stisev Posted November 1, 2008 Report Posted November 1, 2008 (edited) EDIT: !!! NOW WITH VIDEO!! SEE BELOW!! PLEASE NOTE: If you're coming to this thread to bash users who are having problems, please do not post. There are many users having similar problems with Continuum[/b]. PER: http://www.ssforum.net/index.php?showtopic=21623 THE PROBLEM: Running Continuum and process explorer, the user sees continuum open and close open and close open and close, so FAST that the user has to log off or restart to get it. If you've got very very quick fingers, one can quit continuum.exe eventually by trying to kill with process explorer repeatedly, but logging off is easier.The process opening and closing takes roughly 50% (100%) of 1 core on my dual core CPU. One of my friends is also having this same problem, so it is more widespread than some people believe. I've been having this problem for years. I have now been able to reproduce the behavior using Sandboxie, but the problem has eluded me even further. I have spent countless hours trying to figure this out. I am at a loss. Until then, DEP exception has been enabled, NO antivirus, NO others programs running, NO tuning utilities, NO software firewalls, NO HARDWARE firewalls, nothing except Sandboxie (problem happens even on install without Sandboxie) Anyways, I have two "Sandboxes" 1) Sevsandbox - the problem didn't occur before and occurs now2) ISOLAtioN - problem does not occur. Even if I delete all a) reg entries files c) EVERYTHING for sevsandbox, the problem STILL happen. I just can't figure out what the !@#$%^&* is causing this. ANYONE have any comments? Why does it work on one sandbox but not the other!? !!! VIDEO !!! Sorry for the crappy video guys. I need to invest in a tripod and public speaker http://www.sendspace.com/file/2npvh4(MVI_2681_x264.avi 20.7MB ) No viruses, trojans guarateed - X264 format AVI container Edited November 1, 2008 by stisev
Samapico Posted November 1, 2008 Report Posted November 1, 2008 Hmmm, I don't know. Have you tried checking the features of each of these programs? There has to be something they handle differently. If these are open-source type things, you can probably find forums with people who could answer that question
stisev Posted November 1, 2008 Author Report Posted November 1, 2008 Hmmm, I don't know. Have you tried checking the features of each of these programs? There has to be something they handle differently. If these are open-source type things, you can probably find forums with people who could answer that question There's no way it's Sandboxie. It's continuum that's the problem. The problem OCCURS even without running in Sandboxie!
stisev Posted November 1, 2008 Author Report Posted November 1, 2008 OMG OMG UPDATE! I'm narrowing it down!! *NOW I KNOW* what the difference between the two sandboxes are! sevsandbox has LOW LEVEL ACCESS ENABLED. Which means "Permit programs in the sandbox to load kernel mode drivers into the operating system[/b]. <--- THIS IS THE PROBLEM!!!!! When I turn it on/off, the problem happens/does not happen! Now I need to figure out the offending kernel mode driver !
Samapico Posted November 1, 2008 Report Posted November 1, 2008 Hmmm, I don't know. Have you tried checking the features of each of these programs? There has to be something they handle differently. If these are open-source type things, you can probably find forums with people who could answer that question There's no way it's Sandboxie. It's continuum that's the problem. The problem OCCURS even without running in Sandboxie!I'm not saying the sandbox is the problem, I was saying that since one fixes it and one does not, knowing what's different in both of them could help pinpoint the problem Edit: ok, just read that last post
JoWie Posted November 1, 2008 Report Posted November 1, 2008 I have a similar problem on my laptop (Windows XP), continuum keeps destroying and launching itself over and over (ex, the PID in the taskmanager keeps increasing) This happens on every account which belongs to the group Administrators. However when I run continuum as an normal user (which has full file access to the continuum folder), the problem disappears. Another option that also works is checking "Protect my computer and data from unauthorized program activity" in the run as dialog. What this basically does is remove any powerful permissions, and read only permission to the registry. The downside to this is that continuum does not save anything in the registry, which means no stored passwords, etc. Perhaps something you can check out
stisev Posted November 1, 2008 Author Report Posted November 1, 2008 I believe I have found the problem: The issue is being caused by the following: SecdrvSafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys or TDIM.SYS Windows NT/2000 TDI Monitor Winternals, SysInternals c:\windows\system32\drivers\tdimsys.sys I have all but ruled out TDIM.SYS. Now it got even stranger. I disabled the drivers one by one to test them out, the problem happened last with secdrv.sys Can any one of you who are experiencing the similar problem check if you have this file?
Samapico Posted November 1, 2008 Report Posted November 1, 2008 I never experienced the problem; I have secdrv.sys, and tdi.sys (not tdimsys.sys) But is it really about "having" the file? Perhaps I don't have anything that uses secdrv.sys for example (I have no idea what the file is, maybe that's impossible )
stisev Posted November 1, 2008 Author Report Posted November 1, 2008 I am really bummed out. It turns out it may not be one of those two: It's one of the following:AMONAmon monitor Eset c:\windows\system32\drivers\amon.sys AnyDVDAnyDVD Filter Driver SlySoft, Inc. c:\windows\system32\drivers\anydvd.sys DSDrv4hardware access driver d:\applications\dscaler\dsdrv4.sys ElbyCDFLElbyCDIO Filter Driver SlySoft, Inc. c:\windows\system32\drivers\elbycdfl.sys ElbyCDIOElbyCD Windows NT/2000/XP I/O driver Elaborate Bytes AG c:\windows\system32\drivers\elbycdio.sys ElbyDelayElby Delay Lower Filter Driver Elaborate Bytes AG c:\windows\system32\drivers\elbydelay.sys fanioFan I/O CD c:\windows\system32\drivers\fanio.sys hamachiHamachi Virtual Network Interface Driver LogMeIn, Inc. c:\windows\system32\drivers\hamachi.sys nhcDriverDeviceNotebook Hardware Control Device Driver pBUS-167 Software - http://www.pbus-167.com c:\windows\system32\drivers\nhcdriver.sys nod32drv c:\windows\system32\drivers\nod32drv.sys PtilinkDirect Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys SecdrvSafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys sptd c:\windows\system32\drivers\sptd.sys TDIMSYSWindows NT/2000 TDI Monitor Winternals, SysInternals c:\windows\system32\drivers\tdimsys.sys truecryptTrueCrypt Driver TrueCrypt Foundation c:\windows\system32\drivers\truecrypt.sys X10UIFX10 USB Control Interface X10 Wireless Technology, Inc. c:\windows\system32\drivers\x10uif.sys Might also beb these but not likely:dtscsi File not found: C:\WINDOWS\System32\Drivers\dtscsi.sys Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys RivaTuner32 File not found: D:\Applications\RivaTuner\RivaTuner32.sys VirtualFD File not found: C:\Do!@#$%^&*ents and Settings\STi Sev\Desktop\vfd21-050404\vfd.sys It is not these:RTCore32 d:\applications\rm clock\rtcore32.sys I've disabled/enabled multiples times but I need to go to sleep now. I may or may not investigate further. I know how to solve the problem (make a new sandbox in sandboxie just for continuum and disable the low level driver functionality it will work with that). I really wanted to figure out which one it was too. At any rate, I'm going to reinstall XP sometime with a drastically less "driver" software.
rootbear75 Posted November 2, 2008 Report Posted November 2, 2008 (edited) next time upload the video to youtube and embed it and i cant even see anything in the video use Hypercam Edited November 2, 2008 by rootbear75
InamotO Posted November 2, 2008 Report Posted November 2, 2008 I have just recently started having the same problem as this and the way i managed to get it working was to right click on the continuum shortcut and click "Run-As" and ensure its being run under an administrator login. Then it seems to load fine... have no idea why it suddenly started happening. Let me know if this works for you.
Samapico Posted November 2, 2008 Report Posted November 2, 2008 I have just recently started having the same problem as this and the way i managed to get it working was to right click on the continuum shortcut and click "Run-As" and ensure its being run under an administrator login. Then it seems to load fine... have no idea why it suddenly started happening. Let me know if this works for you.That is not the 'correct' way of fixing the problem. When you do that, chances are you won't be able to download any new maps
stisev Posted November 2, 2008 Author Report Posted November 2, 2008 [q]I have just recently started having the same problem as this and the way i managed to get it working was to right click on the continuum shortcut and click "Run-As" and ensure its being run under an administrator login. Then it seems to load fine... have no idea why it suddenly started happening.[/q] In my case, I'm always logged in as Administrator, so that won't help me. I am now 100% certain it is a kernel driver (or a combination of 2 or more) are causing the 100% CPU crash. I believe this is the same reason why it's happening to everyone else as well rootbear75, sorry. I will do that next time. InamotO, try downloading Sandboxie: http://fileforum.betanews.com/detail/Sandboxie/1139521062/1 It's one of my Top 5 favorite apps and I'm a STICKLER when it comes to running stuff on my system If it runs in Sandboxie OK, that means you have the same problem as I do. Download autoruns (http://fileforum.betanews.com/download/Autoruns/1092024321/1) and post a list of your kernel drivers (under 'drivers' tab) for me to inspect and compare with my own.
rootbear75 Posted November 3, 2008 Report Posted November 3, 2008 If you're using Vista: Even if you are in the administrator group, you are NOT the admin of the computer. All admin actions require additional confirmation before they get processed. It's User Access Control (UAC). A stupid feature that protects your computer from yourself. therefore, Running as Admin in vista does sometimes work.
JoWie Posted November 3, 2008 Report Posted November 3, 2008 I have just recently started having the same problem as this and the way i managed to get it working was to right click on the continuum shortcut and click "Run-As" and ensure its being run under an administrator login. Then it seems to load fine... have no idea why it suddenly started happening. Let me know if this works for you.That is not the 'correct' way of fixing the problem. When you do that, chances are you won't be able to download any new maps Nothing wrong with that if the file permissions are correct. Weird thing is, I have the reverse. Run as a ordinary user, continuum works fine. Run as an administrator, continuum breaks. I am really bummed out. It turns out it may not be one of those two: It's one of the following:AMONAmon monitor Eset c:\windows\system32\drivers\amon.sys AnyDVDAnyDVD Filter Driver SlySoft, Inc. c:\windows\system32\drivers\anydvd.sys DSDrv4hardware access driver d:\applications\dscaler\dsdrv4.sys ElbyCDFLElbyCDIO Filter Driver SlySoft, Inc. c:\windows\system32\drivers\elbycdfl.sys ElbyCDIOElbyCD Windows NT/2000/XP I/O driver Elaborate Bytes AG c:\windows\system32\drivers\elbycdio.sys ElbyDelayElby Delay Lower Filter Driver Elaborate Bytes AG c:\windows\system32\drivers\elbydelay.sys fanioFan I/O CD c:\windows\system32\drivers\fanio.sys hamachiHamachi Virtual Network Interface Driver LogMeIn, Inc. c:\windows\system32\drivers\hamachi.sys nhcDriverDeviceNotebook Hardware Control Device Driver pBUS-167 Software - http://www.pbus-167.com c:\windows\system32\drivers\nhcdriver.sys nod32drv c:\windows\system32\drivers\nod32drv.sys PtilinkDirect Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys SecdrvSafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys sptd c:\windows\system32\drivers\sptd.sys TDIMSYSWindows NT/2000 TDI Monitor Winternals, SysInternals c:\windows\system32\drivers\tdimsys.sys truecryptTrueCrypt Driver TrueCrypt Foundation c:\windows\system32\drivers\truecrypt.sys X10UIFX10 USB Control Interface X10 Wireless Technology, Inc. c:\windows\system32\drivers\x10uif.sys Might also beb these but not likely:dtscsi File not found: C:\WINDOWS\System32\Drivers\dtscsi.sys Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys RivaTuner32 File not found: D:\Applications\RivaTuner\RivaTuner32.sys VirtualFD File not found: C:\Do!@#$%^&*ents and Settings\STi Sev\Desktop\vfd21-050404\vfd.sys It is not these:RTCore32 d:\applications\rm clock\rtcore32.sys I've disabled/enabled multiples times but I need to go to sleep now. I may or may not investigate further. I know how to solve the problem (make a new sandbox in sandboxie just for continuum and disable the low level driver functionality it will work with that). I really wanted to figure out which one it was too. At any rate, I'm going to reinstall XP sometime with a drastically less "driver" software. I have the following drivers from the above list:Ptilink - Direct Parallel Link Driver - Parallel Technologies, Inc. - c:\windows\system32\drivers\ptilink.sys Secdrv - SafeDisc driver - Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - c:\windows\system32\drivers\secdrv.sys truecrypt - TrueCrypt Driver - TrueCrypt Foundation - c:\windows\system32\drivers\truecrypt.sys SafeDisc is from the game Supreme Commander and truecrypt is used because I encrypted my entire harddisk (pre-boot authentication)I doubt its ptilink because every Windows XP installation has that driver
Samapico Posted November 3, 2008 Report Posted November 3, 2008 I used to have Supreme Commander installed, had no problems playing Continuum. I had a cracked version though, if that matters... (!@#$%^&*uming SafeDisc is related to the anti-pirating features)
JoWie Posted November 3, 2008 Report Posted November 3, 2008 Mine is cracked(no cd) too, safedisc is indeed an anti copy protection
RiiStar Posted November 6, 2008 Report Posted November 6, 2008 (edited) nod32drv c:\windows\system32\drivers\nod32drv.sys Doesn't NOD32 and similar applications have code/processes to stop programs editing them and system files?I think Continuum has something similar to stop things scanning or attaching to its exe to so it kills itself? Im no expert tho Edited November 6, 2008 by RiiStar
Samapico Posted November 6, 2008 Report Posted November 6, 2008 nod32drv c:\windows\system32\drivers\nod32drv.sys Doesn't NOD32 and similar applications have code/processes to stop programs editing them and system files?I think Continuum has something similar to stop things scanning or attaching to its exe to so it kills itself? Im no expert tho makes sense to me
Guest Scorch Posted November 23, 2008 Report Posted November 23, 2008 I am having the same problem now... any progress on this issue?
stisev Posted November 26, 2008 Author Report Posted November 26, 2008 Hi Guests,I simply gave up on trying to find the culprit. It's just too time-consuming and cumbersome, but the solution is here. Just out of idle curiosity, can you download Autoruns from Sysinternals and paste your driver list here. You need to get a free version of sandboxie and run continuum in a sandboxed environment to prevent continuum from accessing the offending driver
Recommended Posts