Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Freezes [Closed]


  • This topic is locked This topic is locked

#16
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,

Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
Please post the contents of RootRepeal.txt in your next reply.
  • 0

Advertisements


#17
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Hello Jimmy2012,

It's been a few days, so I thought I would update you on the status of the computer problem. It is still hanging up whenever I try to run a scan. I noticed something new, whenever I run a cd or dvd that I used before the problem it works fine. If run a new cd it will not open and eventually hangs. I decided to unistall Mcafee and install windows Live Onecare. I was able to uninstall Mcafee and download and install Onecare. I then ran a scan and just like everything else, it froze. I hope you have not given up on me....

Thanks,

encorepilot
  • 0

#18
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
firewall has blocked a program : Name SMManager Application by Smith Micro Software, Inc.
  • 0

#19
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Jimmy2012,

Live OneCare Firewall has blocked two more programs from accessing the internet. The first is ChangeTPMAuth Application, unkown publisher, location C:\Program Files\Wave Systems Corp\...\ChangeTPMAuth.exe, Company Wave Systems Corp., Version: 3.6.47.19 The second is Name: SecurityDeviceInfoSetRegistryString, unkown publisher, Location: C:\Program Files|D...|SecurityDeviceInfoSetRegistryString.exe, Company: Broadcom Corporation, Version: 1.2.4.41

Thanks,

encorepilot
  • 0

#20
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,

I hope you have not given up on me....

Nope :)

firewall has blocked a program : Name SMManager Application by Smith Micro Software, Inc.

It is safe.

The first is ChangeTPMAuth Application, unkown publisher, location C:\Program Files\Wave Systems Corp\...\ChangeTPMAuth.exe, Company Wave Systems Corp., Version: 3.6.47.19 The second is Name: SecurityDeviceInfoSetRegistryString, unkown publisher, Location: C:\Program Files|D...|SecurityDeviceInfoSetRegistryString.exe, Company: Broadcom Corporation, Version: 1.2.4.41

Both safe.



Please run a scan with RootRepeal and post the log from it in your next reply.
  • 0

#21
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Jimmy2012,

I cant run RootRepeal. When I click on the zipfile on my desktop, my computer freezes.

Thanks,

encorepilot
  • 0

#22
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,
Please try this.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#23
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Jimmy2012,

Looks like things are getting worse before better. Yesterday I checked my email and then clicked to minimize the screen. That action caused the computer to freeze (even the mouse this time) when I restarted the computer windows would not start. I had to restart in safe mode to get the computer on. I'm in safe mode with networking now. The good news is I was able to download and run GMER and the test is below...I hope it helps...

Thanks,

encorepilot

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-09 19:21:12
Windows 5.1.2600 Service Pack 3


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1656] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp msfwhlpr.sys (OneCare Firewall Helper Driver/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat B9377D20

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bf62ac7b3
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bf62ac7b3@001dfe23ac61 0x8D 0x39 0xD2 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bf62ac7b3
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bf62ac7b3@001dfe23ac61 0x8D 0x39 0xD2 0x4D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bf62ac7b3
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bf62ac7b3@001dfe23ac61 0x8D 0x39 0xD2 0x4D ...

---- EOF - GMER 1.0.15 ----
  • 0

#24
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,

When you try to start windows in normal mode, what does it do? Does it give you any errors?
  • 0

#25
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Jimmy2012,

Sorry, I was away for the weekend. Whenever I start up the computer the very first Windows page I see is an all black screen with Windows XP in large font. I guess its initialization page. Anyway, it never leaves this page. When I unplug the computer and plug and restart, I get a page that lets me choose start up in safe mode with networking. Thats the only way I can get on the computer. Another thing, whenever I am typeing sometimes it jumps to another location and I have to stop and put the cursor back to were I was. No error messages...I asked for help at the microsoft website. During our chat the tech remotley accessed my computer and nosed around. He said there is a problem with the drivers. He offered me an 800 number for further help.. Anyhow, the event viewer had a red x item: "The following boot-start or system-start driver(s) failed to load: Fips Intelppm"

Does this info help any?

thanks,

Encorepilot

Edited by Encorepilot, 12 April 2009 - 08:54 PM.

  • 0

Advertisements


#26
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,
Yes, that helps. It does not look to be malware issue, please start a new topic over in the XP forum and tell them the problems you are having and include that driver error from your last reply. Someone there should be able to help you fix this. :)




Once you are done over there, please come back to this topic and we will finish up here.
  • 0

#27
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Jimmy2012,

Thank you for your help. I just started a new topic in xp, I will keep you informed of our progress...

Thanks again,

encorepilot
  • 0

#28
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
No problem, I will go ahead and keep a eye on that topic as well. :)
  • 0

#29
Encorepilot

Encorepilot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
:) Dell tech had me restart the computer while holding down the Fn key. This performed a diognostic check. The test revealed that the hard drive was bad....The problem was not malware....Dell tech came to my house today and installed a new hard drive. Computer is now working great. Thanks for your help.....encorepilot
  • 0

#30
Jimmy2012

Jimmy2012

    Trusted Helper

  • Retired Staff
  • 6,238 posts
Hello Encorepilot,
Glad to see your problem is fixed. :)
Sorry to hear it was the hard drive going bad, I have had that before.


Are you having any other problems or have any questions?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP