Report

Computer Keep Freezing every now and then. [Solved/Closed]

Ask a question ft85 28Posts Thursday January 22, 2015Registration date December 1, 2016 Last seen - Last answered on Jun 23, 2016 11:07PM
Hello,

HI all

Am having an issue of my computer which is sending a bleu screen of death when i open many programs , and sometimes its very slow and freezes , i have Kaspersky internet Security the latest version 2016, i scanned a full computer and could see any virus . is it possible virus or spyware are hidden and affecting this ? your assistance will be highly appreciated .

am on I5 with 4Gib Ram

thanks and best regards.
See more 
Helpful
+0
moins plus
Download the following on your desktop:

http://www.nirsoft.net/utils/bluescreenview.zip

Unzip the file

Double click on BlueScreenView.exe

At the end of the scan, click on edit and then on select all

Go on file and click on save selected items

Save the log as bsod.txt

Open bsod.txt, copy and paste here
dingbatdoodle 4Posts Wednesday December 2, 2015Registration date June 23, 2016 Last seen - Jun 23, 2016 11:07PM
My computer was continually freezing on the internet but would otherwise be OK. I ran the uitility chkdsk three times and I no longer have a problem. To access chkdsk go to my computer and right click on the hard drive.Click on properties and then tools. Click on error check. This check does take quite a long time but my computer improved every time that I did it. If you are short of disk space this also could give you access to a disk defrag utility which could be helpful as well. There is also an option of doing a disk check whenever the computer starts. This is also a long process.

Cheers and good luck
Helpful
+0
moins plus
HI Ambucias

Thanks very much for your quick assistance. check below the the saved bsod.txt
----------------------------------------

==================================================
Dump File : 050916-67093-01.dmp
Crash Time : 09/05/2016 08:58:22
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6e0`0004b200
Parameter 2 : ffffffff`c000009c
Parameter 3 : 00000000`0c2f8820
Parameter 4 : ffffc000`09640008
Caused By Driver : msrpc.sys
Caused By Address : msrpc.sys+0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\050916-67093-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 310 904
Dump File Time : 09/05/2016 09:01:16
==================================================

==================================================
Dump File : 050616-24343-01.dmp
Crash Time : 06/05/2016 09:18:36
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : fffff6e8`00126128
Parameter 2 : ffffffff`c000009c
Parameter 3 : 00000001`ab531be0
Parameter 4 : ffffd000`24c25000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\050616-24343-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 311 016
Dump File Time : 06/05/2016 10:48:15
==================================================

==================================================
Dump File : 040716-111296-01.dmp
Crash Time : 06/04/2016 20:47:21
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 00000000`00000003
Parameter 2 : ffffe000`003a6440
Parameter 3 : fffff802`3c6ca840
Parameter 4 : ffffe000`06f08740
Caused By Driver : hal.dll
Caused By Address : hal.dll+64ff
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\040716-111296-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 1 127 768
Dump File Time : 07/04/2016 08:07:13
==================================================

==================================================
Dump File : 112015-28890-01.dmp
Crash Time : 20/11/2015 14:50:50
Bug Check String :
Bug Check Code : 0x00000133
Parameter 1 : 00000000`00000001
Parameter 2 : 00000000`00001e00
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : hal.dll
Caused By Address : hal.dll+538b0
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+14dca0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\112015-28890-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 9600
Dump File Size : 320 480
Dump File Time : 20/11/2015 14:54:09
==================================================
Helpful
+0
moins plus
Hello

Looks to me like a virus, more precisely an Exploit. Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer.

If you wish for me to look into it further...

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report.

1. Open this link and download ZHPDiag3 :
http://www.nicolascoolman.fr/download/zhpdiag/
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.) Click on the download button

2. Save the file on your Desktop.

3. Double click on ZHPDiag.exe and follow the installation instructions.

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right)

4. Double click on the short cut ZHPDiag on your Destktop.

5 Click on scan
Wait for the tool to finished (maybe a long time)

6. Close ZHPDiag.

7. To transmit the report, click on this link :

http://www.speedyshare.com/

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor
Helpful
+0
moins plus
Hi Sir

this is the link below

http://speedy.sh/eRdhY/ZHPDiag.txt

thanks and regards
Helpful
+0
moins plus
Thanks

I will return to you soon.
Helpful
+0
moins plus
Hi again

Your machine is indeed infected with 28 virused files mostly when you installed: HackTool.AutoKMS

You probably contracted the viruses through download on peer 2 peer sites such as Bit Torrent, UTorrent and mostly Deluge.

Also, your hard disk will soon run out of space there is only 13gb left out 102gb

Here is how to disinfect your machine:

1. Uninstall this programme:

C:\Program Files\KMSnano

2. Download, install, update and run Malwarebyte:

http://ccm.net/download/download-105-malwarebytes-anti-malware

3. Download and run Adwcleaner:

http://ccm.net/download/download-24088-adwcleaner

4. Once you have completed the above step, please submit a new ZHP Diag log. I will make a final verification and provide advice.

Good luck
Helpful
+0
moins plus
Hi i have run the malware byte and clean all the viruses all seem to be fine now . but the adwacleaner didn't work for me coz it took long . so i then had to run the zhp diag check the below link

http://speedy.sh/VfkHW/ZHPDiag.txt

thanks and best regards
Helpful
+0
moins plus
I will get back to you in 15 minutes.
Helpful
+0
moins plus
Bonjour François,

Again, I must warn you. There is only 9Gb space left on your hard disk. If you do not make space your computer may freeze and it may be extremely difficult to get it going again.

Back to the virus issue.

On your computer, for some unknown reason appeared "QuickTime" QuickTime is an Apple application, not for your system which presents important security risks.

You have not completely removed: C:\Program Files\KMSnano

If you agree here is what we will do.

Step one

1. Download ZHPFix here

http://www.nicolascoolman.fr/download/zhpfix/

2. Select and copy all of the following bold lines.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
System drive C: has 9 GB () free of 102 GB
G0 - GCSP: Preferences [User Data\Default][HomePage] http://mysearch.avg.com
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://mysearch.avg.com/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
3 - CFD: 18/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
3 - CFD: 17/03/2016 - [] D -- C:\ProgramData\log
O87 - FAEL: "{63D654DD-4D01-4AD4-A0A1-D9FFC0F44133}" [In-None-P6-TRUE] .(...) -- C:\Program Files\KMSnano\qemu-system-i386.exe (.not file.)
O87 - FAEL: "{885C8550-0E37-4642-AEA4-67B9ECE8BD03}" [In-None-P17-TRUE] .(...) -- C:\Program Files\KMSnano\qemu-system-i386.exe (.not file.)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}

G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.delta-search.com =>.Superfluous.DeltaSearch
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.delta-search.com/ =>.Superfluous.DeltaSearch
O4 - HKCU\..\Run: [MightyText] C:\Program Files (x86)\MightyText\startup.bat C:\Program Files (x86)\MightyText (.not file.)
O4 - HKUS\S-1-5-21-2773922549-1972561056-505635106-1001\..\Run: [MightyText] C:\Program Files (x86)\MightyText\startup.bat C:\Program Files (x86)\MightyText (.not file.)
HKCU\SOFTWARE\Tencent =>.Superfluous.Tencent
O43 - CFD: 14/09/2015 - [0] D -- C:\Users\Francois\AppData\Local\Programs\Common
O87 - FAEL: "TCP Query User{8DA093DD-FE0E-4861-8456-F5ADD10BECD1}C:\users\francois\desktop\us\u1502.exe" [In-None-P6-TRUE] .(...) -- C:\users\francois\desktop\us\u1502.exe (.not file.)
O87 - FAEL: "UDP Query User{DE1D24C2-D631-4107-A07F-ADFEC06FB59B}C:\users\francois\desktop\us\u1502.exe" [In-None-P17-TRUE] .(...) -- C:\users\francois\desktop\us\u1502.exe (.not file.)
O87 - FAEL: "{B9FA9BAA-8272-47CD-81D3-12841DF831CF}" [In-None-P6-TRUE] .(...) -- C:\Users\Francois\Downloads\FreeWiFiHotspot-CNET-69720786.exe (.not file.)
O87 - FAEL: "{00F613B4-980B-465E-BDF9-08B5AD203059}" [In-None-P17-TRUE] .(...) -- C:\Users\Francois\Downloads\FreeWiFiHotspot-CNET-69720786.exe (.not file.)
HKCU\SOFTWARE\Tencent


3 Close all applications and open ZHP Fix

4. Click on the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9. You may now uninstall Malwarebyte so it does not conflict with Kaspersky.

10. I strongly suggest you defragment your hard disk, it may take a long time but it is really worth it, especially in your case.

Bonne chance and let me know
Helpful
+0
moins plus
Hi again

i have followed the instruction u are giving , but am having this message i dont know if am doing the right thing.

below is the picture.

Regards
ft85 28Posts Thursday January 22, 2015Registration date December 1, 2016 Last seen - May 14, 2016 04:17PM
so when i click go nothing happen.
Helpful
+0
moins plus
Did ZHP Fix produce a log on your desktop ?

Please download and run ZHP Cleaner:

http://www.nicolascoolman.com/fr/download/zhpcleaner-2/
ft85 28Posts Thursday January 22, 2015Registration date December 1, 2016 Last seen - May 15, 2016 02:53PM
i managed to run the zhp cleaner and here is the result

http://speedy.sh/yqc8Z/ZHPCleaner.txt

thanks and best regards
Ambucias 35133Posts mardi 2 février 2010Registration date ModeratorStatus December 6, 2016 Last seen - May 15, 2016 04:20PM
Thank you,

ZHP Cleaner found malware, but after you used the scan, you had to use clean.

Please do so., scan again and then press on clean.
ft85 28Posts Thursday January 22, 2015Registration date December 1, 2016 Last seen - May 16, 2016 03:42AM
Hi Ambucias

thanks again for your assistance has i see it is progressing well . i have managed to clean with ZHP Cleaner and below is the report.

http://speedy.sh/g99HV/ZHPCleaner.txt

thanks and best regards
Helpful
+0
moins plus
no it didn't because it didn't even run the zHP fix because every time i click on go nothing happened.i just see the screen i copied in the earlier communication with u.
Helpful
+0
moins plus
Hello François

Great!

I officially declare your computer virus free.

However, remember what I told you about your hard disk space, there is very little left and you may run in more trouble. See if you can store data on a portable hard disk or on the cloud.

Bonne chance
Helpful
+0
moins plus
Thanks a million Ambucias

This is a great news . i will try my best to free up some space.
Ambucias 35133Posts mardi 2 février 2010Registration date ModeratorStatus December 6, 2016 Last seen - May 16, 2016 06:03AM
My pleasure !

Member requests are more likely to be responded to.

Members can monitor the statuses of their requests from their account pages.

A CCM membership gives you access to additional options.

Not a member yet?

Sign up now. It takes less than a minute and is completely free!