PDA

View Full Version : Computer lockup



MPG
01-08-2008, 03:54 PM
Hi Folks

I have our daughter's computer at home to 'fix'. It will boot OK but I did note that during boot up, on the page about the bios, there was a message saying "checksum error - defaults loaded". Not sure of the significance or indeed whether it is related to the present problem. When it gets to the desktop it locks up. The mouse pointer still moves round but I can't do anything with it. The only way I have found to shut the machine down is to turn the power supply off. I don't know the circumstances surrounding the problem arising - it was some time ago.

I have been able to boot into safe mode and at present I am downloading all my daughter's working files.

Any suggestions about how I should approach tracking down and fixing the problem? :help:

For some details:

The box says the motherboard is a Winfast NF4UK8AA
Belarc, however, reports it as an NF-CK804
AMD Athlon 64 1.8Ghz
Radeon X300/X550 Series
XP Home SP2

All suggestions gratefully received.
:thanks
Michael

jwil1
01-08-2008, 03:58 PM
Does the Windows key on the keyboard work?? (if so the Start menu should pop up)

Does the mouse work in Safe Mode?

Have you done a scan for spyware/viruses etc? (download a free copy of Avast (http://www.avast.com))

Speedy Gonzales
01-08-2008, 04:08 PM
Its probably this a foxconn mobo (http://www.foxconnchannel.com/product/Motherboards/detail_overview.aspx?ID=en-us0000013)

I would reconfigure the BIOS. Since its set back to the default settings, something may have to be enabled / disabled for whatever to work properly

Looks like google thinks the NF4UK8AA is a foxconn but google says the NF-CK804 is a Winfast NF-CK804?

I would open the case and see if the mobo looks like the above site

feersumendjinn
01-08-2008, 04:17 PM
Try replacing the motherboard/cmos battery (this normally causes that error if it has gone flat, and the clock/date will be wrong).

MPG
01-08-2008, 04:38 PM
Thanks jwil1

Finished downloading the personal files. Yes, the keyboard and mouse both work in safe mode. No, I haven't yet looked for viruses. I have just checked and can't see any antivirus programme installed. I know that originally it had PC-cillin installed (IS 2004). I seem to remember that it caused problems. There is also a copy of ZoneAlarm SS floating round in the box. I know the machine went into a computer store in PN (we are in Hamilton) and some attempts were made to remove at least 1 of the antivirus programmes.

My guess is that the 1st task is to scan the machine for viruses. When I get it going again I think I will install Comodo Firewall and Avast.

I need to go out shortly so I prbably won't get back to this little project until tomorrow.

Thanks again

MPG
01-08-2008, 04:44 PM
Thanks Speedy

Curious about the MB reporting. Digging in the box I found the Manual and it is definitely the NF4UK8AA. Not quite sure why Belarc is reporting it as something different. The light has just gone on - isn't Foxcon and Winfast the same outfit?

Thanks any way.
Michael

MPG
01-08-2008, 04:53 PM
Hi feersumendjinn

You might well be right. I did note that the clock seemed to be screwed up. I guess that replacing the MB/comos battery is something that should be done.

Can't see anything in the manual about the battery - no specs. I guess I will need to get into the case to check it. Any thing I should be aware of in changing the battery?

Thanks again.
Michael

Speedy Gonzales
01-08-2008, 05:04 PM
The battery is round and is usually a CR2032 3v. About 2.50 - maybe 3.50

Or less

Make sure the power is off before you remove it.

Then make sure you reconfigure the BIOS, after you replace it

Winfast products / hardware are from Leadtek. (Well they make Winfast soundcards, I've got one here, and the drivers are on the Leadtek site)

And I've also got a Winfast Expert and Deluxe tuner, both of their drivers are also on the Leadtek site.

MPG
04-08-2008, 10:05 AM
Hi Guys

Changed the battery as suggested. Got a bunch more error messages but after another reboot they all seem to have disppeared.

Haven't as yet done anything about reconfiguring the BIOS. Not quite sure what I should be doing. Suggestions welcome!

Downloaded a bunch of utilities and installed. Have scanned with Avast and Malwarebytes - didn't find any nasties.

Current status:

In safe mode everthing I have tried seems to be working.
When I boot normally, everthing is OK until I get to the desktop and the hdd has stopped working. At that point I have noted the following:

1. Mouse pointer moves round screen but nothing works.
2. Keyboard does nothing - including MS key.
3 ctrl+alt+del doesn't work.
4. The on/off button doesn't work. Either have to turn the power off at the wall or use the reset button.

Where to from here? All suggestions welcome.

Thanks guys.
Michael

wratterus
04-08-2008, 10:09 AM
So it's all sweet in safe mode..?

In safe mode, open msconfig (Type msconfig into the run box).

Go to the startup tab, and disable everything. Reboot and let the PC boot up into windows normally.

See if it still freezes. if it doesn't, go into msconfig and tick one thing, then reboot, see if it freezes. Keep doing that and eventually you'll find which process is causing the freezing.

Also posting a hijackthis log wouldn't be silly, we can make sure there's nothing obvious causing your issues. :badpc:

MPG
04-08-2008, 12:31 PM
Hi wratterus and others

Yes, it seems to be OK in safe mode. Have disabled everything in the "startup" tab as you suggested. Allowed the machine to boot normally. Same problems as outlined in my previous message. I haven't checked extensively but I don't think anything has changed.

Here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:57 p.m., on 3/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\NVIDIA\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\RunOnce: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfpconfg.exe" -z -o
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4973 bytes

Speedy Gonzales
04-08-2008, 01:13 PM
Uninstall / disable / remove Nvidia firewall. Its crap.

This can also corrupt downloads, and cause all sorts of probs

You shouldnt run 2 firewalls at the same time. They'll conflict

Thats probably why its locking up

Tick these then tick fix checked

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

Speedy Gonzales
04-08-2008, 01:34 PM
Right mouse / properties, on this file as well

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll

Whats it say under version up the top?? Does it show the name of a company??

It looks like there's a trojan, that uses this filename. It just doesnt tell you WHAT the name of the trojan is

Right mouse on it and scan it with trojan remover as well. Since you've got trojan remover select all options under the utilities menu

Check add/remove programs, does surfsafe toolbar appear here?? If it does uninstall it

MPG
04-08-2008, 03:44 PM
Hi Speedy

I am now thoroughly confused. Have done another scan and it gives a totally different log file (see below). I haven't made any changes to the system. All I have done is rebooted it a couple of times to get it back into safe mode.

I should perhaps explain that I downloaded Comodo after seeing your recommendation and link. I was unaware that there was another firewall already present on this machine (by the way, this machine is not connected to the internet at present. I am reluctant to do so until I have the problem sussed.) The problems with this machine existed well before Comodo was downloaded. In saying that, I think I recall some time ago my daughter saying she was having trouble with some security software issue. Can't now remember quite what it was. I seem to recall there was a problem with PcCillin and that may have been replaced with ZA. I am fairly sure that it went to a PC repair shop to have that fixed (as well as replacing a faulty DVD drive). It worked for some time after that without problems until the present issue reared its head.

I'll answer your queries first:

1. Checked cssdll32.dll. Comes back as version 5.1.2600.2180 (xpsp_sp2_rtm040803-2158). Company name is MicroSoft.

2. Ran trojan remover on this file and it said there wasn't a problem. I didn't select all options under utilities. Had a look and was a little nervous about the consequences of the changes. Can you put my mind at rest?

3. Checked under add/remove and can't find surfsafe toolbar.

Now a couple for you :o There is a bunch of NVIDIA stuff on the hdd. I presume that the firewall is "NVIDIA ForceWare Network Access Manager"? Shall I remove this and leave the rest alone?

What is NvMixer?

Now to return to the HJT file. Hopefully you can tell me why I get completely different answers this time round. You will see that this time round there is only 1 entry under 04-HKLM instead of the bunch that were there last time. I am sorry I don't remember whether I did the previous HJT log before or after disabling everthing under the "startup" tab in msconfig. Perhaps that explains the differences :confused:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:28:48 a.m., on 4/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll C:\WINDOWS\system32\cssdll32.dll
O23 - Service: app_filter - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4077 bytes

Speedy Gonzales
04-08-2008, 03:53 PM
GET rid of Nvidia firewall

As I said, they'll conflict if it and Comodo are running.

Do you use askbar?? if you dont uninstall it

apsattv
04-08-2008, 09:42 PM
and upgrade to IE7

MPG
05-08-2008, 11:05 AM
Hi Speedy and others

I think I have successfully got rid of "askbar". Haven't found a polite way to remove the NVIDIA Firewall though. Tried politely through "Add/Remove". It seems that it can't be done when in safe mode. Looked in the appropriate folder and there doesn't seem to be an uninstall option :angry

So, a little progress but still no satisfactory answers as to why the machine locks up when booted normally.

:help:

Thanks for any assistance.
Michael