General PC Issues (freezing)

[Doop]

Hey,
I'm sorry if this is in the wrong section but I decided to put it here because I need some quick advice before my computer gets really messed up. Starting about 3 days ago, my computer became extremely slow and couldn't handle more than one web browser without lagging for seemingly no reason. I don't have any viruses (I've run multiple deep scans with Bitdefender). I haven't installed anything in this time period. About 15 minutes ago I found out that my memory and CPU usage (saw them in task manager) were through the roof. It showed that I only had 2 GB memory when I have two 2 GB RAM sticks. I've had problems with RAM sticks dying before due to leaving my computer on but I now religiously turn off my computer at night. I switched my malfunctioning and my good RAM cards' positions on my motherboard and now I seem to have my 4 GB RAM again. My computer was actually running smoothly like it did a few days ago for about 10 minutes until my audio started bugging out and my screen froze for a solid minute once again. Right now, with only google chrome (and one tab [this one]) open, my CPU usage is at 52% and my memory usage is at 2.18 GB out of 4 GB. I'm no expert, but that seems like a ludicrous amount to be using when my computer should basically be at rest. Sorry for the block of text, but does anyone have any idea what might be happening to my computer? It freezes and is literally like a slideshow (like <1 fps in my games which normally run at 60 fps on ultra settings) constantly.

Edit: Running minecraft and google chrome at the same time got me an insta-freeze and I'm currently at 100% CPU usage on task manager, and 3/4 GB memory usage. What the hell?...

Thanks for any help,

Doop

 

[wolfeking]

first step: run a malewarebytes scan with the newest definations (update till it wont update anymore).
-Reason: no virus protection is perfect. If you have something that bitdefender doesn't detect, then you can run all the scans that you want to and still be infected.

Generally when CPU and RAM uses skyrocket there is some form of Malware or virus at work. If not that, then we can work towards a possible Windows issue.

 

[Doop]

first step: run a malewarebytes scan with the newest definations (update till it wont update anymore).
-Reason: no virus protection is perfect. If you have something that bitdefender doesn't detect, then you can run all the scans that you want to and still be infected.

Generally when CPU and RAM uses skyrocket there is some form of Malware or virus at work. If not that, then we can work towards a possible Windows issue.

Thanks for the reply. I disabled Bitdefender temporarily, got malwarebytes and updated to latest version. Currently running a full system scan on that.

 

[wolfeking]

ok, be sure to post the log of it so John (malware assassin) can tell if there is another test you need to run to kill it.

 

[Doop]

Here is the Malwarebytes log, looks like my PC is clean. My Bitdefender scans also came up with nothing.

__________________________________________

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.01.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421

Protection: Enabled

2/1/2012 1:42:36 AM
mbam-log-2012-02-01 (01-42-36).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 335171
Time elapsed: 37 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[wolfeking]

hmm....
ok, then we are down to two things. Either a really dug in virus, infection, malware program, or a hardware fault. I don't know of anything that comes to mind hardware wise that would cause your symptoms, so I am still leaning towards infection.

Just a bit of precaution on the hardware end.
1. Do you have a POST card?
2. Do you have a Multimeter?
3. Test the RAM with Memtest DOS version.
4. Update all drivers that have updates. This may not help, but it will do no harm.

 

[Doop]

hmm....
ok, then we are down to two things. Either a really dug in virus, infection, malware program, or a hardware fault. I don't know of anything that comes to mind hardware wise that would cause your symptoms, so I am still leaning towards infection.

Just a bit of precaution on the hardware end.
1. Do you have a POST card?
2. Do you have a Multimeter?
3. Test the RAM with Memtest DOS version.
4. Update all drivers that have updates. This may not help, but it will do no harm.

1. No
2. Nope
3. I'll do this tommorow, I'm tired
4. Same as above

I'm tired but thanks a ton for your help, wolfe. I'll get back on tommorow night and continue with this. Thanks again, cya.

 

[wolfeking]

1. Don't feel bad, neither do I.
2. Can be got at any walmart, or hardware store. They aren't expensive.

 

[johnb35]

Lets look at your running processes and startups.

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Vista and Windows 7 users must right click on the icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the hijackthis icon.


Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces

 

[Doop]

Hijackthis isnt working for me. I get the "your system denied access to Hosts file" thing, but my main problem is that it keeps saying this no matter what I do. I can't get it to make the log file in Program files > Trend micro > whatever... Can't find anything helpful on the internet.



Also I'd like to mention another weird thing that's been happening since my computer started having intermittent and debilitating lag spikes. A file (a World of Warcraft private server installation file) keeps reappearing on my desktop a day or two after I've deleted it and emptied my recycling bin. The file has come back from the dead multiple times. Is it possible that my installing this file (which I got in torrent form but didn't cause any reaction from my antivirus) is what is messing up my computer somehow?

Let me know how to get the log for hijackthis working if possible, sorry for my incompetence .

Thanks

 

[brightlord]

I think your hdd is dying.Beacuse this is happening to me.Pc lagging,frozen no reason I cant play any music or watch video I throw format but I cant pass this finaly I angry and open pc assess sata hdd and hdd make short curciut and never work.I know my english like a speak a baby.

 

[johnb35]

Hijackthis isnt working for me. I get the "your system denied access to Hosts file" thing, but my main problem is that it keeps saying this no matter what I do. I can't get it to make the log file in Program files > Trend micro > whatever... Can't find anything helpful on the internet.



Also I'd like to mention another weird thing that's been happening since my computer started having intermittent and debilitating lag spikes. A file (a World of Warcraft private server installation file) keeps reappearing on my desktop a day or two after I've deleted it and emptied my recycling bin. The file has come back from the dead multiple times. Is it possible that my installing this file (which I got in torrent form but didn't cause any reaction from my antivirus) is what is messing up my computer somehow?

Let me know how to get the log for hijackthis working if possible, sorry for my incompetence .

Thanks

Thats because you aren't doing this when running hijackthis.

Vista and Windows 7 users must right click on the icon and click on run as. If the run as option doesn't appear then press and hold the shift key while right clicking on the hijackthis icon.

 

[Doop]

I apparently failed to shift + right click properly before, but I managed to pull it off this time, sorry XD. Anyway, here's the log from the scan:

-- -- -- ---- - - -- - -- - -- - - -- - -- - - -- -- -- - -- -- - -- -- --

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:11:26 PM, on 2/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bitdefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3794798483-1723396914-4254444258-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3794798483-1723396914-4254444258-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bing Bar Update Service (BBSvc) - Unknown owner - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8651 bytes

-- -- -- ---- - - -- - -- - -- - - -- - -- - - -- -- -- - -- -- - -- -- --

Also, would doing a system restore fix my problem if it couldn't be fixed on its own? I know its seen as a worst case scenario solution but I've done it before and I don't really have any files I need to keep with backup or anything.

Anyway, thanks.

 

[johnb35]

You can try doing a system restore to a day before the problems came about or we can first try doing something else.

If you feel like running one more program then do this.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[johncam]

Hwy bro I had a similar issue a few months back, you mentioned your sound bugged out? My problem was a driver using 100% CPU, either look in task manager for what's using all the CPU, or Download advanced task manager to identify it, I'll reply later with more detail as im on my phone right now

 

[brightlord]

Bad Sector?problem?

 

[Dragunov IV 424]

JohnB35 is good at this just listen to him.

 

[Doop]

I don't know if i mentioned this yet, but I have this file that keeps coming back after I delete it and empty my recycle bin. I also downloaded it about the time I think my computer started having problems.

 

[johnb35]

Please run combofix for me and post the logfile that it creates at the end.

However, do this first and then run combofix.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.