Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer, Svchost.exe Errors, Hpcmpmgr Errors


  • Please log in to reply
9 replies to this topic

#1 StartingOver

StartingOver

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 29 June 2008 - 11:19 PM

HELP!! I know that it is best to keep a request for help focused on a single problem but, with all that I’m facing, I am at a loss as to where I should even post this request. It seems to me that it is possible that all of the issues in this post are related. So, any help and guidance will be greatly appreciated!

I’m constantly, and unpredictably, getting “svchost.exe – Application Error” errors. The memory addresses in these errors are not always the same. I have numerous screen shots if they would help to diagnose. On at least one occasion each, I received these errors: “avcscanx.exe - Application Error” and “TFService.exe - Application Error”. Again, I have screen shots if needed. And, clicking on "OK" on these errors does nothing (at least nothing we can see).

I’ve also been getting “hpcmpmgr” errors (at shutdown).

When using the internet, there will be times where pages take longer and longer to open. And I will begin to see more “page not found” errors on pages I KNOW exist. Again, however, these errors are unpredictable and intermittent. Sometimes I can re-start the browser and the problem will go away for a while. (I use IE 7 and Firefox 2.0.0.14) Sometimes re-booting the system doesn’t even help. It can take two or more re-boots.

When I try to boot up in Safe mode, computer freezes & I have to do a hard start.

I cannot run CHKDSK. When I reboot, the blue screen comes up & I get a four line message stating the file system is NTFS, Cannot open volume for direct access and (& this is very confusing) Windows has finished checking the disc.

Overall, the system is becoming more and more sluggish. We have four users on this system. When any user logs on, it can take up to 40 seconds for the account to fully log on. I’ve been to Sysinfo.org countless times to check the items which are installed at start-up. Although it seems to me that I have a lot of items loading in the background at start-up, all of the items loading are necessary for our use.

I've run AVG, Max Registry cleaner, Spybot S & D, CCleaner, Super Antispyware Free Edition, ATF Cleaner, Panda Active Scan and Kaspersky Online Scan. I saved the Kaspersky log. I just ran HJT & saved that log as well. Some of these have run several times. Other than tracking cookies, very little has been found. I’ve even recently opened the tower and cleaned the inside.

I’ve read recently that many of my problems may be related to Automatic Updates and, if I would turn Automatic Updates off and do a manual Windows update, at the very least the “hpcmpmgr” error and the “svchost” error would be corrected. The problem is, when I go to Windows Update, SP3 is the first critical update recommended. Also, Windows Update recommends updating to SP3, then scanning for necessary updates again. With everything I’ve read about SP 3, I’m really hesitant to load it at this time.

I do not know what else to do to get rid of the errors and to get the system “back up to speed” short of a system restore. I really don’t want to do that with all of the re-installs that it requires. Besides, setting the system back to “factory specs” doesn’t tell me what was wrong in the first place. If I can’t figure out how I got here, there is nothing stopping me from getting here again!

Right now I am at a loss as to where I should even post this request for help. So, any guidance and help will be greatly appreciated!

Here is the info on my system:
HP Pavillion a620n
AMD Athlon(B) XP 3200+ 2.20 GHz
CPU: Socket A
Motherboard:
Manufacturer’s name: ASUS A7V8X-LA
HP/Compaq name: Kelut-GL6E
Chipset:
VIA KM400A
VIA VT8237
2 GB DDR SDRAM (2 x 1 GB)
Hard Drive:
160 GB Ultra DMA
Graphics Card:
Elitegroup GeForce 6 Series LE 256 MB AGP 8X
500 watt power supply

Windows XP Home with SP2
Firewall: ZoneAlarm version:7.0.470.000
TrueVector version:7.0.470.000
Driver version:7.0.470.000
Also running PC Tools, Threatfire version 3.5.0.21 (real-time spyware and virus monitoring)
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:56 AM

Posted 30 June 2008 - 04:37 AM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
Chewy

No. Try not. Do... or do not. There is no try.

#3 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 01 July 2008 - 02:15 AM

Chewy, thank you very much for your reply! With all that is going on with my system, I wasn't even sure where to post my first request for help. That's why I didn't attach any logs to that first post.

I will begin running the SmitFraudFix.exe scan, hopefully, in about one hour. But, I do have a question. Is this .exe file something I can start and walk away from while it runs? Or, does it occasionally require a response from the user?

If you are not online to answer within the next 30 minutes (it's 2:00 AM CST now), ignore this question & I'll start the scan first thing in the morning. I'll be able to monitor the scan at that time.

You mentioned in your reply that I should "post that log along with all others requested in your next reply." Since you are the only person who has replied, so far, are there some other logs that I should send along with this one? And, finally, will I be posting logs in this forum or will I be changing forums?

Sorry for being a little on the "dense" side on this. It is my first time to post on something like this.

Thanks again!
Marty
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#4 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 01 July 2008 - 08:43 AM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

Hey Chewy

I posted the following message sometime after 5:00 AM CST but I can't find it anywhere. Since I posted a SmitFraudFix log and HJT log with my response, I'm guessing it may be possible that my post was moved (since, according to the criteria for this forum, I was not supposed to post HJT logs to this forum). However, now I cannot find my latest posting anywhere. Who knows, at 5:00 AM, it is very possible that I hit the wrong button and never posted anything! LOL

Oh well, I ran the SmitFraudFix.exe and have the log. I also ran HiJack This and saved that log as well.

Now, what should I do? And, on what forum should I post these two logs?

Thanks!
Marty
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:56 AM

Posted 01 July 2008 - 08:59 AM

We will need to fix your computer before we can even determine if you are infected

I would like to see the Smitfraud log as requested, if you wish to post a HJT log, do it in that forum and let us know so we don't waste any more time on this thread

Once you post that log this thread will close and you will have to wait for the HJT team, they can get backed up and very busy
Chewy

No. Try not. Do... or do not. There is no try.

#6 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 01 July 2008 - 09:54 AM

We will need to fix your computer before we can even determine if you are infected

I would like to see the Smitfraud log as requested, if you wish to post a HJT log, do it in that forum and let us know so we don't waste any more time on this thread

Once you post that log this thread will close and you will have to wait for the HJT team, they can get backed up and very busy

Here is the SmitFraudFix log.

And I apologize for any confusion I've caused as far as posting the HJT log. I will follow your instructions here and wait until you tell me what my next step is.

Being a noobie at this level, I just didn't want to break the rules of what should be posted where. I really appreciate your time or anyone else's time and assistance here and I certainly don't want to waste it. Again, my apologies for any confusion I may have caused. I just didn't understand.

Let me know if you want or need any of the other logs I've saved.

SmitFraudFix v2.328

Scan done at 4:43:50.85, Tue 07/01/2008
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\oskl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\VTovrlayl.dll,avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: VIA Rhine II Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{08B66E83-EB22-41A0-92FA-FE8BFA0090E9}: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:56 AM

Posted 01 July 2008 - 10:56 AM

Every extra process running is an accident waiting to happen, I was a little skeptical about the extra malware protection but your process list can bring almost any computer to it's knees

http://www.bleepingcomputer.com/startups/mdm.exe-2675.html

http://www.bleepingcomputer.com/startups/s....exe-21487.html

this apps are for work stations, not older computers



C:\WINDOWS\system32\oskl.exe

might be an older rare rootkit component

http://virusscan.jotti.org/

http://www.virustotal.com/

regarding sp3 and updates, you need a healthy computer and avg, zonealarm and threatfire completely disabled
Chewy

No. Try not. Do... or do not. There is no try.

#8 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 01 July 2008 - 03:45 PM

Hi Chewy

When I posted my question which brought us here, I thought I knew a little about computers. After reading your last post, I now know that I STILL haven't made it past "stupid". So, if you have the time, would you be willing to "dumb it down" a little for an old man (actually, 53 ain't that old, I guess) and tell me what I'm supposed to do with the info you've given me?

I know how to manage my start-up items through msconfig. And I use sysinfo.org to decide whether to let something load at start-up or not. How do I manage the processes listed in the log above? How do I tell the computer to let one process run but not the next? And, how often should I check the list? Do processes have the ability to re-load themselves like some start-up items do?

This computer is, unfortunately, the best my family has. And, it is the only one we've got that has the speed and the RAM to allow my son to play WoW. I can't afford anything new right now so, I've been scavenging discarded computers for anything I can find & use. I now have two other computers that will surf the web and play limited games like Runescape. But that's it. I had hoped to put a second (slave) hard drive on this one (8 GB scavenged) to handle swap files in order to squeeze out just a little more speed. But, until it is running at the highest peak I can get it to, there is no point in adding anything.

So, even though your last post let me know that my old computer is an accident waiting to happen and that my process list could probably choke Bill Gates' personal computer, I don't know what to do with that information. And, when I look at the process list from the log I posted here, I don't know what most of it means. Finally, I don't have a choice but to learn how to manage this. My son's most favorite recreational activity is WoW. I must get this thing up to speed, and quick!

Thanks for you help
Marty
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:11:56 AM

Posted 01 July 2008 - 04:12 PM

You could uninstall 1/3 of the stuff you have running and WOW would play much better

I have no idea why you are using MDM, and SQL server

I do see a lot of this when someone is using P2P for pirated software

I can understand you wanting to have adequate layers of protection, but it's a cake and eat it too problem

Use add and remove programs

I know it's a lot of work

Edited by DaChew, 01 July 2008 - 04:13 PM.

Chewy

No. Try not. Do... or do not. There is no try.

#10 StartingOver

StartingOver
  • Topic Starter

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:About 70 miles from Galveston Bay wade fishing!
  • Local time:10:56 AM

Posted 01 July 2008 - 11:49 PM

Thanks. I really appreciate your help.

As far as the mdm.exe and the sqlservr.exe goes, I followed the hyper-links you included in your previous post so that I could learn what these items were. Bottom line is that I have no idea how they got on here. None of my family knows either. We absolutely don't use them. So, once I complete a little preliminary research, they will go away first.

As far as pirated software, we are not aware of any. And, in our family, pirated software is viewed as exactly what it is, theft (with a special dose of COWARD thrown in). So, if you think you've seen ANY pirated software on our system, PLEASE let me know, and let me know SPECIFICALLY what you believe to be pirated and where it is located, if you can.

Now, for the record, the reason I have so many anti-malware programs is two-fold. The first reason came from this site and several others like it. Countless moderators on numerous forums have encouraged this type of redundancy. With multiple programs, there is a good chance that, if one program misses a new piece of malware or a variant of an old piece, the next program that runs might catch it. The second reason is my friends. I manage their personal home computers (yeah, I know, "blind leading the blind") and the "excess" anti-malware you see on my computer is also loaded on their computers. It makes quick work of destroying intruders and keeping them out. In exchange, they help my family out on projects around my house. I'm not allowed to do any physical work due to a temporary disability. I'm not even allowed to drive. My orthopedic surgeon said that operating a keyboard & mouse is the maximum work I'm allowed to do until the shoulder surgery heals(approx. 8 to 12 months). So, when I download and use a new anti-malware program on one of my friends' computers, I also download it on my system. That gives me a chance to learn the program. Once I'm comfortable with the new software, it gets downloaded on everyone's computer.

So, you said in your post a large portion could be eliminated, If I remember correctly you said about one third? Would you be willing to list the items you would recommend for deletion? And, don't worry, I will be double-checking your suggestions with others. I will also be looking at the "vintage" value. My wife deals in antiques.

I look forward to your suggestions on what I should delete. In the meantime, I've printed out the "process list". It looks like it's time for me to wake up Google and learn what these things are.

Thanks again.
Marty
Just Remember "To Err Is Human" (To REALLY Foul Things Up Requires A Computer!)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users