Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes


  • This topic is locked This topic is locked
17 replies to this topic

#1 Blc90

Blc90

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 24 February 2016 - 12:04 AM

Computer freezes in games only so far I had the computer up for 8 hours yesterday browsing on and off through the day and played 1 hour of runescape just fine. on the 20th my computer froze in a youtube video and I did a windows update it found browsermodifer/win32/diplugem maleware and removed it. I have Norton Antivirus it found 17 problems in a safe mode minimal full scan 2 viruses where detected and I malwarebytes found 159 items as well.

 

 I just don't if this is causing my computer to freeze in games the computer becomes unresponsive the numlock key wont even light up the screen becomes jumbled green,blue, red, yellow , purple pixelated lines all over the screen and i have to hold the power down to turn off and restart a few minutes later.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 24 February 2016 - 08:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===


Please paste the logs.

Let me know what problems persists.

#3 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 24 February 2016 - 05:12 PM

Malwarebytes found items a few days ago i included that scan and todays scan found none. adware cleaner found some today. The computer seems fine on the chrome browser and light things yesterday when i played half life 2 it froze in about 5 minutes and i had to hard reset.

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 25 February 2016 - 08:30 AM

Make sure you clean everything that the AdwCleaner as reported.

===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKLM-x32 -> Backup.Old.DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> DefaultScope {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> Backup.Old.DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: No Name -> {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} -> No File
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [No File]
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll [No File]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [cgpnojibjokpoghebklhkdeijehkohhb] - C:\Users\Bud\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\Bud\AppData\Local\Temp\ccex.crx <not found>
S3 ALSysIO; \??\C:\Users\Bud\AppData\Local\Temp\ALSysIO64.sys [X]
S4 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [X]
S3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 vtany; \??\C:\Windows\vtany.sys [X]
CustomCLSID: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Bud\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Bud\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Bud\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Bud\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3909222696-1139464463-2676132071-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Bud\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
AlternateDataStreams: C:\ProgramData\Temp:BC359956

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.

====

Please let me know what problem persists with this computer.

#5 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 25 February 2016 - 11:28 PM

Well So far the computer hasn't crashed or anything seems a lot better than it was a few days ago but I have not tried playing any graphical intensive games as of yet. I ran farmark few times until got to 70 Celsius and shut it down i did not get any crashes or anything like that but i have been noticing a lot of information logs in event viewer ACEEVENTLOGS  

 

I saved the logs into a .txt format from event viewer.



#6 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 25 February 2016 - 11:29 PM

Opps! forgot to attach file.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 26 February 2016 - 08:42 AM

From what I see in your log I would update the ATI drivers.

Go to this page.
http://www.howtogeek.com/howto/8679/what-is-ccc.exe-and-why-is-it-running/

Do only the instructions under this section.
Install ATI Drivers Manually

Restart the computer normally when done.

Run a game and see how things are.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 03 March 2016 - 09:21 AM

Are you still with me?

#9 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 03 March 2016 - 09:07 PM

Yeah I didn't have much time to game I played half life 2 a bit yesterday, and it didn't freeze. I'm not sure if it was enough time, but my chrome is fast, but when I switch tabs, or load new pages there is a weird tear, or the screen kinda has an odd stretch to it for a second, and the page looks normal after it loads up. I am not sure if these virus's and malware did damage and is causing it, or if my GPU, ram, PSU, or MOBO is on the way out all i know is my computer was fine the day before The OS update detected malware. I was playing guild wars 2 fine for hours ever since this happen I have been scared to put any load on the pc so i don't end up doing some kind of permanent damage.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 04 March 2016 - 08:31 AM

There could be some remnant items.

Run an online scan with Eset (easiest with Internet Explorer): http://www.eset.com/onlinescan/
To shorten the scanning time disable your antivirus program while scanning.

Select Enable detection of potentially unwanted applications.
Click Advanced Settings.

Select:
Scan Archives
Scan for potentially unsafe applications
Enable Anti-Stealth Technology


Click Start.

When the scan is finished, click on List of found threats and then Export to text file. Copy the content of the text file and paste its content in your reply.

This may take awhile, run it when you know you will not need the computer for an hour or two.
<<<>>>

Keep me posted.

#11 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 04 March 2016 - 09:18 PM

Okay, I ran the scan for 4 hours and it found 3 items that it removed.

Attached Files



#12 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 04 March 2016 - 09:29 PM

Also updated my Norton to current definitions on live update, and did a quick scan it found 8 tracking cookies after the ESET Online scanner.


Edited by Blc90, 04 March 2016 - 09:29 PM.


#13 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 04 March 2016 - 10:10 PM

\??\C:\Users\Bud\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

 

 

The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

 

 

 

 

I am also getting this popping up countless times in the event viewer   Is there a way i can put my event viewer in a text file so you could have a look?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:23 PM

Posted 05 March 2016 - 09:01 AM

\??\C:\Users\Bud\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

The driver belongs to Eset. it's in a Temp folder. You can delete the file.

===

The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

This is also from Eset. Forget about it.

===

I am also getting this popping up countless times in the event viewer Is there a way i can put my event viewer in a text file so you could have a look?

Do you mean the The eapihdrv service failed to start due to the following error:

If so the please restart the computer normalll the run the Farbart tool and post a fresh FRST log for my review.

#15 Blc90

Blc90
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 PM

Posted 05 March 2016 - 04:23 PM

Okay booting up today the things in the event viewer are gone. Did you get the txt files I sent that the ESET Online Scanner scanned?

 

Also I am seeing lots of files on the computer of things that I have uninstalled what can I use to clean out all these files, or should I just delete them manually one by one?


Edited by Blc90, 05 March 2016 - 11:18 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users