Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe running at 60 - 95% since abortive AVG anti-virus install


  • Please log in to reply
13 replies to this topic

#1 SoCalBob55

SoCalBob55

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 08 November 2011 - 11:52 AM

I have an HP laptop running Windows XP Professional with sp 2.

I originally posted on the Malware forum on October 16 - we (my BC helper and I) have since determined that whatever the problem is, it's not malware or virus related.

Here's the background:
I installed the Webroot SecureAnywhere program after reading a positive review and becoming concerned that the sudden recent slight slowing of my system might be due to some virus or malware. It found no issues, although the regular Webroot program had found trojan and said it removed it. I then attempted to install AVG, and when it asked me to reboot, I was confronted with a brief blue screen of death on reboot, then continued recycling attempts to reboot. Restarted using most recent setting that worked option, then UNINSTALLED AVG, and then rebooting with no incident.

On restarting, services.exe began running at between 75 - 95 percent of CPU.

The last thing I tried was to return to the restore point just before making the above changes - but no luck. I tried five or six more restore points going back a month - I assume that we've made too many adjustments to the system and that's why these come back with an Cannot Restore to that Date message.

Here's the original post with background information on what we've tried to date:
http://www.bleepingcomputer.com/forums/topic423834.html

The only things I haven't done (toward the end of the thread) is install sp3 and more current versions of Java, Acrobat and Flash.

BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,383 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 PM

Posted 08 November 2011 - 12:22 PM

Well...I would have uninstalled all the software which seemed to create the problems, as a first step.

I can't tell from what you typed...just what AV/security programs are currently installed?

<<The only things I haven't done (toward the end of the thread) is install sp3 and more current versions of Java, Acrobat and Flash>>

I think we need to uninstall items, for the moment. We will worry about installing additional programs later.

Just to get a better idea, let's try this.

Download/install BlueScreenView, http://www.nirsoft.net/utils/blue_screen_view.html .

Double-click BlueScreenView.exe file.

When autoscan is done (screen comes up), click Edit/Select All...then File/Save Selected Items.

Save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content and paste it into your next reply.

Louis

#3 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 08 November 2011 - 01:02 PM

I did uninstall AVG and Webroot Screen Anywhere before making my first post on the Malware forum. The only reason I didn't make the final recommended software changes is that we clearly hadn't fixed the core problem, so (to your point), installing more software would clearly not resolve the issue.

The other spyware/anti-virus programs I have installed are Spyware Doctor, Spyware Blaster, Webroot Spy Sweeper, Adaware 2007 and Malware Bytes.

Side note - my initial start of system slowing (not related to this incident) seemed to begin a few days before with my un-installation of the Xilisoft video converter. On uninstall, it opened a browser inviting me to download their other products.

Here's the BSOD.txt file contents - the 10/15 entry corresponds with my AVG install event. I see that the direct cause of several of most of blue screen of death incidents seems to by the Storagecraft program driver - this is a program that I use to make image back-ups of the system.

==================================================
Dump File : Mini101511-01.dmp
Crash Time : 10/15/2011 8:20:55 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78e673c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini101511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini073011-01.dmp
Crash Time : 7/30/2011 2:27:04 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78e273c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini073011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini072811-01.dmp
Crash Time : 7/28/2011 7:11:06 PM
Bug Check String : BAD_POOL_CALLER
Bug Check Code : 0x000000c2
Parameter 1 : 0x00000007
Parameter 2 : 0x00000cd4
Parameter 3 : 0x02030001
Parameter 4 : 0x88178820
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+22c37
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Processor : 32-bit
Crash Address : ntoskrnl.exe+22c37
Stack Address 1 : ntoskrnl.exe+73583
Stack Address 2 : ntoskrnl.exe+7395f
Stack Address 3 : btkrnl.sys+2967b
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini072811-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini042911-01.dmp
Crash Time : 4/29/2011 5:24:37 AM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78da73c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini042911-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini040311-01.dmp
Crash Time : 4/3/2011 2:09:13 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78e257c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini040311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini032711-01.dmp
Crash Time : 3/27/2011 5:56:50 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78e257c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini032711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini032611-01.dmp
Crash Time : 3/26/2011 7:31:39 PM
Bug Check String : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000008e
Parameter 1 : 0xc0000005
Parameter 2 : 0x804eeea8
Parameter 3 : 0xf78ea57c
Parameter 4 : 0x00000000
Caused By Driver : stcvsm.sys
Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver
Product Name : StorageCraft Volume Snapshot
Company : StorageCraft Technology Corporation
File Version : 2.2.56.6273 NonPnP (32bit x86)
Processor : 32-bit
Crash Address : ntoskrnl.exe+17ea8
Stack Address 1 : stcvsm.sys+10fe2
Stack Address 2 : stcvsm.sys+1125b
Stack Address 3 : stcvsm.sys+3fa2
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini032611-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

==================================================
Dump File : Mini032511-01.dmp
Crash Time : 3/25/2011 9:24:59 PM
Bug Check String : SYSTEM_SCAN_AT_RAISED_IRQL_CAUGHT_IMPROPER_DRIVER_UNLOAD
Bug Check Code : 0x100000d4
Parameter 1 : 0xa4f19234
Parameter 2 : 0x0000001c
Parameter 3 : 0x00000000
Parameter 4 : 0x8050169b
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+2a69b
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Processor : 32-bit
Crash Address : ntoskrnl.exe+2a69b
Stack Address 1 : ntoskrnl.exe+2a78f
Stack Address 2 : ntoskrnl.exe+23d0b
Stack Address 3 : ntoskrnl.exe+e7fcc
Computer Name :
Full Path : C:\WINDOWS\Minidump\Mini032511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 2600
Dump File Size : 90,112
==================================================

Edited by SoCalBob55, 08 November 2011 - 01:05 PM.


#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,383 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 PM

Posted 08 November 2011 - 02:08 PM

<<Caused By Address : stcvsm.sys+10a68
File Description : StorageCraft Volume Snapshot Driver>>

That program clearly needs to be uninstalled.

I would try running the system without it for a few hours/days...then reinstall it.

FWIW: Any program which takes "snapshots" of the system...is doing so continuously. Which means that it's always using system resources, which is totally unlike any routine program. The only programs whichs should be running all the time...are probably your AV and some antispyware programs.


<<The other spyware/anti-virus programs I have installed are Spyware Doctor, Spyware Blaster, Webroot Spy Sweeper, Adaware 2007 and Malware Bytes.>>

Personally...I would uninstall all of those except Malwarebytes, which doesn't run constantly. AdAware is ineffective and I believe SUPERAntiSpyware is at least as good as your other combination of programs.

Why don't I see an AV program? I suggest using MS Security Essentials or Avast or Avira Free...each involves no cost, is effective and held in fairly high esteem as free AV programs. As for AVG...I believe that it currently has a history of problems, dating back a couple of years...but you can check that out via Google and the AVG forum.

Louis

#5 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 08 November 2011 - 02:51 PM

These are great ideas, but do you have a sense for what may be causing my current problem - since none of these programs was installed recently.

I'd really like to focus on that first.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,383 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 PM

Posted 08 November 2011 - 03:15 PM

OK...simple answer is...when files become damaged (and this can happen on any day, to any program or to Windows files), they do not work in the manner for which they are designed.

Windows has a set of routines which are designed to produce an error message...when it determines that something...is not working as it should.

The result is BSODs/STOP errors...and a usually generic error message indicating what Windows believes is the problem...or where the problem became apparent to Windows.

Looking at your STOP data, it's clear what Windows thinks are problem programs and/or functions.

When such point to a given program...my experience is that program should be uninstalled/reinstalled, at the very least. Same pretty much goes for hardware problems...Windows points the finger at a given driver, driver needs to be uninstalled, then reinstalled. Because the current driver is damaged and cannot do the job it was designed to do.

Mind you, I cannot scientifically prove any of this...especially on a computer system I don't even have available to test at all...but it's what happens every day, somewhere, to someone.

BSODs/STOP errors which pinpoint Windows system files...are a bit trickier to handle. Sometimes they really are the problem (since they can get damaged also) but often they are merely the scene of the crime...the fork in the road where Windows noticed that all was not well. These errors involve more guesswork...than BSODS/STOP errors that point to a given program or hardware device.

Finally, there is also the fact that malware causes a whole set of errors within Windows...which may intentionally point in the wrong direction (because Windows cannot say "malware"). No point in belaboring this aspect, since you've been given a good bill of health.

That's the best answer I can give you...in response to your query. Troubleshooting computers is not like arithmetic...1 plus 1 doesn't always make 2. Lots of sheer guesswork, based upon the data revealed by the poster and the experience/intelligence of those members who are trying to help.

Louis

#7 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:56 PM

Posted 08 November 2011 - 07:44 PM

First of all avg like to stick around even after uninstalling it run the avg removal tool found here.
http://www.avg.com/us-en/utilities

After completing the above task then please do the following.
Download CCLEANER the link below:




http://www.piriform.com/ccleaner/download

Just DONT us the registry cleaner function of CCleaner unless you know what you are deleting exactly!!

Then open ccleaner hit the tools button then startup second one down below uninstall then in the bottom right hand corner of ccleaner hit save to text file.Save it to your desktop and post the startup.txt here in your next reply.Also hit start run then type msconfig then hit the services tab then put a check mark in hide microsoft services what is listed there,after hiding microsoft services?

Edited by InadequateInfirmity, 08 November 2011 - 07:45 PM.


#8 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 09 November 2011 - 12:17 PM

I removed most of the programs that Hamluis recommended, and disabled the process that caused several of the past BSODs and rebooted. No improvement in performance.

I had already used the AVG remover (see previous thread on the Malware side for what we've done so far: http://www.bleepingcomputer.com/forums/topic423834.html)

I tried to install ccleaner, and it stops about 60% into the installation. Also tried to download three earlier versions (back to 2.36 from the current 3.12) and it did the same thing.

I should add that whenever I reboot, I have to manually stop DCCMan and Power Meter, which don't show up in the Task Manager. The earlier BC guy on the malware side thought that might be related to a game, and he had me run ComboFix script to specifically remove that particular game. Still running, though.

He also thought that Power Meter may be related to power (battery) management on my laptop - and that it was loaded in the hardware - but I can't find reference to that particular driver on HP's site.

Edited by SoCalBob55, 09 November 2011 - 12:28 PM.


#9 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:04:56 PM

Posted 09 November 2011 - 06:49 PM

Honestly, if this was my computer and I was having the kind of post malware problems you are having, I would do a clean install. These problems aren't going away and the chances are good you will have to do a clean install anyway. Generally laptops have recovery partitions. Save whatever files you need and stop hitting your head against the wall. In the long run, a clean install will save you a lot of time and aggravation.

#10 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 09 November 2011 - 07:24 PM

Sounds like good advice. These were all feeling like half-measures and cosmetic adjustments because there's really no way to identify and solve the fundamental performance problem. Still, this is a five year-old laptop that still has a lot of life left.

I have a disk-imaging / back-up program from StorageCraft that I've been using to image the OS and the file structure - I can easily go back to a time in March when everything was running fine, and restore a couple of new programs since then, along with any new files created.

Thanks.

Edited by SoCalBob55, 09 November 2011 - 09:03 PM.


#11 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 11 November 2011 - 10:02 AM

One last idea - have either of you heard of DCCMan and Power Meter? Whenever I restart, I have to shut these two processes down, and neither of them show on Task Manager or Microsoft's Process Explorer.

Once theory was that DCCMan was related to a game installation from Wild Tangent (I don't install games, so I'm not sure what that was about), and that Power Meter may be related to the power management hardware in my HP. Unfortunately, we weren't able to remove DCCMan and Power Meter isn't listed anywhere on the HP site as a process.

Any thoughts about these two processes before I spend the next week refurbing my computer?

Thanks.

#12 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 12 November 2011 - 11:42 AM

Bump...

#13 hamluis

hamluis

    Moderator


  • Moderator
  • 55,383 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:56 PM

Posted 12 November 2011 - 12:30 PM

http://www.google.com/search?q=DCCMan&sourceid=ie7&rls=com.microsoft:en-us:IE-ContextMenu&ie=&oe=&rlz=1I7ADFA_en

http://www.google.com/search?q=Power+Meter&sourceid=ie7&rls=com.microsoft:en-us:IE-ContextMenu&ie=&oe=&rlz=1I7ADFA_en

Louis

#14 SoCalBob55

SoCalBob55
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:02:56 PM

Posted 12 November 2011 - 12:38 PM

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users