Applications sometime freeze -- happens with variouse apps

December 21, 2018 at 14:20:55
Specs: Windows 10, 16
Sometimes, if I leave something open such as NOTEPAD+ ---- I come back to the computer a few hours late, NOTEPAD+ is still open buy I cannot use it. It's like frozen. I cannot type anything into the notepad, I cannot change anything nor can I x out it. I have to right click the task in the taskbar and close it that way. I can then open it and have full use of it.

See More: Applications sometime freeze -- happens with variouse apps

Reply ↓  Report •

#1
December 21, 2018 at 15:04:33
Run these 2 tools, then test.

Run both of these, in this order.
1: Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
https://i.imgur.com/q8GRvVw.gif
https://i.imgur.com/ImAsNPL.gif
https://i.imgur.com/ad7SEKM.gif

2: Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/Wise-R...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...
http://fs1.directupload.net/images/...


Reply ↓  Report •

#2
December 24, 2018 at 13:22:52
Thank you. I will run these tonight and hopefully it fixes the problem.

Reply ↓  Report •

#3
December 24, 2018 at 14:48:51
"Thank you. I will run these tonight and hopefully it fixes the problem"
Fingers crossed, let us know.

Reply ↓  Report •

Related Solutions

#4
December 31, 2018 at 15:56:23
Hi. It took me a while to run the processes you suggested, but the freezing of apps continues to happen.
I don't know what else to do to fix the problem.

Reply ↓  Report •

#5
December 31, 2018 at 16:12:30
I can look at these logs for clues.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop.
The logs are large, upload them using one of these. No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the links please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#6
January 1, 2019 at 05:15:46
Thank you!!! The URL is:
http://www.fileconvoy.com/dfl.php?i...

I have worked in the IT filed for years and I have a good background, what are you looking for in this txt file?


Reply ↓  Report •

#7
January 1, 2019 at 06:04:29
"what are you looking for in this txt file?"
Need the second log first, only got the Addition log.
"It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt) on the Desktop"

Reply ↓  Report •

#8
January 1, 2019 at 14:21:44
Sorry about that, the file has been uploaded:
http://www.fileconvoy.com/dfl.php?i...

Reply ↓  Report •

#9
January 1, 2019 at 14:32:17
Whilst I'm going through your logs.

Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
https://toolslib.net/downloads/view...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You also can find the logfile at C:\AdwCleaner [C1 or later].txt as well.
http://i.imgur.com/r3PoAEG.gif


Reply ↓  Report •

#10
January 1, 2019 at 17:51:16

Reply ↓  Report •

#11
January 1, 2019 at 20:33:16
"I received a strange memory error"
Will finish the Clean up first & then see if you get any more messages.

Next step, get the latest version of Malwarebytes & Run. Your version is years out of date.

Malwarebytes Anti-Malware ( MBAM ) Use Threat Scan.
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Malwar...
http://www.freewarefiles.com/screen...
http://www.malwarebytes.org/downloads/
Forum
http://www.malwarebytes.org/forums/
After the Free trial, I choose this.
http://fs5.directupload.net/images/...
You then get this screen.
http://fs5.directupload.net/images/...
Or,
Deactivate Malwarebytes for Windows Premium Trial
https://support.malwarebytes.com/do...
At the end of a scan, you will get something like this.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
After clicking on > View Report & then > Export. Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.


Reply ↓  Report •

#12
January 4, 2019 at 10:43:50
when i tried to remove malware bytes, my PC blue screened. I have a case open with Malwarebytes support and they are reviewing the logs I sent them. I will let you know once this has been resolved.

Reply ↓  Report •

#13
January 4, 2019 at 21:10:40
"I will let you know once this has been resolved"
Ok, in the meantime.

Please download Dr.Web CureIt and save it to your Desktop. DO NOT perform a scan, until you get it on your desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. (If this is not possible, this program is portable, and runs right from the location it is downloaded to, like a USB drive or SD card.)
http://www.softpedia.com/get/Antivi...
http://filehippo.com/download_dr_we...
http://www.freedrweb.com/cureit//
http://www.freedrweb.com/cureit/?ln...
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Documentation
http://download.geo.drweb.com/pub/d...

Copy & Paste the contents of the log into a text file & upload it here.
No time delays/Captcha-I'm not a Robot/account/registration needed. Give us the link please.
http://www.fileconvoy.com/index.php


Reply ↓  Report •

#14
January 5, 2019 at 05:51:25
I ran CureIt and no threats were detected. There are no logs to send to you from this utility

Reply ↓  Report •

#15
January 5, 2019 at 13:17:16
"I ran CureIt and no threats were detected"
Very good.

You failed to run Farbar from the Desktop.
Download the latest version.
Follow the previous instructions & upload 2 new scans please.


Reply ↓  Report •

#16
January 5, 2019 at 15:02:29

Reply ↓  Report •

#17
January 5, 2019 at 16:00:18
You have a Rootkit.

"Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop"
You are still not running it from the Desktop, the Desktop is where you see the Recycle Bin.

====================================

You will need another computer to download FRST64 to a USB drive, run FRST64 in the Recovery Environment, then back in Normal Mode.

Please download Farbar Recovery Scan Tool in an uninfected computer and save it to a flash drive (Pen Drive).

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.exe

Please also download the attached file and save it in the same location the FRST64 is saved in the flash drive.

Boot to the Recovery Console's Command prompt in the infected computer.

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
https://www.tenforums.com/tutorials...

Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums
https://www.tenforums.com/tutorials...
After any of these actions is performed, all user sessions are signed off and the Boot Options menu is displayed. The PC will restart into the WinRE and the selected feature is launched.

On the boot options, select Troubleshooting > Advanced Options > Command prompt.

Once in the Command Prompt:

Insert the USB drive containing FRST64 and the Fixlist
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
First press the Scan button. That will deactivate the rootkit, once the scan is finished, press the Fix button.
These actions will make two logs, a Fixlog.txt and a FRST.txt logs in the flash drive. Upload them please.

Once finished in the Recovery Environment, restart the computer in Normal Mode.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. In your case is FRST64.

Double-click to run it. When the tool opens click Yes to disclaimer.
Make sure that under Optional Scans, there is a checkmark on Addition.txt.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Upload please.
The tool will also produce another log (Addition.txt ). Upload please.

I will expect the following reports:

Frst.txt produced in the Recovery Console
Fixlog.txt produced in the Recovery Console
Frst.txt produced in Normal Mode
Addition.txt produced in Normal Mode

message edited by Johnw


Reply ↓  Report •

#18
January 5, 2019 at 16:28:22
How did you know I have a root kit - I will do what u said tomorrow - Thank you

Reply ↓  Report •

#19
January 5, 2019 at 16:35:09
"How did you know I have a root kit"
It's in your logs.
"HKLM\SYSTEM\CurrentControlSet\Services\4583F47DC0DB2914 <==== ATTENTION (Rootkit!)"

Best you print out the instructions.


Reply ↓  Report •

#20
January 6, 2019 at 15:06:53
I ran the MALWAREBYTES RootKit Removal tool and the HITMAN PRO removal tool

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#21
January 6, 2019 at 15:55:53
Ok, they are old copies of FRST & Addition, there is a new version of Farbar out today, download, run & upload the logs please.

message edited by Johnw


Reply ↓  Report •

#22
January 6, 2019 at 16:56:14
i downloaded the newest FRST

http://www.fileconvoy.com/dfl.php?i...


Reply ↓  Report •

#23
January 6, 2019 at 17:36:50
Copy & Paste only the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
CPUID CPU-Z 1.80.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.1 - ) <==== ATTENTION
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1040620294-3408955100-497452116-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Chris\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll -> No File
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll -> No File
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File
Task: {0128C37A-D4A8-4E23-895C-93FA028DDA95} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {07FC4089-4A29-4F7E-832C-0DE0B847B9F5} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {2244948E-1917-47DD-8FFD-9D897FA3DB82} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {557F2CCA-0829-4E1E-AC8F-BFD11B7804E4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7B938451-6B9D-4212-A9BB-50E4A223ACE1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {93D70DC7-9E6A-44BA-8757-BBB4C0925118} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A7FE1617-854A-40FC-B9C1-8AF38A6883D8} - no filepath
Task: {AC224594-6999-4A52-B594-20FBB81E278E} - System32\Tasks\Pokki => C:\Users\Chris\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe <==== ATTENTION
Task: {B3D0A991-6502-4D87-B6E1-9F881DE6DA38} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B9BB3045-EFF2-4CB6-9ECE-9D5009A87E7E} - \CMPCUAC -> No File <==== ATTENTION
Task: {C415CB22-E757-4D4A-81BA-34EF122AE6FB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1FF2FB5-FA83-4D16-AC5B-F6597AFE8FB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D317AEDC-EB8D-4278-8057-0ABBB9826BCB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D3887556-52ED-4BA4-85A8-F6A0081C560F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E95A9BD9-976B-4587-B086-3A35A7351B19} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {EFC3383A-8AE6-48B7-804B-C038EA6CF705} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:EBA3B6EA [133]
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
HKU\S-1-5-21-1040620294-3408955100-497452116-1001\...\MountPoints2: {3512b715-a3e9-11e2-be66-806e6f6e6963} - "C:\WINDOWS\system32\RunDLL32.EXE" Shell32.DLL,ShellExec_RunDLL D:\Autorun.hta
HKU\S-1-5-21-1040620294-3408955100-497452116-1001\...\MountPoints2: {f04b61ac-a0c7-11e8-800d-bc5ff47da236} - "G:\setup.exe"
HKU\S-1-5-21-1040620294-3408955100-497452116-1001\...\Command Processor: cd\ <==== ATTENTION
URLSearchHook: [S-1-5-21-1040620294-3408955100-497452116-1001] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM-x32 -> DefaultScope {D7CBCD96-501F-4559-8304-F3CF1F6668F4} URL =
SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=webpickaol-ie&s_qt=sb&tb_uuid=A5D5FA39D53049878E50F8657CD68A82&tb_oid=23-05-2013&tb_mrud=23-05-2013
SearchScopes: HKU\S-1-5-21-1040620294-3408955100-497452116-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
CHR StartupUrls: Default -> "hxxps://mysearch.avg.com?cid={6D0CCCAA-8C6A-427D-AF3E-2D4011E79701}&mid=3f76c9ed9cc547d39dd66d16b2994bc5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 04:00:58&v=18.1.9.799&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?cid={6D0CCCAA-8C6A-427D-AF3E-2D4011E79701}&mid=3f76c9ed9cc547d39dd66d16b2994bc5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-02-06 04:00:58&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default -> hxxps://mysearch.avg.com/chroment?espv=2&cid={6D0CCCAA-8C6A-427D-AF3E-2D4011E79701}&mid=3f76c9ed9cc547d39dd66d16b2994bc5-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=AVG&pr=fr&d=2014-02-06 04:00:58&v=18.1.9.799&pid=safeguard&sg=0
CHR DefaultSuggestURL: Default -> hxxp://toolbar.avg.com/acp?q={searchTerms}&o=1

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.
Refer these SS if needed.
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...
http://fs5.directupload.net/images/...

Reply ↓  Report •

#24
January 7, 2019 at 05:22:24
I will perform the steps you mentioned later tonight. Thank you.
Why are you helping me? Taking so much time out of your schedule. I thank you, and thats very nice of you

Reply ↓  Report •

Ask Question