koray77
December 30, 2013, 7:10pm
1
Hello all,
Since a couple of days ago, whenever I turn on my laptop normally, it loads until the “Welcome” screen is reached. It then becomes unbearably slow. After waiting, the desktop is partially displayed (without icons, etc.), but is completely unresponsive and I am eventually presented with this message:
‘Microsoft Windows
The application is not responding. The program may respond again if you wait.
Options: END PROCESS or CANCEL’
Ask away for further details and/or clarifications. The specification of my laptop are as follows:
Windows Edition: Windows 7 Home Premium, Service Pack 1
Model: HP Pavilion g6 Notebook PC
Processor: Intel Core i5-2410M CPU, 2.3 GHz
RAM: 4 GB
Thank you for any help on this matter.
Kind regards,
Koray
Eddy
December 30, 2013, 7:19pm
2
koray77
December 30, 2013, 10:17pm
3
I have now read it. Should I work through it chronologically or download a particular program stated within the topic.
Kind regards,
Koray
koray77
December 30, 2013, 11:49pm
4
OTL logs have been attached.
koray77
December 31, 2013, 12:18am
5
aswMBR log has been attached.
koray77
December 31, 2013, 3:59pm
6
Is there anything of concern within these logs?
What is the next step?
Kind regards,
Koray
koray77
December 31, 2013, 5:28pm
7
MBAM log has been attached.
bob3160
December 31, 2013, 6:00pm
8
A Malware Removal expert has been notified.
Please be patient.
Any news from the malware removal experts?
You can contact the virus lab via the mail virus@avast.com .
At the moment only TwinHeadedEagle is online. Maybe he will help you.
Eddy
January 1, 2014, 2:34pm
12
Looks to me that all of the following should be fix.
But please do nothing before someone who has more knowledge about otl has confirmed it.
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes,DefaultScope = {2F6079F3-8301-4F0C-859A-5DF2ED94CF7C}
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{2F6079F3-8301-4F0C-859A-5DF2ED94CF7C}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\system32\npdeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\Toolbar\WebBrowser: (BitTorrentControl_v12 Toolbar) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [TQ566808] "E:\Setup.exe" File not found
O4 - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:[b]64bit:[/b] - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:[b]64bit:[/b] - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:[b]64bit:[/b] - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:[b]64bit:[/b] - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O16:[b]64bit:[/b] - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
@Alternate Data Stream - 1184 bytes -> C:\Users\Koray\AppData\Local\Temp:n3xkUFYCQBBQxlj2QZlMTLBat9Q
@Alternate Data Stream - 1058 bytes -> C:\Users\Koray\AppData\Local\Temp:qYkaQGRy3lMTmn7vdmSVVDB
koray77
January 1, 2014, 10:00pm
13
Here’s a link to my other thread which has more details on the problem I am experiencing with my laptop:
http://forum.avast.com/index.php?topic=143650.msg1042484#msg1042484
Kind regards,
Koray
Thanks for the tip Eddy.
@ korayhamza,
OTL does not show anything particularly interesting, just some remains …
Tell me the computer behavior after OTLFix.
Re-run OTL.exe .
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3967787821-2340421480-1609785088-1000\..\Toolbar\WebBrowser: (BitTorrentControl_v12 Toolbar) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files (x86)\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O4 - HKLM..\Run: [TQ566808] "E:\Setup.exe" File not found
@Alternate Data Stream - 1184 bytes -> C:\Users\Koray\AppData\Local\Temp:n3xkUFYCQBBQxlj2QZlMTLBat9Q
@Alternate Data Stream - 1058 bytes -> C:\Users\Koray\AppData\Local\Temp:qYkaQGRy3lMTmn7vdmSVVDB
:FILES
C:\Program Files (x86)\BitTorrentControl_v12
C:\Windows\*.tmp
:COMMANDS
[EMPTYTEMP]
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
===== Next =====
Please download AdwCleaner by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
[*]After rebooting, a logfile report (AdwCleaner[S0].txt ) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.
Hello Magna,
Thanks for your response.
I have applied your fix and attached each post log file for both OTL and AdwCleaner.
My laptop is now running normally, but the avast! service is still disabled under msconfig, as it was preventing me from booting my laptop.
Should I now attempt to re-enable this service?
Kind regards,
Koray
As posted logs doesn’t shows malware activity, I think that there is no need to go to extra checks.
My laptop is now running normally, but the avast! service is still disabled under msconfig, as it was preventing me from booting my laptop.
Should I now attempt to re-enable this service?
Can’t tell. I am not member of avast team, therefore I can’t assist you in that. I would re-try.
Before you try to enable, create few system restore points.
You can remove OTL by clicking on CleanUp! button.
May I suggest that for your avast! situation that you do a clean install of avast!.
You’ll find step by step instructions at:
https://docs.google.com/document/d/1TCCX0R7AAF2WOxAMQ_kcun2nNnCPFAk2P4RBzFXSgds/edit?usp=sharing
Will do. Thanks for the help guys!
I’ll post back - detailing the results.
Kind regards,
Koray
I have successfully completed a clean install of avast!.
It seems some progress has been made, as the Microsoft Windows error message doesn’t appear upon boot.
Although, the overall time taken for my laptop to fully load with the avast! service enabled is longer than 10 minutes.
Kind regards,
Koray
Also, just to put it in perspective, with the avast! service disabled - the time taken for my laptop to boot is roughly 2 minutes and 30 seconds.