TechSpot

Auto-hibernation preventing virus/malware scans

Inactive
By Elizie
Oct 29, 2010
  1. First: I have read and already been attempting to perform the 6 steps under the 8 step method, but have been unsuccessful, and thus no reports.

    A friend asked if I could look at a laptop for her sister. The symptoms she was having was url redirects, random audio starting up, popups and "windows security alerts." All the typical spyware stuff you find out there. She also said that it was getting a black screen with blue line at bottom and was hibernating. Those 2 i did not understand until I began my scans.

    I ran Spybot S&D (usually always first choice for me) and it cleaned up a fair bit, as well as used it to disable the startup settings not found in msconfig. It said the Security Center was disabled. I went into Services and set it from disabled to Automatic, then started it. About a minute later it set itself back to disabled, and turned back off. There are are other services disabled that are doing the same thing, such as Windows Defender and Audio Service. I manually went in and deleted all temp files on all accounts on system, and have sense been running it in safe mode from a brand new account I made today. After about 3 hours of me working on this laptop it dropped into hibernate, and since then I have been having issues.

    About every 30-45 minutes the system drops into hibernate, and when brought back out whatever current scan that was running has crashed or frozen. I have changed power settings to never hibernate, but it has not fixed it. Sometimes it will drop into hibernate while I am actively using the system (ie. first time I was in middle of typing this post, while I was not idle, so now doing it from my laptop). It is currently about 30 minutes into Malwarebyte's scan, and coming up on the hibernate time. Some times that I attempted to run a scan I get a black screen with a solid blue line approximately 1" high across bottom of the screen, and have to power cycle the system to get it running again.

    Spec of system:
    Currently all I know is it is an HP Pavilion running Vista SP1 (yes, I know I need to fix that, but after everything else) Currently the start menu is not working and any time i try and access My Computer Properties/Manage it does not load, so not able to check system specs beyond that.

    I will try and get more information after next crash, if I can. I am more hoping scan finishes or that someone may know how to get this auto-hibernate to go away so i can run the rest of these tests. Thanks for any help/advice.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,029   +255

    Welcome aboard [​IMG]

    Try to posts as many logs as you can and we'll go from there.
     
  3. Elizie

    Elizie TS Rookie Topic Starter

    *light bulb*

    Since I am currently unable to get into the system setting in any fashion in order to see the specs of computer, I went and threw the P/N in on website to see what was ordered. The list is as follows:

    Processor: 2.0 GHz AMD Turion X2 RM-70 Dual-Core Mobile Processor
    RAM: 3GB
    Graphics: ATI Radeon HD 3200 Graphics RS780M
    HD: 250GM 5400 RPM
    DVD-ROM: LightScribe Super Multi 8X DVD±R/RW with Double Layer Support
    (Services associated with this are in the list of ones that will not stay enabled
    when I try and do so)
    Modem: High speed 56K modem
    (Same as above with services, only reason listed)
    Sound: Altec Lansing speakers
    (Same as above)
    OS: Genuine Windows Vista Home Premium with Service Pack 1
    Extra Software:
    HP Help & Support Center
    HP PC Recovery (SoftThinks Restore Solution)
    HP Wireless Home Network Setup
    HP Total Care Adviso
    (The services associated with all of these also in disabled list)
    Other stuff included in that list are:
    NetTcpPortSharing (Can turn on, but is set disabled)
    Agere Modem Call Progress Audio
    Andrea ST Filter Service
    Ati External Event Utility
    Com4QLBEx
    Cyberlink RichVideo Service(CRVS)
    QuickPlay Background Capture Service (QBCS)
    QuickPlay Task Scheduler (QTS)
    Routing and Remote Access (Can turn on, but is set disabled)

    The computer has not hibernated on me since my first post (to my surprise) and unfortunately so long as it is being the way it is I am unable to check much more in way of settings. The laptop is running much slower than it should.

    Under Sytem32 there were a few files modified since the laptop last worked fine. All were normal except for "azrolesc.dll" which I renamed and added a .tmp to end of it. I know that "azroles.dll" is something Microsoft, to do with validation, and that file also exists on system. After having renamed, on next startup I got a windows validation error whenever I logged in, so I copied the "azroles.dll" file and added a 'c' in, to match name of the 1 I first renamed. After reboot it asked me to reenter reg key which it accepted. The file "azrolesc.dll" does not exist anywhere that I can find on my laptop (not the 1 with issues). I will try and get reports for stuff over to here, however the infected computer is having issues getting out to internet, and transferring files risks contaminating whatever media I use.

    Lets see, when I open up Services, under Extended tab, I get:
    "One or more ActiveX controls could not be displayed because either:
    1) Your current security settings prohibit running ActiveX controls on this page, or
    2) You have blocked a publisher of one of the controls.
    ..."

    I also went in and checked all the Run/RunOnce items under HKLM and found nothing, prior to last reboot (before the hibernating started)

    Hope this helps, as I get more info I can post it.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,029   +255

     
  5. Elizie

    Elizie TS Rookie Topic Starter

    Scans continued to fail part way through and on most recent restart the laptop is not making it through POST. This shifts the primary problem from software to hardware, and chances are it is time to replace. Thanks for the offer to help though.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,029   +255

    You're welcome :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.