Every time I try to confirm a pop-up my laptop freezes.

Every single time I get a pop-up (including a pop-up about allowing a trusted program like Malwarebytes) to run after it is confirmed my laptop just freezes… no amount of waiting fixes it.

I am using Avast free and PrivateFirewall 7.0, neither of which have said anything since this started happening.

hey could you give us a pic of that popup?

if you suspect infection please follow this guide and attach our logs.

http://forum.avast.com/index.php?topic=53253.0

attach the logs from adwclener,malwarebytes,otl and awsmbr.

I’m not sure I will be able, whenever the prompt for administrative permission comes up and I ‘ok’ it bang, it goes dead. (I tried to get malwarebytes to work but the same thing happened, the popup came up and then once I ok’d it, it froze)

I’m pretty sure there’s a option I once checked to make popups more frequent, I shall see if I can disable that.

do you have any other security programs installed?
did you uninstall your old AV before installing avast?
did you use the vendors removal tool to clear any leftover files that may conflict?

tools found here http://singularlabs.com/uninstallers/security-software/ run and reboot

I had Norton 360, I used their uninstall tool to remove.
I did download Ad Aware before Avast, I used windows uninstaller for that. Might that cause the issue of freezing when dealing with administrative controls?

I’m almost 100% sure it’s only when dealing with the admin controls (the popup that appears when changing or doing something that requires administrative privileges) as no matter what I do when that comes up, regardless of the cause of it, it freezes. Whether I ok or click no, press the x or even click something additional, it always freezes.

not sure…adaware does contain a AV engine so it might conflict

if you are able to run OTL (try run it from safe mode) then the removal expert may spot any leftover files in the diagnostic log
all the tools in the guide Mikael rask gave you can be run from safe mode, so try that if you have problems

i have notified the removal expert so that he will take a look here when he arrive later today…usually after work hours european time

Thank you.

Do you know of any way to turn off the admin conformation pop-up that comes up? If so that’d be a great help. (preferable turn it off without having to confirm the setting one last time, as that’d cause the freeze again)

You can temporarily turn off UAC but you need to be very careful as you are opening up your system

Go to Control Panel > Action Centre
Select UAC control
Move the slider to the bottom and OK out

Hello essexboy, do you have any ideas as to what would cause the pop-ups to freeze my laptop?

essexboy will be back after work hours european time…
try running OTL log from the guide above

Do you experience the same problem in safe mode ?

No (I don’t think the admin request thingy comes up) I shall try using Avast (when the password request comes up it freezes too) once I get a change, I presume that still comes up in safe mode.

Could you run an OTL scan from safe mode please so that I can see what is there

This is without the custom scan additional code. If you want it re-done with the other additional parts then I will.

Not a great deal showing there, how old is the computer ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
IE - HKU\S-1-5-21-2370299088-1944241764-196154407-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=4C6A3C784C8FA90FF0A4CA519DB3F223&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=4C6A3C784C8FA90FF0A4CA519DB3F223"
[2013/05/23 18:15:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\w90sm5z9.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2013/05/23 18:15:23 | 000,000,628 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
O4 - HKLM..\Run: [SearchProtection] C:\ProgramData\Search Protection\_run.bat File not found
O4 - HKU\.DEFAULT..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-18..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-19..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O4 - HKU\S-1-5-20..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I found out the problem is definitely Personalfirewall 7.0, which once disabled stops all the problems I was having.

May I just ask now that it’s fixed, what’s the fix you’ve described for?

(Thank you Pondus, mikaelrask and essexboy)

hey agian
have you run the fix Essexbox gave you? if not please do that and post the result here.

your welcome :slight_smile:

The fix was to clear a few orphan entries but mainly to clear the temp files