Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Task Manager - Process Tab - Corrupt User Name Column


  • Please log in to reply
34 replies to this topic

#1 bry1216

bry1216

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 19 December 2007 - 08:57 AM

This is a difficult problem. In Task Manager on the Process Tab, I have selected the User Name column. All the programs that are running have corrupt characters as a user name.

If I reboot in Safe Mode with Networking, the corrupt characters go away.

If I create a new user, they show up.

No infected files or programs have been found.

My thinking is this could be a problem located in the Registry.

I am currently working with Microsoft on this and they are floundering.

Does anybody have a fix?

Take a view of the attachment.

Attached Files



BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 56,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:34 PM

Posted 19 December 2007 - 09:02 AM

Tried running chkdsk and defragging the system?

Check Event Viewer for possible clues?

Consider running sfc /scannow to replace missing/corrupt system files?

Louis

#3 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 19 December 2007 - 09:24 AM

I have Windows Live OneCare which defrags every week.

Nothing in the event view.

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 56,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:34 PM

Posted 19 December 2007 - 11:17 AM

Windows Live One Care does not defrag...I take that back, it seems to do so :thumbsup:.

XP Chkdsk, Using the Graphical Version (My Computer) - http://www.updatexp.com/windows-xp-chkdsk.html

Louis

Edited by hamluis, 19 December 2007 - 11:21 AM.


#5 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 19 December 2007 - 05:59 PM

I ran check disk on the reboot.

See the second page of this attachment.

The corruption got worse :thumbsup:

I really believe the corruption is within the Registry that is responsible for displaying the User Name for each program started. This is definitely not a virus.....unless it gets out of my computer! :trumpet:

Now I have been raised to Microsoft Technical level 2 for a fix.

:flowers:

I have slim to zilch hope on this. I just told them if you can't find the string in the Registry, don't call.

Attached Files



#6 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:34 PM

Posted 20 December 2007 - 08:47 AM

This may not be a registry issue. Or, it may be a normal Windows setting that has gone awry (due to a file corruption) - or it may be a corruption with Windows itself - or it may be that the system is set to display this way.

The little squares are "placeholders" for characters that Windows doesn't recognize.

The cause can be almost anything - and because of this, isolating it may be difficult.

All that being said, here's a few questions that may help to narrow it down:
1) Is this a progressive error (is it getting worse with time)?
2) How many anti-malware scans have you done - and what programs/online services have you used?
3) Have you checked in the Event Viewer for errors that may be related to this issue?
4) Have you checked your keyboard and language options to make sure that nothing has changed there?
5) Have you had virus infections in the past that were removed?
6) Notice that the System Idle Process shows "System" as the owner - does any other process display correctly? (for example, csrss.exe and System both have "System" as the owner on my copy of XP)
7) Have you tried (temporarily) using a copy of taskmgr.exe from another computer? (to rule out a corruption in the taskmgr.exe file)
8) Does this issue change if you use another account? How about if you create a new account and try it?
9) Could you provide a complete list of the programs that are running in the processes tab? That may shed some light on the problem.
10) Since this doesn't happen in Safe Mode, but does in Normal Mode, then it's most likely that it's something loading with normal mode that's causing this.

As a definitive diagnostic, I'd enable boot logging and then boot once into Safe Mode and once into Normal Mode. Then copy the bootlog file to your desktop (that'll prevent further reboots from adding to this diagnostic file on your desktop).

Once that's done, you can copy/paste the info from the Safe Mode boot into a spreadsheet program - and then copy/paste the normal boot stuff next to it (beware, it's a long list!). Once that's done, you can start comparing them and will end up with a list of what's loading in normal mode that doesn't load in Safe Mode.

A bit of research will tell you about these things that are loading - and you can repair/replace them one-by-one to see if that fixes the error.

I know that this is a lot of information and that it presumes a lot of things. So if you've got any questions, feel free to post back with them.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#7 CTH_Tom

CTH_Tom

  • Members
  • 295 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 20 December 2007 - 05:00 PM

Could try the fix I proposed in this thread-
http://www.bleepingcomputer.com/forums/t/121884/cant-see-image-name-in-processes-tab/
X

#8 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 20 December 2007 - 07:29 PM

Could try the fix I proposed in this thread-
http://www.bleepingcomputer.com/forums/t/121884/cant-see-image-name-in-processes-tab/



Thanks for the idea. I tried it several different ways with no success.

:thumbsup:

#9 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 20 December 2007 - 10:06 PM

This may not be a registry issue. Or, it may be a normal Windows setting that has gone awry (due to a file corruption) - or it may be a corruption with Windows itself - or it may be that the system is set to display this way.

The little squares are "placeholders" for characters that Windows doesn't recognize.

The cause can be almost anything - and because of this, isolating it may be difficult.

All that being said, here's a few questions that may help to narrow it down:
1) Is this a progressive error (is it getting worse with time)?
2) How many anti-malware scans have you done - and what programs/online services have you used?
3) Have you checked in the Event Viewer for errors that may be related to this issue?
4) Have you checked your keyboard and language options to make sure that nothing has changed there?
5) Have you had virus infections in the past that were removed?
6) Notice that the System Idle Process shows "System" as the owner - does any other process display correctly? (for example, csrss.exe and System both have "System" as the owner on my copy of XP)
7) Have you tried (temporarily) using a copy of taskmgr.exe from another computer? (to rule out a corruption in the taskmgr.exe file)
8) Does this issue change if you use another account? How about if you create a new account and try it?
9) Could you provide a complete list of the programs that are running in the processes tab? That may shed some light on the problem.
10) Since this doesn't happen in Safe Mode, but does in Normal Mode, then it's most likely that it's something loading with normal mode that's causing this.

As a definitive diagnostic, I'd enable boot logging and then boot once into Safe Mode and once into Normal Mode. Then copy the bootlog file to your desktop (that'll prevent further reboots from adding to this diagnostic file on your desktop).

Once that's done, you can copy/paste the info from the Safe Mode boot into a spreadsheet program - and then copy/paste the normal boot stuff next to it (beware, it's a long list!). Once that's done, you can start comparing them and will end up with a list of what's loading in normal mode that doesn't load in Safe Mode.

A bit of research will tell you about these things that are loading - and you can repair/replace them one-by-one to see if that fixes the error.

I know that this is a lot of information and that it presumes a lot of things. So if you've got any questions, feel free to post back with them.


***************************************************************************

Items is order:
1: Yes progressive with each program that starts. Affects all program user names. See previous attachment.
2: Windows Live OneCare, Ewido & AVG Anti-Spyware 7.5 (the 2nd and 3rd recommended by MS Support out of India)
3: Next on the list. Are you asking for it to be posted here? It was looking for an recent PC that I was trying to VPN to, didn't work. But problem was occurring before that was created.
4: Yes. Wireless Keyboard and Mouse by Logitech. Downloaded newest version and checked "USA-English" listing.
5: No Virus detection in years. Always protected behind router and with McAfee, Norton or current Window Live OneCare.
6: What you see in the attachment is it. As programs start it is progressively worst with more corrup characters.
7: Tried the fix suggest by CTH_Tom with no change in results.
8: Created new account with same results. When starting in Safe Mode with Networking the USER NAME are all blank.
9: See the previous attachment
10: Yes this is true.

Let me know how to create a "boot log" with Windows XP. I can show you the "ntbtlog.txt", but it is identical between Safe Mode and Normal Log In.

I have scanned the computer with several virus checkers, completed scandisk and defrag. This confuser is clean!

Hope that answered all you questions.

The MS level 2 Indian fellow wanted me to return to XP SP1 with the original XP SP1 disk. I told him to take a hike and his boss called me. Next MS attempt will be in 22-24 hours, I will receive a call from a Research Engineer with Microsoft. This out to be a fun, since so far I have been more intelligent than each person who has called.............let's count them.........6 calls and approximately 14 hours of conversation. One call was 3 .25 hours long.


:thumbsup:

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:34 PM

Posted 21 December 2007 - 10:53 AM

I would have done a repair install of XP after any 1-hour conversation with MS personnel. A repair install takes less than 40 minutes.

I'm not very patient at times :thumbsup:.

Louis

#11 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 21 December 2007 - 11:14 AM

I would have done a repair install of XP after any 1-hour conversation with MS personnel. A repair install takes less than 40 minutes.

I'm not very patient at times :thumbsup:.

Louis




The computer is 3 years old and came with XP SP1. Knowing this would you still use the original SP1 disk and return it back to the original status?

This means reloading SP2 and everything else. It is a risk if any of the current programs will even work and all programs may have to be reloaded.

What are your thoughts now?

#12 hamluis

hamluis

    Moderator


  • Moderator
  • 56,567 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:34 PM

Posted 21 December 2007 - 12:51 PM

Well...look at this way.

A clean install and reinstall of all programs and updates...takes X hours, including going to WinUpdate site for critical updates. But, the fact is that you now have no known system problems, can now make proper, timely backups for future emergency situations, and you don't frown when you look at your system :flowers:.

I don't know whether you have recovery CDs or an XP CD, but that doesn't matter in this case. SP1 is not an issue if you do a clean install, it's only when users attempt a repair install with a prior version that it becomes a problem. A system that reflects SP2 cannot use a SP1 XP CD to do a repair install or run sfc /scannow.

The alternative is to continue to try to troubleshoot a very troublesome (hard to diagnose, especially via long-distance) situation that will (undoubtedly) continue to fray your nerves...and may eventually show evidence of other problematical situations (since we don't know what is causing this).

Long ago, I told myself that I allow myself a maximum of 48 hours to solve computer situations on my own. After that, I may try for part of a 3d day, but I can guarantee that I will go with a clean install by the end of 72 hours. If doing a clean install, reinstalling programs, and updating XP for crit updates takes anyone 72 hours, that person must be doing high-octane computing on her/his system...and I'm not :thumbsup:.

If you don't have an SP2 CD or a copy of the file,
it can be downloaded from http://www.microsoft.com/downloads/details...;displaylang=en Ignore the writing about whom the intended recipients/users are, just download it and put it in a safe place.

The one thing I will advise: If you do a clean install, be sure to employ the Windows firewall immediately, before worrying about AV program, before going to WinUpdate for critical updates. My sequence is usually: install, firewall, update, AV and malware programs.

Final note: If any program works under XP today, it will certainly work after a clean install and reinstall of that program.

Louis

#13 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 21 December 2007 - 05:04 PM

Well...look at this way.

A clean install and reinstall of all programs and updates...takes X hours, including going to WinUpdate site for critical updates. But, the fact is that you now have no known system problems, can now make proper, timely backups for future emergency situations, and you don't frown when you look at your system :flowers:.

I don't know whether you have recovery CDs or an XP CD, but that doesn't matter in this case. SP1 is not an issue if you do a clean install, it's only when users attempt a repair install with a prior version that it becomes a problem. A system that reflects SP2 cannot use a SP1 XP CD to do a repair install or run sfc /scannow.

The alternative is to continue to try to troubleshoot a very troublesome (hard to diagnose, especially via long-distance) situation that will (undoubtedly) continue to fray your nerves...and may eventually show evidence of other problematical situations (since we don't know what is causing this).

Long ago, I told myself that I allow myself a maximum of 48 hours to solve computer situations on my own. After that, I may try for part of a 3d day, but I can guarantee that I will go with a clean install by the end of 72 hours. If doing a clean install, reinstalling programs, and updating XP for crit updates takes anyone 72 hours, that person must be doing high-octane computing on her/his system...and I'm not :thumbsup:.

If you don't have an SP2 CD or a copy of the file,
it can be downloaded from http://www.microsoft.com/downloads/details...;displaylang=en Ignore the writing about whom the intended recipients/users are, just download it and put it in a safe place.

The one thing I will advise: If you do a clean install, be sure to employ the Windows firewall immediately, before worrying about AV program, before going to WinUpdate for critical updates. My sequence is usually: install, firewall, update, AV and malware programs.

Final note: If any program works under XP today, it will certainly work after a clean install and reinstall of that program.

Louis



Thanks Louis.

Well it is an intense machine to rebuild probably a good 10 hours straight with all the downloads. I have done this twice now and prefer not to do it again, but I want to know exactly what the problem is.

Happy Holidays.

#14 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:34 PM

Posted 21 December 2007 - 08:01 PM

If this is free tech support from Microsoft and you've been elevated several levels beyond tier 1 tech support - I'd stick with it. Those folks know what they're doing inside of the OS and they've got access to the folks who actually wrote the modules.

IMO this is a deeply seated bug in your OS. The usual steps (SFC.EXE, a repair install, or a clean install) will likely stop it - but that won't fix the problem. Should this be a new "bug" - then it may even recur.

So, back to the bootlog - the Ntbtlog.txt file will be located in your systemroot directory (most commonly C:\Windows), although I have seen it in the root of the C:\drive also (but it doesn't appear there now). I'd suggest saving copies of the Ntbtlog.txt files (that are in C:\ and C:\Windows) to another location - then deleting the originals (they'll be recreated as needed).

Then, ensuring that bootlogging is enabled - reboot into Safe Mode once and then into normal mode once. Once the second boot is done, copy the C:\Windows\Ntbtlog.txt file to your desktop for safe-keeping.

You'll notice at the very top of the log something like

Service Pack 3, v.320512 21 2007 19:47:49.500

(that's the Service Pack level that you have, the version, the date, and then the time). Search the document for "Service Pack" (without the quotes) and it should take you about 1/2 way down the page to the next log. You'll be able to tell (by the time) which is the Safe Mode log and which is the normal mode log. Also, there'll be a bunch of "Failure to Load" stuff in the Safe Mode log - this is the stuff that didn't load in Safe Mode, but did load in normal mode. There's a lot of it (and the order isn't exactly the same) - that's why I recommend using a spreadsheet to put them side by side to see the differences.

Or, if you're not real sure about this, you can attach a copy of the Ntbtlog.txt file to your next post (it should be small enough) so we can have a go at it.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#15 bry1216

bry1216
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:34 PM

Posted 22 December 2007 - 04:56 PM

If this is free tech support from Microsoft and you've been elevated several levels beyond tier 1 tech support - I'd stick with it. Those folks know what they're doing inside of the OS and they've got access to the folks who actually wrote the modules.

IMO this is a deeply seated bug in your OS. The usual steps (SFC.EXE, a repair install, or a clean install) will likely stop it - but that won't fix the problem. Should this be a new "bug" - then it may even recur.

So, back to the bootlog - the Ntbtlog.txt file will be located in your systemroot directory (most commonly C:\Windows), although I have seen it in the root of the C:\drive also (but it doesn't appear there now). I'd suggest saving copies of the Ntbtlog.txt files (that are in C:\ and C:\Windows) to another location - then deleting the originals (they'll be recreated as needed).

Then, ensuring that bootlogging is enabled - reboot into Safe Mode once and then into normal mode once. Once the second boot is done, copy the C:\Windows\Ntbtlog.txt file to your desktop for safe-keeping.

You'll notice at the very top of the log something like

Service Pack 3, v.320512 21 2007 19:47:49.500

(that's the Service Pack level that you have, the version, the date, and then the time). Search the document for "Service Pack" (without the quotes) and it should take you about 1/2 way down the page to the next log. You'll be able to tell (by the time) which is the Safe Mode log and which is the normal mode log. Also, there'll be a bunch of "Failure to Load" stuff in the Safe Mode log - this is the stuff that didn't load in Safe Mode, but did load in normal mode. There's a lot of it (and the order isn't exactly the same) - that's why I recommend using a spreadsheet to put them side by side to see the differences.

Or, if you're not real sure about this, you can attach a copy of the Ntbtlog.txt file to your next post (it should be small enough) so we can have a go at it.



The MS Expert "Sam" was an Expert.

We used http://technet.microsoft.com/en-us/sysinternals/default.aspx for Process Monitor and found no problems in items 14-700. Then Dial-A-Fix-Full to lift restrictions in the Registry. We recreated the Terminal Services in the Registry. He told me that the previous tech level 2 was wrong about the Reinstallation Disk install instead he downloaded a SP2 version and we ran it. Last we ran a scan and found Java software issues.

Nothing seems to have worked. Next meeting will be Dec 28, 2007 in the afternoon.

Reviewed the C:\Windows\Ntbtlog.txt file and and did not find any difference. Also the this email will not let me add it due to the file type.

Thanks for all the feedback and have a Merry Christmas.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users