Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop hangs after an idle run of about 10 mins or more..


  • This topic is locked This topic is locked
10 replies to this topic

#1 gowri18

gowri18

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 13 October 2015 - 09:42 AM

Hi,

 

I started facing this problem since a week back. And i happend to go around various forums about this problem where my laptop freezes or hangs after leaving it idle for 10 mis or more, or sometimes longer. Some said it would be because of laptop overheating so i cleaned the parts inside icluding the fans and fins and temp is now somwhere withing 50 degrees. Later still i faced the same problem and for observation i openned the taks manager and left it openned to see if any process starts up, i found one named msiexec.exe which was 11 kb using up 5 gb of my 8 gig ram. And when i just openned the file location from there, it pointed to windwos folder inder C drive having a path

 

C:\Windows\WinSxS\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.3.9600.16384_none_de213953a1b377e3

 

 

  While making the above observation my laptop was extremely slow taking lot of time of each keyboard or mouse response. Some other forums suggested to run virus and malware scan in safemode and i ran a full virus scan using AVG 2015 once and malwarebytes anti malware scan twice, And all of them returned empty. So when i went through your forum, i decided to give it a shot to see what the problem is. I am attaching the addition.txt and FRST.txt from a FRST64 scan for your referance.

 

However while simply looking at those txt file i am not sure if you can identify the problem causing application as while uploading this my laptop was running normal. Anyway i am no expert and i dont know much about these so any of you could help me out.

Attached Files



BC AdBot (Login to Remove)

 


#2 gowri18

gowri18
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 13 October 2015 - 11:56 AM

Hi all,

 

Sorry there was an error while i typed those. I re-ran the FRST when my laptop hanged so i guess better logs would have been made and when i openned the msiexec.exe process the path is

 

C:\Windows\System32

 

which was 64 kb size and it occupied 6gb of my 8 gig ram. Even after shutting that process down the disk uasge was at 99% and my laptop was too slow to respond any inputs. I am attaching updated logs from FRST for better observation, Hope all these details would help to find a solution.

 

Thanks in advance,,Attached File  Addition.txt   41.61KB   2 downloadsAttached File  FRST.txt   35.89KB   2 downloads



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 14 October 2015 - 09:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove this program in bold using the Add/Remove Programs applet.
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )

===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3309642225-4213815945-1384498365-1001\...\Run: [] => [X]
IFEO: [Debugger] "D:\Program Files\TuneUp_14\TUAutoReactivator64.exe"
IFEO\rim.desktop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Handler: WSISAllmytubechrome - No CLSID Value
FF user.js: detected! => C:\Users\Gowri Shankar\AppData\Roaming\Mozilla\Firefox\Profiles\9rz13oqm.default\user.js [2014-05-09]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - E:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - D:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-05-12]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - E:\Program Files\Internet Download Manager\IDMGCExt.crx <not found>
S4 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S2 APXACC; \SystemRoot\system32\DRIVERS\appexDrv.sys [X]
S3 BtAudioBusSrv; \SystemRoot\System32\Drivers\BtAudioBus.sys [X]
S3 BthL2caScoIfSrv; \SystemRoot\System32\Drivers\BtL2caScoIf.sys [X]
S3 btUrbFilterDrv; \SystemRoot\System32\Drivers\IvtUrbBtFlt.sys [X]
Task: {FFB097B9-B018-45B2-9FBC-82E0B1884ED1} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

How is the computer running now?

#4 gowri18

gowri18
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 14 October 2015 - 10:26 AM

@nasdaq hi, thanks for your reply and I happen to find something. Whenever I update my avg2015, there is this 7.5 mb update file which when allow to install starts the msiexec.exe process and consuming 6gig of ram. And ever since I stopped auto-update of avg Internet Security I don't see any of the problem described before. So I presume that the avg update file causing something. However I am able to install other normal softwares, which I checked to see as msiexec.exe is a Windows installer service. So based on these recent findings should I still do the procedure you mentioned?

If so I shall do but I just want to bring this to your attention.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 15 October 2015 - 07:52 AM

Yes please run my suggested fix.

If anything goes wrong you will have a Restore point to return to.
I'm create one with the fix.
See my first command:
 

start

CreateRestorePoint:



#6 gowri18

gowri18
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 15 October 2015 - 09:34 AM

@nasdaq I ran all the steps mentioned in your post and i am attaching the files you asked for. So after the final restart i re-ran the avg update which i mentioned before but unfortunately the problem still persists. My laptop runs in normal unless i start an avg update, otherwise it is in good speed as before. So ultimately the problem is not still solved if i run avg update. Hope these details would help you to further analyze, And thanks for your help so far..

 

 

I have attached adwcleaner log before and after cleaning and the FARBAR log as you asked..

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 15 October 2015 - 10:08 AM

I suggest your remove AVG using the uninstaller tool.

http://www.avg.com/ca-en/utilities

After a restart of the computer reinstall the application.

Keep me posted.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 21 October 2015 - 09:49 AM

Are you still with me?

#9 gowri18

gowri18
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:53 AM

Posted 21 October 2015 - 03:44 PM

Hi,

Sorry that I forgot to reply here. And after u installing avg I don't see any of those problems. I am. Now using avast.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 22 October 2015 - 08:30 AM

Glad we could help.
If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:23 PM

Posted 22 October 2015 - 08:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users