Unable to Insall OTL.Oldtimer

Hi, I did as you instructed. please see the file.

Thanks so much.

[list]Hi,

Malwarebytes

I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.

ESET Online Scanner
I’d like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don’t go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

[]Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
[
]Click the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png
button.
[]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)[list=1]
[*]Click on
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png
to download the ESET Smart Installer. Save it to your desktop.
[
]Double click on the
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png
icon on your desktop.

[*]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png

[*]Click the Start button.
[]Accept any security warnings from your browser.
[
]Check
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png

[*]Make sure that the option “Remove found threats” is Unchecked
[*]Push the Start button.
[]ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
[
]When the scan completes, push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png

[*]Push
http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png
, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
[*]Push the Back button.
[*]Push Finish

http://www.eset.com/onlinescan/

In your next reply please attach the logs made by Malwarebytes and ESET. :slight_smile:

Hi Jeff, here it is…

Good…how is your system running?

HI, It is running fine but I am still getting the Avast pop up malicious URL blocked message when I open the webpage from firefox.

This is the latest avast pop up essage

Infection Details
URL: ://d r a k x g e n e r a t o r s.n a me/404notfound
Process: C:\Program Files\Mozilla Firefox\firefox…
Infection: URL:Mal

But I can go online, no issues…

Hi,

Try to run a scan with OTL now and if the log is made attach both the OTL.txt and Extras.txt

Hi, I am really sorry for the trouble…here is the Extras. text. OTL seems to be too big to be sent as an attachment. Let me try one more time…

Thanks a ton for helping me out with this…

Hi OTL is 264 kb. Unable to attach. Should I paste it here? Pls let me know

Hi,

You can break the OTL.txt into two parts and attach them both…just be sure not to miss anything.

Here it is :slight_smile:

Hi,

Thanks for getting me those. Let me look over them and I will return as quick as I can.

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {3A1405E9-6900-4da2-A6FF-859098571985}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKLM\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = 94A2AE90-7B04-4CE9-92A8-E74303397600
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=110482&mntrId=c0228bb300000000000000241dd957a4
IE - HKCU\..\SearchScopes\{3A1405E9-6900-4da2-A6FF-859098571985}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SPDA
IE - HKCU\..\SearchScopes\{764B0EA0-5AAA-46d0-95AF-7842AE6B9CAE}: "URL" = http://www.google.com/custom?q={searchTerms}&sa.x=0&sa.y=0&safe=active&client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&hl=en&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1060933
IE - HKCU\..\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q={searchTerms}
[2012/02/22 18:33:38 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/21 06:48:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A88F543-1A53-49E1-A8AE-A43C688A6D46}: NameServer = 202.88.130.15,202.88.130.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DCCDEC20-53BE-46E9-BAF4-8955AEAB80F5}: NameServer = 202.88.130.67 202.88.130.15
[2012/06/04 02:14:43 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[9 C:\WINDOWS.0\*.tmp files -> C:\WINDOWS.0\*.tmp -> ]
[1 C:\WINDOWS.0\System32\*.tmp files -> C:\WINDOWS.0\System32\*.tmp -> ]

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[resethosts]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

Hi, OTL scan first and OTL scan 2nd

Hi,

It looks like your new OTL scan didn’t run quite right. Could you run a Quick Scan and attach the new log.

How is the system running?

You mean the first run with the code pasted? or the second one with Lop check?

System is fine, just want to let you know that the AntiVir Desktop is still there :slight_smile:

The second…

here it is OTL quick scan

Thank you…

Run OTL.exe

[*]Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL


:Services

:OTL
IE - HKCU\..\SearchScopes\94A2AE90-7B04-4CE9-92A8-E74303397600: "URL" = http://searchya.com/?chnl=dcom-100&s=1&cr=1189743197&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDyCtDyE&q={searchTerms}

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
[*]Then run a new scan and post a new OTL log ( don’t check the boxes beside LOP Check or Purity this time )

both the files :slight_smile:

Thanks…any new Avast popups?