Hey!
I have downloaded OTL and ran as you said and I got one saved file : OTL.txt
I uploaded it as attachment
Hey!
I have downloaded OTL and ran as you said and I got one saved file : OTL.txt
I uploaded it as attachment
asMBR.txt:
17:36:34.030 OS Version: Windows 6.1.7601 Service Pack 1
17:36:34.030 Number of processors: 2 586 0xF0D
17:36:34.033 ComputerName: userrr UserName: username…
17:36:35.829 Initialize success
17:40:08.271 AVAST engine error: 2
17:40:10.890 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP2T0L0-3
17:40:10.893 Disk 0 Vendor: WDC_WD3200BPVT-22ZEST0 01.01A01 Size: 305245MB BusType: 11
17:40:10.911 Disk 0 MBR read successfully
17:40:10.914 Disk 0 MBR scan
17:40:10.917 Disk 0 Windows 7 default MBR code
17:40:10.921 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
17:40:10.929 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848
17:40:10.936 Disk 0 scanning sectors +625139712
17:40:11.014 Disk 0 scanning C:\Windows\system32\drivers
17:40:17.534 Service scanning
17:40:32.161 Modules scanning
17:40:39.997 Disk 0 trace - called modules:
17:40:40.020 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys ndis.sys netw5v32.sys
17:40:40.028 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0x85ec5200]
17:40:40.035 3 CLASSPNP.SYS[8920459e] → nt!IofCallDriver → [0x85dcb918]
17:40:40.041 5 ACPI.sys[88eb63d4] → nt!IofCallDriver → \Device\Ide\IdeDeviceP2T0L0-3[0x85da4908]
17:40:40.048 Scan finished successfully
17:40:52.227 Disk 0 MBR has been saved successfully to “C:\Users\username…\Desktop\MBR.dat”
17:40:52.235 The log file has been saved successfully to “C:\Users\username…\Desktop\aswMBR.txt”
Avast appears to be working, what are your current problems ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE - HKU\S-1-5-21-2472689237-2822399416-2604177735-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
FF - prefs.js..extensions.enabledAddons: ffxtlbr@babylon.com:1.1.9
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=56ea03fc000000000000001e8c44646a&tlver=1.4.19.19&instlRef=sst&ss=1&affID=18042&q="
[2011.12.20 16:04:35 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\username..\AppData\Roaming\Mozilla\Firefox\Profiles\s804d0w7.default\extensions\ffxtlbr@babylon.com
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll File not found
O3 - HKU\S-1-5-21-2472689237-2822399416-2604177735-1001\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2472689237-2822399416-2604177735-1001\..\Toolbar\WebBrowser: (no name) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No CLSID value found.
O3 - HKU\S-1-5-21-2472689237-2822399416-2604177735-1001\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O4 - HKLM..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
:Files
C:\Program Files\BabylonToolbar
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
after reboot i got results in notepad without scanning it again…
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2472689237-2822399416-2604177735-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Prefs.js: ffxtlbr@babylon.com:1.1.9 removed from extensions.enabledAddons
Prefs.js: “http://search.babylon.com/?babsrc=SP_ss&mntrId=56ea03fc000000000000001e8c44646a&tlver=1.4.19.19&instlRef=sst&ss=1&affID=18042&q=” removed from keyword.URL
Folder C:\Users\username…\AppData\Roaming\Mozilla\Firefox\Profiles\s804d0w7.default\extensions\ffxtlbr@babylon.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2472689237-2822399416-2604177735-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2472689237-2822399416-2604177735-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3E1201F4-1707-409F-BB45-A5F192381DA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{3E1201F4-1707-409F-BB45-A5F192381DA0}\ not found.
Registry value HKEY_USERS\S-1-5-21-2472689237-2822399416-2604177735-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\BabylonToolbar deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\BabylonToolbar not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: haldun
->Temp folder emptied: 3171485523 bytes
->Temporary Internet Files folder emptied: 182294448 bytes
->Java cache emptied: 2648999 bytes
->FireFox cache emptied: 1118071679 bytes
->Google Chrome cache emptied: 346667351 bytes
->Apple Safari cache emptied: 158720 bytes
->Flash cache emptied: 2402 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 243346206 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.830,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01212013_203027
Files\Folders moved on Reboot…
File\Folder C:\Windows\temp\TMP0000000165EF1089260C675F not found!
PendingFileRenameOperations files…
Registry entries deleted on Reboot…
do I have to quick scan again?
my current problem i can’t do anything!! avast got a cross on the icon…G!
OK lets now run a stronger tool
Download and Install Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
I attached it
You should now be able to enter safe mode and run aswclear
It does not work! I am tired of it. I will try another antivirus program.
thnx!
Are you saying that Avast will not uninstall at all ?
I am saying that It’s alright! you made a self protection mode to disable harmful programs to delete avast but now even you can’t delete it and plus, I am tired of downloading tons of programs you offer me to download and try to clean avast… Too much going on. It shouldn’t be that difficult!
I have downloaded another antivirus program and by the time I am trying to get rid of avast without downloading any other program.
I appreciate your help! But i ain’t no more time to waste trying to delete a program.
Hi Hal7:
It’s unfortunate and quite confusing as to the issues you are having trying to uninstall your Avast product.
Essexboy is widely experienced at solving these kinds of issues and if you followed his instruction to the letter then all should be fine.
However as you have stated, you still seem unable to uninstall your Avast ???
The reality is, if you have not uninstalled Avast and you install another Anti Virus program you could/will end up with more problems then you appear to be experiencing at this point.
I would suggest you continue to work with Essexboy slowly and calmly until he can pinpoint just what the problem is.
Just a suggestion. 8)
I did everything just as you guys said and i tried one more time! :(
But I need to use my computer!! So I thought I could use norton for a time… I downloaded yesterday and now pc restarted itself after a blue screen… and now norton antivirus program says “You disabled antivirus program…” There’s a virus or someone playing with me or something what? I did everything what you told me to do what do I have to do…? I am not Happy…
We need to determine what the virus is first … We can do a quick rootkit scan or we could use an AV scan outside of windows
Download the GMER Rootkit Scanner. to your Desktop, it will be a randomly named .exe file .
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click the file you downloaded. The program will begin to run.
https://dl.dropbox.com/u/73555776/GMER_Open.JPG
Caution
These types of scans can produce false positives. Do NOT take any action on any “<— ROOKIT” entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
[*]Click NO
[*]In the right panel, you will see a bunch of boxes that have been checked … leave everything checked and ensure the Show all box is un-checked.
[*]Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
[]Click OK.
[]GMER will produce a log. Click on the [Save…] button, and in the File name area, type in “GMER.txt”
[*]Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
I have done it. GMER.txt is attached.
I can see Norton on there but no sign of a rootkit or anything, definitely something unusual happening here
I will have a rummage around to see what I can find out
I was desperate so I downloaded norton:) I have really no idea what’s going on! I hope you will be able to help me! …
Thnx!
I will use a different AV to determine what the problem is… The most important part is the analysis zip file. That cannot be posted on the forum so will need to be either put in dropbox or uploaded to a file sharing site
Download AVPTool from Here to your desktop
Run the programme you have just downloaded to your desktop ( it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVPfront.gif
http://i1224.photobucket.com/albums/ee362/Essexboy3/avpsettings.gif
Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users[i]your name[/i]\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
http://i1224.photobucket.com/albums/ee362/Essexboy3/AVPAnalysis.gif
But I got a not deleted avast, norton and now again another program… I am concerned about my harddisk…
This programme will not install and it will ignore the other antivirus programmes
I ve selected the options you ve showed an scanning finish time: “in 6 hours” it says. What do you say?