TechSpot

Drivers

By elredon
Feb 13, 2006
Topic Status:
Not open for further replies.
  1. Well.... not sure if this is the right plcae, but have been reading the borad and people here seems very informed and plesant.


    I have a few bugs with winxp home sp2. Basically it happens when I boot, the hd runs and runs and runs. Take a few minutes to get past the shut down and several to load up. I have found one message that seems to keep popping up in Event:

    "Event Type:Warning Event Source:Userenv Event Category:None Event ID: 1517 User: NT AUTHORITY\SYSTEM
    Windows saved user my computer registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account."


    I did a search and found "User Profile Hive Cleanup Service"

    That didn't seem to help the problem.

    Not sure if it's a corrupt driver or somehting else. So I am looking for a few suggestions and tips.


    FYI I just did a full recovery and installed sp2 off the disk and did all the xp sp2 updates and OEM updates.


    Thank you for your time.
  2. N3051M

    N3051M TS Rookie Posts: 2,800

    scan the four baddies: virus, mal/spy/adware
    goto task manager and see what processes you have running and whats runnign when you shut down
    disable norton antivirus/systemworks/i.net sec.
    update all drivers and such

    if its still hapening, goto msconfing (start>run) and goto startup and see whats what, google if unknown.. eliminate each processes untill you find the culprit
    post back results
  3. elredon

    elredon TS Rookie Topic Starter

    "scan the four baddies: virus, mal/spy/adware"

    Did that all clean.


    "goto task manager and see what processes you have running and whats runnign when you shut down"

    How do I tell what's running when I shut down?




    "disable norton antivirus/systemworks/i.net sec."

    I am norton free!


    "update all drivers and such"

    I have updated what ever I could. Most companies say see the manufacturer, the manufacturer has not responded, went to their site and updated what I could.



    "if its still hapening, goto msconfing (start>run) and goto startup and see whats what, google if unknown.. eliminate each processes untill you find the culprit post back results"

    startup:
    apoint.exe - atimdxx - atiptaxx - ICO - ezSP_Px - Partseal - carpserv - avgnt -jusched


    Here's my boot log:

    Service Pack 2 2 15 2006 13:13:56.500
    Loaded driver \WINDOWS\system32\ntoskrnl.exe
    Loaded driver \WINDOWS\system32\hal.dll
    Loaded driver \WINDOWS\system32\KDCOM.DLL
    Loaded driver \WINDOWS\system32\BOOTVID.dll
    Loaded driver ACPI.sys
    Loaded driver \WINDOWS\System32\DRIVERS\WMILIB.SYS
    Loaded driver pci.sys
    Loaded driver isapnp.sys
    Loaded driver ohci1394.sys
    Loaded driver \WINDOWS\System32\DRIVERS\1394BUS.SYS
    Loaded driver compbatt.sys
    Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS
    Loaded driver aliide.sys
    Loaded driver \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    Loaded driver pcmcia.sys
    Loaded driver MountMgr.sys
    Loaded driver ftdisk.sys
    Loaded driver ACPIEC.sys
    Loaded driver \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
    Loaded driver PartMgr.sys
    Loaded driver VolSnap.sys
    Loaded driver atapi.sys
    Loaded driver disk.sys
    Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    Loaded driver fltmgr.sys
    Loaded driver sr.sys
    Loaded driver PxHelp20.sys
    Loaded driver avgntmgr.sys
    Loaded driver KSecDD.sys
    Loaded driver Ntfs.sys
    Loaded driver NDIS.sys
    Loaded driver Mup.sys
    Loaded driver atisgkaf.sys
    Loaded driver \SystemRoot\System32\DRIVERS\intelppm.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ati2mtag.sys
    Loaded driver \SystemRoot\System32\DRIVERS\HSFHWALI.sys
    Loaded driver \SystemRoot\System32\DRIVERS\HSF_DP.sys
    Loaded driver \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
    Loaded driver \SystemRoot\System32\Drivers\Modem.SYS
    Loaded driver \SystemRoot\system32\drivers\smwdm.sys
    Loaded driver \SystemRoot\system32\drivers\aeaudio.sys
    Loaded driver \SystemRoot\System32\DRIVERS\i8042prt.sys
    Loaded driver \SystemRoot\System32\DRIVERS\Apfiltr.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mouclass.sys
    Loaded driver \SystemRoot\System32\DRIVERS\kbdclass.sys
    Loaded driver \SystemRoot\System32\DRIVERS\parport.sys
    Loaded driver \SystemRoot\System32\Drivers\SonyNC.sys
    Loaded driver \SystemRoot\System32\DRIVERS\SonyWBMS.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\nic1394.sys
    Loaded driver \SystemRoot\System32\DRIVERS\usbuhci.sys
    Loaded driver \SystemRoot\System32\DRIVERS\usbehci.sys
    Loaded driver \SystemRoot\System32\DRIVERS\imapi.sys
    Loaded driver \SystemRoot\System32\DRIVERS\cdrom.sys
    Loaded driver \SystemRoot\System32\DRIVERS\redbook.sys
    Loaded driver \SystemRoot\System32\DRIVERS\R8139n51.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\CmBatt.sys
    Loaded driver \SystemRoot\System32\DRIVERS\audstub.sys
    Loaded driver \SystemRoot\System32\DRIVERS\rasl2tp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ndistapi.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ndiswan.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspppoe.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspptp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\msgpc.sys
    Loaded driver \SystemRoot\System32\DRIVERS\psched.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ptilink.sys
    Loaded driver \SystemRoot\System32\DRIVERS\raspti.sys
    Loaded driver \SystemRoot\System32\DRIVERS\termdd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\swenum.sys
    Loaded driver \SystemRoot\System32\DRIVERS\update.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mssmbios.sys
    Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\usbhub.sys
    Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS
    Did not load driver \SystemRoot\System32\Drivers\Fdc.SYS
    Did not load driver \SystemRoot\System32\Drivers\Flpydisk.SYS
    Did not load driver \SystemRoot\System32\Drivers\i2omgmt.SYS
    Did not load driver \SystemRoot\System32\Drivers\Changer.SYS
    Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS
    Loaded driver \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys
    Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS
    Loaded driver \SystemRoot\System32\Drivers\Null.SYS
    Loaded driver \SystemRoot\System32\Drivers\Beep.SYS
    Did not load driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\System32\drivers\vga.sys
    Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys
    Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS
    Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\rasacd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ipsec.sys
    Loaded driver \SystemRoot\System32\DRIVERS\tcpip.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbt.sys
    Loaded driver \SystemRoot\System32\DRIVERS\ipnat.sys
    Loaded driver \SystemRoot\System32\DRIVERS\wanarp.sys
    Loaded driver \SystemRoot\System32\drivers\afd.sys
    Loaded driver \SystemRoot\System32\DRIVERS\arp1394.sys
    Loaded driver \SystemRoot\System32\DRIVERS\netbios.sys
    Did not load driver \SystemRoot\System32\DRIVERS\processr.sys
    Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\rdbss.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\System32\Drivers\Fips.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\DMICall.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\hidusb.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mouhid.sys
    Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\ndisuio.sys
    Did not load driver \SystemRoot\System32\DRIVERS\rdbss.sys
    Did not load driver \SystemRoot\System32\DRIVERS\mrxsmb.sys
    Loaded driver \SystemRoot\system32\drivers\wdmaud.sys
    Loaded driver \SystemRoot\system32\drivers\sysaudio.sys
    Loaded driver \SystemRoot\system32\drivers\splitter.sys
    Loaded driver \SystemRoot\system32\drivers\aec.sys
    Loaded driver \SystemRoot\system32\drivers\swmidi.sys
    Loaded driver \SystemRoot\system32\drivers\DMusic.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Loaded driver \SystemRoot\system32\drivers\drmkaud.sys
    Loaded driver \SystemRoot\System32\DRIVERS\mrxdav.sys
    Loaded driver \SystemRoot\System32\Drivers\ParVdm.SYS
    Did not load driver \SystemRoot\System32\Drivers\Serial.SYS
    Loaded driver \SystemRoot\System32\DRIVERS\mdmxsdk.sys
    Loaded driver \SystemRoot\System32\DRIVERS\strmdisp.sys
    Loaded driver \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
    Loaded driver \SystemRoot\System32\DRIVERS\srv.sys
    Did not load driver \SystemRoot\System32\DRIVERS\ipnat.sys
    Loaded driver \SystemRoot\System32\Drivers\HTTP.sys
    Loaded driver \SystemRoot\system32\DRIVERS\usbccgp.sys
    Loaded driver \SystemRoot\system32\DRIVERS\kbdhid.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Did not load driver \??\C:\WINDOWS\system32\Drivers\REGSYS701.SYS
    Loaded driver \??\C:\WINDOWS\system32\Drivers\REGSYS701.SYS
    Loaded driver \??\C:\Special\aida32\aida32.sys
    Loaded driver \??\C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
    Loaded driver \SystemRoot\system32\drivers\kmixer.sys
  4. elredon

    elredon TS Rookie Topic Starter

    Here's my hyjackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 1:36:38 PM, on 2/15/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\system32\ICO.EXE
    C:\WINDOWS\System32\ezSP_Px.exe
    C:\Program Files\Sony\HotKey Utility\HKserv.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\Program Files\Sony\HotKey Utility\HKWnd.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Special\procexp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Special\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
    O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
    O4 - HKLM\..\Run: [VAIO Recovery] C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139978809609
    O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe





    Hope that helps thanks for your time :)
  5. N3051M

    N3051M TS Rookie Posts: 2,800

    your HJT log looks alright from my POV..

    run: chkdsk /f and defrag your drive, also defrag.
    run msconfig, goto diagnostic startup and reboot.
    if the problem goes then enable each catagory and reboot, (may be time consuming) untill you find which catagory causing it, and then disable services untill you find it...

    through a bit of research, that thing is harmless but we'll try to get rid of it.
    question 1. do you by any chance have ms anti-spyware installed?
    question 2. did you recently delete a profile on the machine?

    thats all i can think off at the moment
    cheers
  6. elredon

    elredon TS Rookie Topic Starter

    "run: chkdsk /f and defrag your drive, also defrag."


    Did that it worked out fine.


    "run msconfig, goto diagnostic startup and reboot. if the problem goes then enable each catagory and reboot, (may be time consuming) untill you find which catagory causing it, and then disable services untill you find it..."

    I will give this a go


    "through a bit of research, that thing is harmless but we'll try to get rid of it.
    question 1. do you by any chance have ms anti-spyware installed?"


    I ran their program then uninstalled it.


    "question 2. did you recently delete a profile on the machine?"

    No, but I changed the name in user profiles.


    Here's something else I found:

    The following handles in user profile hive (...) have been remapped because they were preventing the profile from unloading successfully:
    svchost.exe (788)
    HKCU (0x338)

    Mean anything?


    Also I called the makers, cause of the warrenty, they couldn't help with the software, but they think I might have an issues with the fan, they are going to look into that next week.

    Thanks again :)
  7. N3051M

    N3051M TS Rookie Posts: 2,800

    after a bit more reading..
    -check your memory (ram) usage?
    -try without any ethernet connection active (unplugged)
    -try running a registry cleaner?

    give this a try.. i realy dont know what will happen but what does happen someone here can figure out.. i guess a log file could help out..
    UPHClean readme.txt:
    btw.. can i get the event id for that?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.