Computer Keep Freezing every now and then. Solved/Closed

Question

Hello, 

HI all 

Am having an issue of my computer which is sending a bleu screen of death  when i open many programs , and sometimes its very slow and freezes , i have Kaspersky internet Security the latest version 2016, i scanned a full computer and could see any virus . is it possible virus or spyware are hidden and affecting this ? your assistance will be highly appreciated .

am on I5 with 4Gib Ram

thanks and best regards.

Configuration: Windows / Chrome 50.0.2661.94

Ambucias · Answer

Download the following on your desktop: 

http://www.nirsoft.net/utils/bluescreenview.zip 

Unzip the file 

Double click on BlueScreenView.exe 

At the end of the scan, click on edit and then on select all 

Go on file and click on save selected items 

Save the log as bsod.txt 

Open bsod.txt, copy and paste here

ft85 · Answer

HI Ambucias 

Thanks very much for your quick assistance. check below the the saved bsod.txt
----------------------------------------

==================================================
Dump File         : 050916-67093-01.dmp
Crash Time        : 09/05/2016 08:58:22
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1       : fffff6e0`0004b200
Parameter 2       : ffffffff`c000009c
Parameter 3       : 00000000`0c2f8820
Parameter 4       : ffffc000`09640008
Caused By Driver  : msrpc.sys
Caused By Address : msrpc.sys+0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14dca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\050916-67093-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 310 904
Dump File Time    : 09/05/2016 09:01:16
==================================================

==================================================
Dump File         : 050616-24343-01.dmp
Crash Time        : 06/05/2016 09:18:36
Bug Check String  : KERNEL_DATA_INPAGE_ERROR
Bug Check Code    : 0x0000007a
Parameter 1       : fffff6e8`00126128
Parameter 2       : ffffffff`c000009c
Parameter 3       : 00000001`ab531be0
Parameter 4       : ffffd000`24c25000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+14dca0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14dca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\050616-24343-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 311 016
Dump File Time    : 06/05/2016 10:48:15
==================================================

==================================================
Dump File         : 040716-111296-01.dmp
Crash Time        : 06/04/2016 20:47:21
Bug Check String  : DRIVER_POWER_STATE_FAILURE
Bug Check Code    : 0x0000009f
Parameter 1       : 00000000`00000003
Parameter 2       : ffffe000`003a6440
Parameter 3       : fffff802`3c6ca840
Parameter 4       : ffffe000`06f08740
Caused By Driver  : hal.dll
Caused By Address : hal.dll+64ff
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14dca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\040716-111296-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 1 127 768
Dump File Time    : 07/04/2016 08:07:13
==================================================

==================================================
Dump File         : 112015-28890-01.dmp
Crash Time        : 20/11/2015 14:50:50
Bug Check String  : 
Bug Check Code    : 0x00000133
Parameter 1       : 00000000`00000001
Parameter 2       : 00000000`00001e00
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : hal.dll
Caused By Address : hal.dll+538b0
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+14dca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\Windows\Minidump\112015-28890-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 320 480
Dump File Time    : 20/11/2015 14:54:09
==================================================

Ambucias · Answer

Hello

Looks to me like a virus, more precisely an Exploit.  Exploits are programs that contain data or code that takes advantage of a vulnerability within application software that’s running on your computer. 

If you wish for me to look into it further...

To help you and prescribe the remedy, I must make a diagnostic and to do so, I require a report. 

1. Open this link and download ZHPDiag3 : 
https://nicolascoolman.eu
(Don't be alarmed is the site is in French, it sometimes happens, the tool will take your system language and allow the download if you get a warning message, ignore it.)  Click on the download button

2. Save the file on your Desktop. 

3. Double click on ZHPDiag.exe and follow the installation instructions. 

(For Vista, Win 7 and 8 users, click right to ensure you execute with admin right) 

4. Double click on the short cut ZHPDiag on your Destktop. 

5 Click on scan
Wait for the tool to finished (maybe a long time) 

6. Close ZHPDiag. 

7. To transmit the report, click on this link : 

https://authentification.site 

8. Search the directory where you installed ZHPDiag (usually C:\desktop\zhpdiag.txt).
9. Copy the url link obtained from Speedyshare and paste it here in your reply.
Ambucias
Moderator and Virus/Security Contributor

ft85 · Answer

Hi Sir 

this is the link below 

http://speedy.sh/eRdhY/ZHPDiag.txt

thanks and regards

Ambucias · Answer

Thanks

I will return to you soon.

Ambucias · Answer

Hi again

Your machine is indeed infected with 28 virused files mostly when you installed: HackTool.AutoKMS 

You probably contracted the viruses through download on peer 2 peer sites such as Bit Torrent, UTorrent and mostly Deluge.

Also, your hard disk will soon run out of space there is only 13gb left out 102gb

Here is how to disinfect your machine:

1. Uninstall this programme:

C:\Program Files\KMSnano  

2. Download, install, update and run Malwarebyte:

https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/

3. Download and run Adwcleaner:

https://ccm.net/downloads/security-and-maintenance/6911-adwcleaner/

4. Once you have completed the above step, please submit a new ZHP Diag log.  I will make a final verification and provide advice.

Good luck

ft85 · Answer

Hi i have run the malware byte and clean all the viruses  all seem to be fine now . but the adwacleaner didn't work for me coz it took long  . so i then had to run the zhp diag check the below link

http://speedy.sh/VfkHW/ZHPDiag.txt

thanks and best regards

Ambucias · Answer

I will get back to you in 15 minutes.

Ambucias · Answer

Bonjour François,

Again, I must warn you.  There is only 9Gb space left on your hard disk.  If you do not make space your computer may freeze and it may be extremely difficult to get it going again.

Back to the virus issue.

On your computer, for some unknown reason appeared "QuickTime"  QuickTime is an Apple application, not for your system which presents important security risks.

You have not completely removed:  C:\Program Files\KMSnano

If you agree here is what we will do.

Step one

1. Download  ZHPFix here

https://nicolascoolman.eu

2. Select and copy all of the following bold lines.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
System drive C: has 9 GB () free of 102 GB
G0 - GCSP: Preferences [User Data\Default][HomePage] https://mysearch.avg.com/
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] https://mysearch.avg.com/
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
O42 - Logiciel: QuickTime 7 - (.Apple Inc..) [HKLM][64Bits] -- {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
3 - CFD: 18/04/2016 - [] D -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
3 - CFD: 17/03/2016 - [] D -- C:\ProgramData\log
O87 - FAEL: "{63D654DD-4D01-4AD4-A0A1-D9FFC0F44133}" [In-None-P6-TRUE] .(...) -- C:\Program Files\KMSnano\qemu-system-i386.exe (.not file.)
O87 - FAEL: "{885C8550-0E37-4642-AEA4-67B9ECE8BD03}" [In-None-P17-TRUE] .(...) -- C:\Program Files\KMSnano\qemu-system-i386.exe (.not file.)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.delta-search.com  =>.Superfluous.DeltaSearch
G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.delta-search.com/  =>.Superfluous.DeltaSearch
O4 - HKCU\..\Run: [MightyText] C:\Program Files (x86)\MightyText\startup.bat C:\Program Files (x86)\MightyText (.not file.)
O4 - HKUS\S-1-5-21-2773922549-1972561056-505635106-1001\..\Run: [MightyText] C:\Program Files (x86)\MightyText\startup.bat C:\Program Files (x86)\MightyText (.not file.)
HKCU\SOFTWARE\Tencent  =>.Superfluous.Tencent
O43 - CFD: 14/09/2015 - [0] D -- C:\Users\Francois\AppData\Local\Programs\Common
O87 - FAEL: "TCP Query User{8DA093DD-FE0E-4861-8456-F5ADD10BECD1}C:\users\francois\desktop\us\u1502.exe" [In-None-P6-TRUE] .(...) -- C:\users\francois\desktop\us\u1502.exe (.not file.)
O87 - FAEL: "UDP Query User{DE1D24C2-D631-4107-A07F-ADFEC06FB59B}C:\users\francois\desktop\us\u1502.exe" [In-None-P17-TRUE] .(...) -- C:\users\francois\desktop\us\u1502.exe (.not file.)
O87 - FAEL: "{B9FA9BAA-8272-47CD-81D3-12841DF831CF}" [In-None-P6-TRUE] .(...) -- C:\Users\Francois\Downloads\FreeWiFiHotspot-CNET-69720786.exe (.not file.)
O87 - FAEL: "{00F613B4-980B-465E-BDF9-08B5AD203059}" [In-None-P17-TRUE] .(...) -- C:\Users\Francois\Downloads\FreeWiFiHotspot-CNET-69720786.exe (.not file.)
HKCU\SOFTWARE\Tencent 

3 Close all applications and open ZHP Fix

4. Click on the Import button and the lines will automatically paste themselves.

5. Click on the Go button to clean

6. Confirm by clicking OK

7. ZHP Fix will ask if you wish to empty the bin, click on your choice...it may take time

8. A report will appear on your desktop and on C:\ZHP\ZHPFix[R1].txt which you can copy and paste in your reply.

9. You may now uninstall Malwarebyte so it does not conflict with Kaspersky.

10. I strongly suggest you defragment your hard disk, it may take a long time but it is really worth it, especially in your case.

Bonne chance and let me know

ft85 · Answer

Hi again 

i have followed the instruction u are giving , but am having this message i dont know if am doing the right thing.

below is the picture.

Regards

Ambucias · Answer

Did ZHP Fix produce a log on your desktop ?

Please download and run ZHP Cleaner:

https://nicolascoolman.eu

ft85 · Answer

no  it didn't because it didn't even run the zHP fix because every time i click on go nothing happened.i just see the screen i copied in the earlier communication with u.

Ambucias · Answer

Hello François

Great!

I officially declare your computer virus free. 

However, remember what I told you about your hard disk space, there is very little left and you may run in more trouble.  See if you can store data on a portable hard disk or on the cloud.

Bonne chance

ft85 · Answer

Thanks a million Ambucias 

This is a great news . i will try my best to free up some space.

Computer Keep Freezing every now and then.

14 responses

Similar discussions

Subscribe To Our Newsletter!