Computer Freezes for odd reason

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
When playing Diablo 2 Expansion pack on single player it freezes up after about 10 minutes of freeze. It wont respond to Ctrl+Alt+Delete, or even Holding down the power button for 15 seconds. My computer teacher said that the program might be conflicting with the processor to make it go hay-wire. COuld use some help =) thanks =)
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
I upgraded to DirectX 9.0 runtime and when it seemed to freeze I pressed Alt+Tab and it minumized after about a minute or so. I just re-entered Diablo 2 and it seemed to be fine. I dont know what is wrong still. Could someone help me plz? thx
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,277
Hiya

What do you have running in the background:

Go to Run and type MSINFO32
On the left choose Software Enviroment, then Startup Programs. Copy/paste the list here.

Regards

eddie
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
E-Color Startup Group "C:\Program Files\E-Color\Registration\SonnReg.exe"
3Deep Startup Group "C:\Program Files\E-Color\3Deep\3Deepctl.exe"
E-Color Indicator Startup Group "C:\Program Files\E-Color\E-Color Indicator\TICIcon.exe"
SCPopup Startup Group "C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe"
GStartup Startup Group "C:\Program Files\Common Files\GMT\GMT.exe" /startup
Microsoft Office Startup Group "C:\Program Files\Microsoft Office\Office\OSA9.EXE" -b -l
aaqhpy.exe Common Startup Group C:\WINDOWS\SYSTEM\fil\aaqhpy.exe
run Win.ini C:\WINDOWS\SYSTEM\aaqhpy.exe
Yahoo! Pager Registry (Per-User Run) C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Shell32 Registry (Per-User Run) Shell32.exe
msnmsgr Registry (Per-User Run) "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
TaskMonitor Registry (Machine Run) C:\WINDOWS\taskmon.exe
SystemTray Registry (Machine Run) SysTray.Exe
NvCplDaemon Registry (Machine Run) RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz Registry (Machine Run) nwiz.exe /install
Gainward Registry (Machine Run) C:\WINDOWS\TBPanel.exe /A
CriticalUpdate Registry (Machine Run) C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
C-Media Mixer Registry (Machine Run) Mixer.exe /startup
FileFreedom_Plugin Registry (Machine Run) C:\PROGRAM FILES\FILEFREEDOM\wtm.exe
Disc Detector Registry (Machine Run) C:\Program Files\Creative\ShareDLL\CtNotify.exe
AudioHQ Registry (Machine Run) C:\Program Files\Creative\SBPCI512\AudioHQ\AHQTB.EXE
PromulGate Registry (Machine Run) "C:\Program Files\DelFin\PromulGate\PgMonitr.exe"
SaveNow Registry (Machine Run) C:\PROGRA~1\SAVENOW\SaveNow.exe
MediaLoads Installer Registry (Machine Run) "C:\Program Files\DownloadWare\dw.exe" /H
New.net Startup Registry (Machine Run) rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup
Windows Explorer Update Build 1142 Registry (Machine Run) explorer32.exe
LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Shell32 Registry (Machine Run) Shell32.exe
RunDLL32 Registry (Machine Run) C:\WINDOWS\SYSTEM\aaqhpy.exe
HPDJ Taskbar Utility Registry (Machine Run) C:\WINDOWS\SYSTEM\hpztsb05.exe
LoadQM Registry (Machine Run) loadqm.exe
CMESys Registry (Machine Run) "C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE"
Synchronization Agent Registry (Machine Service) C:\WINDOWS\START MENU\PROGRAMS\ACCESSORIES\SYSTEM TOOLS\AGENT\SYNCAGENT.EXE
Windows Explorer Update Build 1142 Registry (Machine Service) explorer32.exe
LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
Shell32 Registry (Machine Service) Shell32.exe
RunDLL32 Registry (Machine Service) C:\WINDOWS\SYSTEM\aaqhpy.exe
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
Ive got it to play for like 20 minutes and then it shuts off and displayes this message.

"UNHANDLED EXEPTION:
ACCESS_VIOLATION (c0000005)"

Then when i try to go to the Internet after it shuts down it tells me.

"This program has formed an illegal operation and will be shut down.

If the problem persist contact the program vendor."
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,277
Okay, lets see.....

E-Color: This is what it for:

http://www.colorific.com/

Corrects lighting, shading and color for all your 2D and 3D games. Not sure, maybe keep.

E-Color Indicator: as above

SCPopup: Looks like its to do with your ViewCam:

http://www.sharp.net.au/product_sales/viewcam/vlwd650e.htm

GStartup: Gator spyware variant. See end.

Microsoft Office: Resource hog that launches common MS Office components to help speed up the launch of Office programs. Some users claim there's no difference with or without it but it isn't required anyway.

aaqhpy.exe: not sure.

Yahoo! Pager: Yahoo! Messenger allows you to send instant messages. Using Yahoo! Messenger, you can see when friends are online and chat back and forth with them, like having a real conversation. Available via Start -> Programs. Not needed.

msnmsgr: not sure.

ScanRegistry: keep

TaskMonitor: The Task Monitor checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful

SystemTray: keep

NvCplDaemon: Intializes the clock and memory settings on nVidia based graphics cards. Disable if you overclock your card

nwiz: Associated with the newer versions of nVidia graphics cards drivers. Allows you to immensely improve desktop layouts by setting preferences and optimizations. However, this isn't necessary for the operation of your system

Gainward: Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel

CriticalUpdate: MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site. Not needed.

C-Media Mixer: C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs. Not needed.

FileFreedom_Plugin: FileFreedom peer-to-peer sharing program. Not needed.

Disc Detector: For Creative sound cards. Detects when you insert a CD, DVD, etc. Not needed.

AudioHQ: For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs. Not needed.

PromulGate: Adware based media viewer by The Delfin Project, see end.

SaveNow: Advertising spyware. Installed as part of the Kazaa Media Desktop bundle for example. See end.

MediaLoads Installer: Medialoads is advertising software - running DownloadWare as its executable. Installed as a bundle with Kazaa Media Desktop. See end

New.net: Advertising spyware, see end.

Windows Explorer Update Build 1142: Added as a result of the KaZaA based KWBOT VIRUS!, see end

LoadPowerProfile: keep

Shell32: Not sure, may be due to virus.

RunDLL32: This loads the System Tray icon used to change display settings, change the clock rate and memory speed for nVidia based graphics cards. This is unnecessary since you can easily configure these settings the way you want them in the Display Properties and not have to mess with them again. Not needed.

HPDJ Taskbar Utility: Ghostscript device driver for printers understanding Hewlett-Packard's Printer Command Language

http://home.t-online.de/home/Martin.Lottermoser/pcl3.html

OR

Creates 1 or all 3 icons on taskbar. The 1st one has a yellow border around it warning that ink is low on the printer. The second one is HP Device Detection Software and the 3rd one is about a card being inserted into the Hp printer

Not sure

LoadQM: Loads the MSN Queue Manager. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it

CMESys: Part of Gator advertising spyware, see end

Synchronization Agent: http://support.microsoft.com/default.aspx?scid=KB;en-us;q256139

Not needed.



Okay, as you have a Virus, I would get that sorted first of all. Update your Antivirus, or do an online scan here:

http://housecall.antivirus.com/housecall/start_corp.asp

This is all about the virus:

http://securityresponse.symantec.com/avcenter/venc/data/w32.kwbot.worm.html

Then, when its all clear, you can sort out the spyware. I'm assuming you have Kazaa. There is a spyware free one, called KazaaLite:

http://www.kazaalite.com/

Now, uninstall the version you have at the moment, and also, in AddRemove in the Control Panel, see if you can see any references to Gator, SaveNow, MediaLoads Installer and PromulGate

Don't worry if they're not there, but if they are, uninstall.

Then run Spybot, available here:

http://tomcoyote.com/SPYBOT/


As for new.net, have a look at this, on how to remove it:

http://cexx.org/newnet.htm

http://cexx.org/newnetfix2.htm


After thats all been done, and its clear, you can sort out the MSCONFIG stuff. Go to Run and type in MSCONFIG, startup tab. Uncheck the ones you don't want, apply and restart.


To prevent any other files being downloaded by mistake, go to Tools | Internet Options. Advanced tab. Under Browsing, look for Enable Install on Demand. Untick, apply and OK.


As for the other error, click Details, and copy/paste the contents here.

Regards

eddie
 
Joined
Jan 5, 2003
Messages
43
why cant something be done to these annoying people that make gator and newnet? gator installs without permission, it ask and you so no, and it says well what you dont know wont hurt..
I hate these sites....
 
Joined
Aug 21, 2002
Messages
405
I would NOT recommend downloading Kazaa Lite. I downloaded it once and it just ruined my whole computer. It edited the HOSTS file so I couldn't play a few games and I took hours repairing it. But it's your choice to download it or not. Might not have the same stuff as I did...but...go for it.
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
It found these infected files,

BKDR SUB7.22A
BKDR LITH.102.A
BKDR LITH.102.A
BKDR LITH.102.A
BKDR LITH.102.E
BKDR LITH.102.A
BKDR LITH.102.A
BKDR SUB7.22A
BKDR SUB7.22A
BKDR SUB7.22A
BKDR LITH.102.A
BKDR NBSPY
BKDR SUB7.22A

Should i delete them or what?
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
Save Now is in the startup menu in msconfig. I didnt see it in the add/remove hardware. Also i MediaLoad is there but you said to uninstall MediaLoad Installer, should I unistall MediaLoad too??
 

Doomsday123

Thread Starter
Joined
Jul 1, 2002
Messages
505
Also I did another Virus Scan and this is what turned up.

c:\EXPLORER.EXE is infected with SubSeven Server 2.1

c:\Program Files\NetBus Pro\NBHelp.dll is infected with Backdoor.Trojan

c:\WINDOWS\TEMP$01.EXE is infected with SubSeven Server 2.1

c:\WINDOWS\nsrp.exe is infected with Backdoor.Trojan

c:\WINDOWS\Desktop\Dakota\Games\Other\d2maphack_42\d2maphack2.0.exe is infected with Trojan Horse

c:\WINDOWS\Desktop\Dakota\Games\Other\d2maphack_42
\server.exe is infected with Trojan Horse

c:\WINDOWS\SYSTEM\srv_capture.dll is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\srv_funstuff.dll is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\srv_multimedia.dll is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\srv_portscan.dll is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\srv_pwinfo.dll is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\Shell32.exe is infected with Backdoor.Trojan

c:\WINDOWS\SYSTEM\aaqhpy.exe is infected with SubSeven Server 2.1

c:\WINDOWS\SYSTEM\mweohmm.exe is infected with SubSeven Server 2.1

c:\WINDOWS\SYSTEM\fil\aaqhpy.exe is infected with SubSeven Server 2.1

Any suggestions???
What should I do???
 

eddie5659

Moderator
Malware Specialist
Joined
Mar 19, 2001
Messages
37,277
Blimey, 3 trojans!!

Okay, which program did you use, Housecall or your own?

I would clean up the PC, as having those on your system won't do it any good.

Also, I think what IgneousPrime meant, was to backup any important files, just in case things went wrong, as in documents that you need.

This is about them:

Backdoor.Trojan

SubSeven 2.0 Server

You have the updated version, by the looks of it.

Trojan Horse is a generic name.


Let whichever program you're using, to clean up the files. If you do this, reboot, and run it again, they should be removed. If not, let us know

eddie
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top