internet Connections category. If you are in Classic View, go to the next step .

*CAUTION!: It is possible that your Internet Service Provider requires specific settings here. Make sure you know if you need specific DNS settings here or not before you proceed to make the following changes or you may lose your internet connection. If you are sure you do not need a specific DNS address here, you may proceed.*


Double-click the *Network Connections* icon
Right-click the *Local Area Connection icon* and select *Properties*.
Hilight *Internet Protocol (TCP/IP)* and click the *Properties* button.
Be sure *Obtain DNS server address automatically* is selected. 
*OK* your way out.

Go to Start > Run and type in *cmd*

Click OK.
This will open a command prompt.
Type the following line in the command window:

*ipconfig /flushdns*

Hit Enter
Exit the command window

Now restart your machine.

Post your log again and let me know if that helps.


----------



## rlsoultz (Nov 4, 2004)

I checked the above O17 items in HJT and then 'fixed' them.

Checked Local Area Network Connection's TCP/IP Properties and 'Obtain DNS server address automatically' was already selected. I clicked OK anyhow.

Started Run/Cmd/ipconfig /flushdns and received the message:

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

Rebooted the PC into Safe Mode and reattempted flushdns. Did not work because networking not started.

Rebooted the PC into Safe Mode with Netwroking and reattempted flushdns. Received same message:

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

I have attached my ProcessExplorer file for the services.exe, and posted the latest HJT log below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:55 PM, on 7/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Yahoo!\Antivirus\ISafe.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
F:\WINDOWS\system32\wscntfy.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
F:\Program Files\Trend Micro\HijackThis\fred.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - F:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [YOP] F:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKCU\..\Run: [AnyDVD] F:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = F:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {25365FF3-2746-4230-9DA7-163CCA318309} (Automatic Driver Installation Control) - http://inst.c-wss.com/n024p/EN/install/gtdownlr.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - F:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - F:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - F:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 4253 bytes


----------



## cybertech (Apr 16, 2002)

Looks fine. Is everything ok now?


----------



## rlsoultz (Nov 4, 2004)

No, not yet Cybertech. The cpu usage still continues to spike every 5-10 seconds, and the computer will eventually reboot. The devmgmt.msc still does not display devices, and the File Explorer still comes up blank and then displays the searching flashlight cursor, and eventually displays the drives and contents. The cpu usage does not spike, and the computer does not reboot while in Safe Mode. However the File Explorer and devmgmt.msc act the same.

After coming back up from one of the reboots, I had a message stating that the computer had experienced an unrecoverable error. It asked if I wanted to send a report to Microsoft.The details from Microsoft indicated that either a hardware or software service had caused the reboot. This would explain why it doesn't occur in safe mode. I will try their recommendation on disabling half of the drivers. If the problem still exists, then reenable those drivers and disable the other half. If this prevents the problem, then spilt that half in half, and keep repeating until the defective driver is located. The then recommended that if testing the drivers did not fix it, to perform the same procedure on all non essential services. What would be helpful is to know which drivers and services are being loaded in Safe Mode, as these are obviously not the culprits.

If none of this works, then I will perform a data only backup of the hard drive and reformat and reinstall windoze.

If that does not work, then I have to look to defective hardware, motherboard northbridge, southbridge, ram, etc., or defective hard drive.


----------



## cybertech (Apr 16, 2002)

OK, good luck!


----------

