I posted this query in the Windows section a few days ago, but have transferred it here as advised by Sylvander.

Original link: http://www.pcguide.com/vb/showthread.php?t=46862

My Win 98SE PC) has developed a strange anomaly where something is activating every four or so seconds, whereby the hourglass pops up for about 4 seconds duration, then goes back to the normal pointer for 4 seconds. The mystery is what aplication is causing it and why.

It does not causes any error messages etc whatsoever, just the distraction of seeing the pointer changing back and forth. It isn't consistant however, sometimes it does it and sometimes it doesn't.

I have done scans with AVG Anti-Virus, AdAware, Spybot, and Spyware Begone - the latter detected two spies plus a Browser hijacker, but their removal it hasn't made any difference.

The program WinTop shows that MSGSRV32.exe is causing CPU usage to fluctuate between approx 8-87% every 4 seconds.

"msgsrv32.exe is a process which is initiated by Microsoft Windows 9x and ME only. It acts as a 32 bit message server and will never appear in the Windows task list unless there is a problem with it. At any other time it should be left enabled."

Here is my Highjack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:07, on 22/05/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\CPAL\CPBRWTCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HARD DISK SENTINEL\HDSENTINEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIGHJACK THIS\HIJACKTHIS V1.99.1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PopupRemover Class - {3D2C1DA4-BCD3-4317-9548-2E08BD222FF0} - C:\PROGRA~1\POPUPR~1\POPUPS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Cookie Pal] "C:\PROGRAM FILES\CPAL\CPBrWtch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Hard Disk Sentinel] C:\PROGRAM FILES\HARD DISK SENTINEL\HDSENTINEL.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab

There is no evidence of malware in your log... However, it is possible that this program is running intermittantly... I suggest turning it off and see if you still have the problem... If it doesn't have an option to turn it off, you may need to uninstall it...

O4 - HKLM\..\Run: [Hard Disk Sentinel] C:\PROGRAM FILES\HARD DISK SENTINEL\HDSENTINEL.EXE

Also, the program you are having problems with can be infested by a couple of trojans... It would be a good idea to run an online virus scan or two to see if they pick anything up... You can use the ones in my links... Post back on what you find out...

I did a Housecall scan on the whole PC but it came out clean. At the time of writing MSGSRV32.exe is showing zero CPU activity. Maybe it's nothing to worry about but, as you can imagine, you want to know WHY it's doing it!

The only other options that you might try would be to run a trojan scan, probably either TrojanHunter's trial version or the A-squared free version....

Thanks for the suggestions. I downloaded and ran scans with both a-Squared and TrojanHunter. See these links to view the results:

a-Squared report:
http://i35.photobucket.com/albums/d152/ISO1/a-SquaredReport.jpg

TrojanHunter report:
http://i35.photobucket.com/albums/d152/ISO1/TrojanHunterReport.jpg

The exectutable file 'tlmes_mod32_b6' reported by TrojanHunter was 'created' on my PC in 2002. I couldn't find out anything specific on Google about it, but will leave it where it is for the time being. I removed the Registry entries that a-Squared found.

If there is something in those reports that you think I need to see, please post them here.... I do not like going elsewhere to read or download logs...

If those scans were clean, it seems likely that you don't have one of the trojans that it could be since the trojans are known and would be seen in the scans... We could try rootkit scans, but I am not sure that any of them work in Win9x...

Here are the findings from TrojanHunter & a-Squared:

TrojanHunter:
Infile scan: No suspicious entries found
Registry Scan: No suspicious entries found
Port Scan: No suspicious entries found
Memory Scan: No suspicious entries found
File scan:
Found possible trojan file: C:\WINDOWS\SYSTEM\tlmes_mod32_b6.exe (Suspicious: ASPack-packed file in Windows System folder)
--------------------------------------------------
a-Squared:
Infected Files: 4

Filename.
HKEY_CLASSES_ROOT\clsid\{a49d3912-4211-11d4-b85f-00b0d040070e}
Diagnosis: Trace.Registry.keylogger.wintective

Filename.
HKEY_CLASSES_ROOT\interface\{a49d3912-4211-11d4-b85f-00b0d040070e}
Diagnosis: Trace.Registry.keylogger.wintective

Filename.
HKEY_CLASSES_ROOT\interface\{a49d3912-4211-11d4-b85f-00b0d040070e}
Diagnosis: Trace.Registry.keylogger.wintective

Filename.
HKEY_CLASSES_ROOT\typelib\{a49d3905-4211-11d4-b85f-00b0d040070e}
Diagnosis: Trace.Registry.keylogger.wintective

These entries are listed by Symantec as a spyware called 'PC Police'.

"PC Police is spyware that logs keystrokes, files looked at, applications used, and chats on either MSN, Yahoo, ICQ or AOL. This information can then be transmitted to a remote user."

This fits in with the description of MSGSRV32.exe (above). As I don't appear to have any of the .exe files etc associated with it, hopefully it was never a serious threat. But definately not an application that anyone would wish on their PC!

Which leaves the 'tlmes_mod32_b6.exe' file. I scanned it with AVG Ani-Virus, then clicked on it (I know - I shouldn't really have done). Nothing happened but, about 15 seconds later, Zone Alarm alerted that the file was trying to access the internet.

I tried to initiate a Symantec Anti-virus/Trojan scan. I've done it in the past, but this time I cannot download the ActiveX file. I've set every ActiveX and Scripting setting in I.E. to 'Enable' but Symantic says otherwise.

If you have a keylogger, it would be a good idea to contact any bank or other financial institution that you might have used on the computer to change passwords and account numbers... DO NOT use them again on the computer until you know for sure that it is clean... Keyloggers are being used to clean you out financially -- to steal everything you have, so please take this seriously....

For this file:

tlmes_mod32_b6.exe

I would submit it here:

Please go to Jotti's malware scan at http://virusscan.jotti.org/ and upload the file for scanning and post the results here.

and then rename it to have an "old" ending rather than "exe" so it will not run....

I uploaded tlmes_mod32_b6.exe to VirusScan and they all reported it as clean.

If you do a seach on Google for this file, it comes up with just one reference:

http://forums.jolt.co.uk/showthread.php?t=272870

It's a Games forum and, as you can imagine, the language leaves a lot to be desired!

The size of this file is only 28Kb. In Properties, the Product Name is mod_b6, but apart from that I've been unable to find out anything else about it. I even viewed it in NotePad, but no clues there. Is there a way of getting inside an executable file to find out what it does?

Send it to me...I've been known to take them apart in the past.

Did you rename it?? If not, I would do that right after zipping it up and sending it to mjc... If something breaks, you will know it is needed... If nothing breaks, you can eventually delete it...

OK I've re-named my original. But I cannot see any way of attaching the file.

Under 'Additional Options', I have 'Miscellaneous Options', then 'Attach Files'. The button says ' Manage Attachments', but I cannot add anything.

The intermittant activity of the mouse pointer has ceased completely I'm pleased to say. Obviously caused by those 4 registry entries. Symantec lists a lot of other items (which I don't have) which make up this keylogger, so maybe it was (hopefully) never a problem.

If you click on mjc's name, there is an option to send him an email... Use that to send him the file...

Nope - I tried both 'Email' and 'Private Message' but couldn't find any way of attaching anything.

On the normal 'Add Reply' page there's a small icon that says 'Insert Image', but an 'Explorer user prompt' box appears which says "Script prompt: enter the text to be formatted." (eh?)

Seems like I can't even add an Image. :confused:

How about doing it this way...

1. You upload your file to HERE (http://www.verzend.be/) and specify your own email address for the recipient.

2. When you receive the email from that site you post the link [to the file at the site] into an email or personal message to MJC.

3. When he gets your message he clicks on the link and downloads the file from the site. :D :cool:

Whoops; just got in before you MJC. :)

mike2002,

I sent you a PM with my email address...

mjc: I sent the file to you address - did you receive it?

Yeah, I got it...I have not had a chance to dissect before today, will let you know later.

To return to my original subject "MSGSRV32.exe active every four seconds"; this small program has started to affect my mouse pointer once again.

Getting fed up of it, I decided to delete it but, as it was "In use by Windows" I used the program Dos Delete to remove it at the next boot.

I made a backup copy before doing so, thinking that if Windows throws up any error messages I could replace the file back into Windows\System again.

'Bad move', as they say! Upon rebooting, after doing the usual system checks, I got the "It is now safe to switch off your computer" message (strange, I've not seen that for years) and the PC promptly shut down.

I rebooted again and was prompted to start in Safe Mode. I got as far as the merest glimpse of that familiar green screen before a 'Fatal error' screen. Oh dear, 'Up the creek without a paddle' as they say.

In DOS mode I got into the directory which contained the backup file, but it wasn't listed. In the end I did an over-the-top reinstall of Windows, which restored the the file once again and I was back in business.

The moral of this is, don't delete any System files unless you know exactly what they do. Even if they're only little ones (this one is less than 6Kb) it's no fun when you're PC won't boot as a result. ;)

You could have found it if you had issued the command attrib msgsrv*.* -h -s

That would have unhidden any/all files following that pattern.

"The moral of this is, don't delete any System files unless you know exactly what they do. Even if they're only little ones (this one is less than 6Kb) it's no fun when you're PC won't boot as a result"
To my mind, the moral of this story is...
1. Move ALL the data files off C: to make it "lean & mean".
2. Make an image backup of C: before you do anything that could have nasty consequences.
3. When nastiness ensues, just restore the image backup to get back to a working system.
EASY PEASY! :D :cool:

mjc: That would have unhidden any/all files following that pattern. It wasn't actually a 'hidden' file, and was placed in the root of a secondary HDD. Is there any reason why it didn't show up among the other files and directories?

It was 'hidden'...if it doesn't show in a DIR listing then it is 'hidden'...at least from a DOS viewpoint.

Can I 'resurrect' this thread again?

The thead deviated owing to the Virus and Trojan scans, but the original problem with the mouse pointer is still persisting and is driving me mad. It's really irritating when I'm trying to do things and the pointer keeps switching to an hourglass every few seconds.

If I close down my System Tray, it ceases immediately. Sometimes this can work for a time, or be be short-lived before it reappears again.

It's not just the annoyance factor; when I'm burning CDs I shut down all un-needed applications. But MSGSRV32.exe is still using up to 45% CPU time every few seconds. :(

Use the "Win98/ME Registry Tool" on the "Emergency Boot CD" [EBCD] 1st menu to scan your registry and fix any problems it finds.
I personally trust this to do no harm, only good.

Would be a good idea to [before doing the above] scan your file system using "Microsoft Scandisk" on the EBCD 2nd menu to find and fix any file system errors. Don't scan for faulty clusters unless you have a lot of time available.

If that doesn't produce a fix...
Within Windows...
Run Process Explorer (http://www.sysinternals.com/Utilities/ProcessExplorer.html) to see what's going on unseen.
That will probably show some process [MSGSRV32.exe?] repeatedly starting, using lots of %CPU time, then closing. [Have you done this already?]

Is MSGSRV32.exe the Windows file or a malicious version (http://www.pcreview.co.uk/startup/msgsrv32.exe.php) I wonder.

Sylvander: I downloaded EBCD file, extracted it, created the ISO image in the DOS screen, then burned it with Ashampoo (no problems - I've done lots of ISOs). The image is named 'EBCD061P'.

Well - there's just one problem, the disk isn't bootable. Despite resetting the BIOS from Floppy to CD, Windows just loads as normal.

I can't think what else to try. Any suggestions? :confused:

I wonder if there was an error in the method used?
No way should Windows have loaded if the CD-drive was set to boot and a disk was in there.
Use the production methods specified in the threads linked below...

1. How to make a free “Smart Boot Manager” floppy
http://www.pcguide.com/vb/showthread.php?t=41498
This makes it easier to boot a chosen drive [particularly the one holding the EBCD]. This would make certain that the PC is going to boot the CD in the CD-drive.
To use this, the FDD must be first in the BIOS boot list.

2. How to make a free EBCD bootable CD
http://www.pcguide.com/vb/showthread.php?t=41485
This has a number of useful utilities included including "Image" [for DOS, by Terabyte] & "File Manager".

Or else download this EBCD iso file that I used myself and I know works.
http://www.verzend.be/v/2105055/EBCD061P.ISO.html
It's available for download here untill Wed 13th Sept 2006.

I downloaded your ISO and burned it with MagicISO. It booted fine, then I tried my first disk, that worked as well!
Strange, maybe it took a couple of re-starts before the setting kicked in.

Reagarding the layout of the Boot Disk, if I went into menu One, I couldn't find a way of getting out of it to go to another menu. Anyway I did a Scandisk check and it reported an error in the tvDebug file in C:\Windows\Internet Logs.
Scandisk ALWAYS reports an error with this file - don't know why. Mine is 13MB (is it necessary and can it be deleted?).

As you advised, I did a Registry check; it 'repaired' C:\Windows\System.DAT.
After the 'Thank you' message, it went to the A:\ prompt. I typed in C:\ , then Win (to return to Windows) but it kept coming up as a 'Bad command'.

Process Explorer; yes it did show up MSGSRV32.exe (as does the WinTop program. It's strange that the MSGSRV32 activity does not always affect the mouse pointer. But here's some sample CPU % readings (this time without any mouse activity):

71-0-0-51-48-0-0-62-40-0-0-71-25-0-0-81-32-0-2-89-34-0-12-78-0-0-20-59-0-0-3059-0-0-44.

It's tempting to use the 'Kill Process' in Process Explorer. But I'm scared that something terrible will occur as a result. Look what happened when I deleted MSGSRV32.exe completely!

Here is what it does...

"MORE INFORMATION
Msgsrv32.exe is a program that runs invisibly on the Windows desktop and performs several background functions necessary for Windows operation. These functions include:
• Mediate Plug and Play messages among various parts of the operating system.
• Coordinate automatic responses to Setup programs. This includes checking whether a Setup program has improperly overwritten Windows files, and optionally restoring the Windows versions of those files.
• Display the initial logon dialog box if networking is enabled.
• Play the system startup and shutdown sounds.
• Load installable Windows drivers at startup and unload them at shutdown.
• Run the shell program (usually Explorer.exe) and re-run the shell if it fails to respond."

Digging through some old stuff, I've found something that may sound a bit odd...but...

How much stuff do you have in the My Documents folder?

If it is more than a hundred files or a number of large files, move them to somewhere else.

Also, some systems have had this trouble with ZA being the culprit...generally caused by massive log file. Or AVG (or other AV placing the scan logs in My Docs)...

"I went into menu One, I couldn't find a way of getting out of it to go to another menu"
Item 1 [on the 1st menu] takes you to the 2nd menu.
So you can either type 1, then "Enter", or else just hit "Enter" and the default [Item 1] is activated.
"Anyway I did a Scandisk check"
That's on the 2nd menu, so you must have managed to get there somehow.

"C:\Windows\Internet Logs"
The "Internet Logs" folder is used by the ZoneAlarm firewall program.
By-the-way, the contents of that folder will probably be taking up enormous amounts of space unless you have disabled the logging in the configuration settings.
Here are instructions for fixing that...
--------------------------------------------------------------------------
Deleting the contents of the “C:\Windows\Internet Logs” folder

1. Open the ZoneAlarm program, go to the OVERVIEW >> PREFERENCES tab, and make sure the Load At Startup box is UN-checked.

2. REBOOT - You should now have no ZoneAlarm processes running on your system.

3. Open the Internet Logs directory (in 95/98/ME this will be "c:\windows\internet logs", in NT and 2000 it will be c:\winnt\internet logs, in Windows XP it could be either of these folders). If you need to keep a copy of old alerts, copy the ZAlog.txt file to another location first - then delete ALL files in this folder.

4. Empty your Recycle Bin.

5. REBOOT

6. You will need to start ZoneAlarm manually. (Click Start, Programs, Zone Labs, ZoneAlarm). ZoneAlarm will start up again with a fresh database. Each program should ask for access again if the files were properly deleted.

7. Be sure to RE-check anything you unchecked earlier.

8. If you want to stop ZA making any further logs, then right-click on the ZA icon in the System Tray and click "Restore Zonealarm Control Center".
Now go to "Alerts and logs->Advanced->log archive setting" and untick "archive log text files daily", then ok that and shut down the control center.
--------------------------------------------------------------------------

"is it necessary and can it be deleted?"
See the above which procedure that deletes EVERYTHING in that folder.

"then Win (to return to Windows) but it kept coming up as a 'Bad command'"
Can't remember which command you should use...Perhaps "Ctrl+Alt+Del", but you can always just switch off the PC, then switch back on and take out the EBCD before it gets the chance to boot.

"It's tempting to use the 'Kill Process' in Process Explorer"
Don't do that. It's a mystery to me why this is happening, so I guess the search is still ongoing for an explanation. Here's hoping that deleting the contents of the "Internet Logs" folder will produce a fix.

My Documents: Size - 1.5MB, Files - 41, Folders (mostly empty) - 26.

Zone Alarm and AVG Logs; I either delete them manually, or let CCleaner do the job.

So far, no mouse pointer activity but, as it's an intermittant thing, I'll give it a few days and report again.

I move ALL the data files off C: [to a small 600MB D: partition] so as to keep C: as small as possible.
Here's how...
----------------------------------------------------------------------------
a. My Documents. [Use “TweakUI” to move their home]
b. E-mails for all identities. [use the email client to move their home]
c. Internet Explorer Favourites. [Use “TweakUI” to move their home]
d. Temporary Internet Files. [use the browser (Internet Explorer) to move them]
e. Re-home the Windows Address Book as shown here http://tinyurl.com/24q6l . Use the key “HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab FileName” to specify its new address. [Its normal home address [in Win98] is C:\WINDOWS\Application Data\Microsoft\Address Book\(the name you gave your PC).WAB]
----------------------------------------------------------------------------
I also moved my Firefox profile, but I don't have the details to hand.

One of the advantages of the above is that image backups are kept small, and when I restore an image of C: to make it "jump back" to a past software arrangement [to fix a software problem]...
All of my personal data files [that might change by the second], remain untouched and just as up-to-data as they were before the restore.

Hi Mike,
Did you every resolve your issue with the cursor changing to an hourglas every few seconds? I have the same problem.
Thanks,
John

I posted this query in the Windows section a few days ago, but have transferred it here as advised by Sylvander.

Original link: http://www.pcguide.com/vb/showthread.php?t=46862

My Win 98SE PC) has developed a strange anomaly where something is activating every four or so seconds, whereby the hourglass pops up for about 4 seconds duration, then goes back to the normal pointer for 4 seconds. The mystery is what aplication is causing it and why.

It does not causes any error messages etc whatsoever, just the distraction of seeing the pointer changing back and forth. It isn't consistant however, sometimes it does it and sometimes it doesn't.

I have done scans with AVG Anti-Virus, AdAware, Spybot, and Spyware Begone - the latter detected two spies plus a Browser hijacker, but their removal it hasn't made any difference.

The program WinTop shows that MSGSRV32.exe is causing CPU usage to fluctuate between approx 8-87% every 4 seconds.

"msgsrv32.exe is a process which is initiated by Microsoft Windows 9x and ME only. It acts as a 32 bit message server and will never appear in the Windows task list unless there is a problem with it. At any other time it should be left enabled."

Here is my Highjack This log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:07, on 22/05/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\CPAL\CPBRWTCH.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HARD DISK SENTINEL\HDSENTINEL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIGHJACK THIS\HIJACKTHIS V1.99.1.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PopupRemover Class - {3D2C1DA4-BCD3-4317-9548-2E08BD222FF0} - C:\PROGRA~1\POPUPR~1\POPUPS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Cookie Pal] "C:\PROGRAM FILES\CPAL\CPBrWtch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Hard Disk Sentinel] C:\PROGRAM FILES\HARD DISK SENTINEL\HDSENTINEL.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.telewest.co.uk/motive/files/MotivePreQual.cab

Hi shakushinnen, and welcome to the PC Guide!

It's probably best if you start your own thread, rather than piggy-backing on someone else's thread. This will ensure that your problem gets the attention that it deserves. Also, you can always link to this thread if you are having a similar problem.

Please open a new thread that clearly explains the problem you are having, and a current HijackThis! Log.

Whoops - I meant to give it a few days before I replied, then forgot about it.

Anyway here's the latest; after running the Registry and ScanDisk checks on the Boot CD the problem stopped. After a few days, although there was no fluctuation with the mouse pointer, 'WinTop' showed MSGSRV32.exe to be active.
During the past few days I've not been aware of it at all, but it's still a mystery what causes it to activate when it does.

So, the final word is, yes the Boot CD definately had a positive effect on the system. Thanks to all those who contributed.

Hi Mike,
I originally posted this on the Computing.Net forum, here -
http://www.computing.net/windows95/wwwboard/forum/169035.html
Please have a look at this thread. I'd be interested in your thoughts.
John

Hi shakushinnen:

I cannot relate my circumstances with yours, you're having a whole lot of extra problems whish are completely absent on my machine. I don't have a CPU temperature monitor, but it hasn't blown up yet!

My HDDs sound normal, even though the temp has reached 55 celcius on some occasions. The most it's ever reached in the past was 60 degrees - not at all good for the drive.

Have you seen another posting on the Experts Exchange site:

http://www.expertsexchange.com/Operating_Systems/Win98/Q_20741267.html

entitled 'msgsrv32.exe active about every four seconds'. You won't find the answer as you have to subscribe ($$$) to the site in order to see the solution (if there ever was one).

Hi Mike,
I resolved the problems, mind you I didn't say solved.
I replaced my HDD with my backup HDD (ghosted about a month ago), which would contain most, but not all of the same programs. So that leads me to believe that the problem is a) the old HDD or b) a program on the old hard drive. Next I'm going to ghost my present drive onto the old hard drive and see if the old hard drive is the problem. I'm not sure this helps YOU, but I thought I would be neighbourly and pass it on.
By the by. Aida or SpeedFan - http://www.softpedia.com/get/System/System-Info/SpeedFan.shtml
will allow you monitor your CPU temperature and voltage fluctations.
Take care,
John

I 've installed SpeedFan. See this link showing a side-by-side comparison with WinTop as far as CPU usage is concerned.

http://img.photobucket.com/albums/v226/mike_jw/Charts.jpg

You'll notice that MSGSRV32.exe is not active.

Hi Mike,
Yes, I see what you mean. When I ran Wintop, on my old hard drive, the reading would fluctuate from 0% to 60-80% for MSGSRV32.exe. I got the idea of trying Wintop from your posts. My CPU temperature, acording to Aida and SpeedFan, fluctuated between 30°C and 45°C. With my backup HDD the cpu temperature is rock solid at 29-31° as we speak, and I have this baby clocked at 866mhz (from 762). I don't know what MSGSRV32.exe is doing because I don't have Wintop installed on this drive, but there is no audible fan fluctations, nor mouse pointer changes to hourglass, no weird stuff at all. (I even tried changing the cpu at one time, thinking I had screwed it up by overclocking it.)
John

Hi Mike,
This time I think I really discovered the source of my problem.
Boy, do I feel stupid. A couple of weeks ago I bought, and installed, a cd writer, and forgot to disable the "auto insertion notification", so the disk activity was due to it seeking for ...
Sorry about all the confusion.
John