Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Gmer scan not completing


  • Please log in to reply

#91
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron,

thanks for all your help so far!
I really need to give the computer back tomorrow morning so whatever you can help me with now would be appreciated!
It's 3.20am Irish time so chances are I will mess something up here!

I will proceed now with what you say.

Also another note, while cleaing up i uninstalled spybot(or something like that) and malwarebytes.
I think things started to slow after that,
  • 0

Advertisements


#92
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Since you are still awake:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#93
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 96.92 0 K 16 K
procexp.exe 2064 3.08 9,596 K 14,596 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
zHotkey.exe 2800 2,204 K 3,836 K Multimedia Keyboard Driver
winlogon.exe 712 6,476 K 932 K Windows NT Logon Application Microsoft Corporation
System 4 0 K 76 K
svchost.exe 1132 17,988 K 24,004 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 924 3,160 K 3,332 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1000 1,724 K 2,396 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1168 2,380 K 1,608 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1376 1,280 K 2,744 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1476 1,472 K 2,548 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 324 1,336 K 2,028 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 608 2,428 K 2,128 K Generic Host Process for Win32 Services Microsoft Corporation
SSScheduler.exe 3208 668 K 1,104 K McAfee Security Scanner Scheduler McAfee, Inc.
SPUVolumeWatcher.exe 3232 636 K 1,188 K Cyber-shot Viewer Volume Watcher Sony Corporation
spoolsv.exe 1640 3,748 K 3,452 K Spooler SubSystem App Microsoft Corporation
SOUNDMAN.EXE 2496 1,888 K 1,596 K Realtek Sound Manager Realtek Semiconductor Corp.
smss.exe 620 168 K 180 K Windows NT Session Manager Microsoft Corporation
slserv.exe 524 292 K 684 K Smart Link
shwiconEM.exe 2356 712 K 1,568 K Alcor Micro, Corp.
services.exe 756 1,752 K 2,404 K Services and Controller app Microsoft Corporation
PDVDServ.exe 2528 828 K 2,036 K PowerDVD RC Service Cyberlink Corp.
msseces.exe 2632 4,040 K 6,212 K Microsoft Security Essentials User Interface Microsoft Corporation
MsMpEng.exe 1092 160,700 K 48,096 K AntiMalware Service Executable Microsoft Corporation
lxbkbmon.exe 2768 472 K 1,536 K Lexmark X1100 Series Button Monitor Lexmark International, Inc.
lxbkbmgr.exe 2656 644 K 1,332 K Lexmark X1100 Series Button Manager Lexmark International, Inc.
lsass.exe 768 4,052 K 1,364 K LSA Shell (Export Version) Microsoft Corporation
LEXPPS.EXE 1680 1,000 K 1,800 K LEXPPS.EXE Lexmark International, Inc.
LEXBCES.EXE 1608 2,368 K 1,932 K LexBce Service Lexmark International, Inc.
jqs.exe 452 2,136 K 1,452 K Java™ Quick Starter Service Sun Microsystems, Inc.
iTunesHelper.exe 2668 1,056 K 2,532 K iTunesHelper Module Apple Computer, Inc.
iPodService.exe 2836 2,128 K 2,768 K iPodService Module Apple Computer, Inc.
Interrupts n/a 0 K 0 K Hardware Interrupts
GrooveMonitor.exe 2776 1,720 K 3,120 K GrooveMonitor Utility Microsoft Corporation
explorer.exe 200 15,652 K 22,616 K Windows Explorer Microsoft Corporation
DPCs n/a 0 K 0 K Deferred Procedure Calls
CTSVCCDA.EXE 396 424 K 676 K Creative Service for CDROM Access Creative Technology Ltd
ctfmon.exe 3064 908 K 2,476 K CTF Loader Microsoft Corporation
csrss.exe 688 1,620 K 2,752 K Client Server Runtime Process Microsoft Corporation
CALMAIN.exe 1528 808 K 1,704 K Canon Camera Access Library 8 Canon Inc.
alg.exe 1892 1,168 K 2,128 K Application Layer Gateway Service Microsoft Corporation
ALCWZRD.EXE 2976 3,860 K 3,972 K RealTek AlcWzrd Application RealTek Semicoductor Corp.
  • 0

#94
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2010 03:36:08

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/10/2010 16:47:27
Type: error Category: 0
Event: 2004 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.93.337.0;1.93.337.0 Engine version: 1.1.6301.0

Log: 'System' Date/Time: 29/10/2010 08:23:14
Type: error Category: 0
Event: 11 Source: atapi
The driver detected a controller error on \Device\Ide\IdePort2.

Log: 'System' Date/Time: 29/10/2010 08:23:14
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort2, did not respond within the timeout period.

Log: 'System' Date/Time: 29/10/2010 08:22:47
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort2, did not respond within the timeout period.

Log: 'System' Date/Time: 29/10/2010 08:22:44
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort2, did not respond within the timeout period.

Log: 'System' Date/Time: 29/10/2010 08:16:24
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort2, did not respond within the timeout period.

Log: 'System' Date/Time: 29/10/2010 08:16:08
Type: error Category: 0
Event: 9 Source: atapi
The device, \Device\Ide\IdePort2, did not respond within the timeout period.

Log: 'System' Date/Time: 29/10/2010 07:48:07
Type: error Category: 0
Event: 2004 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.93.337.0;1.93.337.0 Engine version: 1.1.6301.0

Log: 'System' Date/Time: 29/10/2010 00:19:36
Type: error Category: 0
Event: 7016 Source: Service Control Manager
The SmartLinkService service has reported an invalid current state 0.

Log: 'System' Date/Time: 28/10/2010 23:00:29
Type: error Category: 0
Event: 7016 Source: Service Control Manager
The SmartLinkService service has reported an invalid current state 0.

Log: 'System' Date/Time: 28/10/2010 22:17:21
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 ffb9900c.

Log: 'System' Date/Time: 28/10/2010 20:35:59
Type: error Category: 0
Event: 10010 Source: DCOM
The server {58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 28/10/2010 20:07:06
Type: error Category: 102
Event: 1003 Source: System Error
Error code 100000d1, parameter1 00000000, parameter2 0000001c, parameter3 00000001, parameter4 8265b5fc.

Log: 'System' Date/Time: 28/10/2010 20:06:44
Type: error Category: 102
Event: 1003 Source: System Error
Error code 0000004e, parameter1 00000007, parameter2 00008eec, parameter3 00000001, parameter4 00000000.

Log: 'System' Date/Time: 28/10/2010 19:07:16
Type: error Category: 0
Event: 2004 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support. Signature version: 1.93.490.0;1.93.490.0 Engine version: 1.1.6301.0

Log: 'System' Date/Time: 28/10/2010 12:54:35
Type: error Category: 8
Event: 20 Source: Windows Update Agent
Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB972696 (Definition 1.93.648.0).

Log: 'System' Date/Time: 28/10/2010 12:54:23
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.490.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80070643 Error description: Fatal error during installation.

Log: 'System' Date/Time: 28/10/2010 12:54:19
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.93.648.0 Previous Signature Version: 1.93.490.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiSpyware Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6301.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Log: 'System' Date/Time: 28/10/2010 12:54:19
Type: error Category: 0
Event: 2001 Source: Microsoft Antimalware
Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: 1.93.648.0 Previous Signature Version: 1.93.490.0 Update Source: User Update Stage: Install Source Path: Signature Type: AntiVirus Update Type: Delta User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.6301.0 Previous Engine Version: 1.1.6301.0 Error code: 0x8050800c Error description: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.

Log: 'System' Date/Time: 28/10/2010 12:50:20
Type: error Category: 0
Event: 7016 Source: Service Control Manager
The SmartLinkService service has reported an invalid current state 0.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 29/10/2010 19:25:21
Type: warning Category: 0
Event: 1007 Source: Dhcp
Your computer has automatically configured the IP address for the Network Card with network address 00111186CD49. The IP address being used is 169.254.215.168.

Log: 'System' Date/Time: 29/10/2010 19:25:16
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00111186CD49. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 29/10/2010 19:24:49
Type: warning Category: 0
Event: 1003 Source: Dhcp
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 00111186CD49. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 28/10/2010 02:50:37
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.

Log: 'System' Date/Time: 25/10/2010 10:58:07
Type: warning Category: 0
Event: 36 Source: W32Time
The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized.
  • 0

#95
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 30/10/2010 03:38:46

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 29/10/2010 16:03:36
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application firefox.exe, version 1.9.2.3951, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 29/10/2010 09:56:53
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application gmer.exe, version 1.0.15.15477, faulting module gmer.exe, version 1.0.15.15477, fault address 0x0000e34b.

Log: 'Application' Date/Time: 28/10/2010 23:11:57
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application gmer.exe, version 1.0.15.15315, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 28/10/2010 23:01:03
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application dumphive.cfxxe, version 0.0.0.0, faulting module dumphive.cfxxe, version 0.0.0.0, fault address 0x00008444.

Log: 'Application' Date/Time: 28/10/2010 22:51:16
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application pev.cfxxe, version 0.0.0.0, faulting module pev.cfxxe, version 0.0.0.0, fault address 0x00082899.

Log: 'Application' Date/Time: 28/10/2010 22:44:20
Type: error Category: 0
Event: 1000 Source: Application Error
Faulting application dumphive.cfxxe, version 0.0.0.0, faulting module dumphive.cfxxe, version 0.0.0.0, fault address 0x00008444.

Log: 'Application' Date/Time: 28/10/2010 12:54:24
Type: error Category: 0
Event: 5000 Source: MSSecurityEssentials
The event description cannot be found.

Log: 'Application' Date/Time: 28/10/2010 12:54:21
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 0x8050800c, P2 mpupdateengine, P3 am bdd, P4 10.3.1781.0, P5 mpsigstub.exe, P6 2.1.6805.0, P7 microsoft security essentials, P8 NIL, P9 NIL, P10 NIL.

Log: 'Application' Date/Time: 25/10/2010 19:31:05
Type: error Category: 0
Event: 5000 Source: MPSampleSubmission
EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde), P8 NIL, P9 NIL, P10 NIL.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 28/10/2010 20:36:04
Type: warning Category: 52
Event: 4356 Source: EventSystem
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{58FC39EB-9DBD-4EA7-B7B4-9404CC6ACFAB}. CoGetObject returned HRESULT 80080005.
  • 0

#96
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware

It's having problems.

Ron
  • 0

#97
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ron,

How do I go about doing that?

Edited by brodigan, 29 October 2010 - 08:59 PM.

  • 0

#98
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Isn't it listed as "Microsoft Antimalware" in the uninstall list in Control Panel, Add/Remove Programs?

The other alternative is to Start, Run, cmd, OK then type:

msiexec.exe /uninstall {E62A1F01-07B7-4541-A835-EE5B0BF064C2}

Ron
  • 0

#99
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Hi Ron

I uninstalled that. It was not in the add/remove programs list.
However now Microsoft security essentials has turned itself off.
When I try to start it it says 'the specified service does not exist as an installed service'
  • 0

#100
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Uninstall it too then reinstall or switch to Avast!

http://www.avast.com...avast-home.html
or Avira
http://www.free-av.com/
  • 0

Advertisements


#101
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ron,

one final thing before I leave you alone!

1. When I am doing the msconfig-startup, if I find the thing that is slowing the computer up can I just leave it unticked for good?
2. My event logs? Was that what VEW checked?

I would be quite happy to leave it at that then!

Regards
  • 0

#102
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
You can leave things off in msconfig but then you have to tell msconfig not to bother you about it or it will pop up at every boot. Might be better to uninstall the program or let WinPatrol keep it from running.

Vino's Event Viewer is showing you your event logs. You can also see them by right click on my computer then select Manage then Event Viewer.

Ron
  • 0

#103
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ron,

I have done the msconfig-startup.
But the problem arises before that.
It is slow to load when the black screen with windows Xp comes up and then when it comes to the username screen.
It was never this slow before if I remember it correctly.
  • 0

#104
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
There is a 2 second delay if combofix installed the Recovery Console. Is that what you are seeing?


Ron
  • 0

#105
brodigan

brodigan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 73 posts
Ron,

I really don't know!
Maybe it is just best to leave it as is.
Maybe too it is the combofix recovery console. It's only a couple of minutes extra and when I get to the desktop it seems to run as normal..
Everything looks normal, it is just taking longer.
I have read of a black screen that comes up that gives two options for startup, i think start windows normally or something else, but I d not have this black screen!
It's all very confusing!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP