OTL log . Problems reinstalling avast.

[anjana]

Hi Essexboy;
i'm having trouble reinstalling avast after a malware virus.
The virus seem s to be gone but I still can't download avast completely.
Someone suggesyted to run OTL and post the logs here for you to see and recomend what to do or any advice, really!
I just did that  below
What ca I do?
Thanks

 
 
 
 
 

[anjana]

here are the logs

[anjana]

the extras

[YoKenny]

Go to PROFILE then Modify Profile then Forum Profile Information then Signature: and put information about your system just like my signature about your system just like my signature so that the helpers can offer pertinent advice.

In Account Related Settings select Hide email address from public to prevent scammers and spammers harvesting your comcast.net email address.

[Pondus]

I will send Essexboy a PM so he see this. be patient he works in several forums

[anjana]

thanks Pondus!
It seems that thanks to you and Chabbo I got to reinstall avast and get rid of the problem, so far it seems good...
Should I delete the virus from quarantine now?
Do you advise to upgrade to malwarebytes profesional, what's the difference?
Thanks!

[Pondus]

Do you advise to upgrade to malwarebytes profesional, what's the difference?

yes if you see my signatur, this is the one i use. It is a one time fee for a liftime license
I is very good at detecting and removing rogue programs.
The pro have IP block so it will block you from entering websites that are listed,auto update, scheduled scan
some info here " How To Use The New Scheduler, Applicable To Versions 1.45 and 1.46 Only " http://forums.malwarebytes.org/index.php?showtopic=45177

MBAM forum http://forums.malwarebytes.org
MBAM web   http://www.malwarebytes.org/

[anjana]

thanks Pondus! I'll look into that.
And thanks YoKenny for telling me about updating my profile for my signature and to hide my email address. I have no experience in Forums and did not know about it.
I'm learning and so far I've encountered great teachers!

[essexboy]

Hi just a few bits to kill

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

Code: [Select]

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2010/05/16 09:35:36 | 000,000,000 | ---D | C] -- C:\Users\Helena Guerrero\AppData\Local\mhfpanjmg
[2010/05/16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Helena Guerrero\AppData\Roaming\IObit

:Commands
[CLEARALLRESTOREPOINTS]
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
  

THEN

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

[anjana]

thanks Essexboy!
Just one question. After I  run that OTL log I posted I did a full scan with avast, it found a virus in that same folder
C:\Users\Helena Guerrero\AppData\Local\mhfpanjmg\mjnagrptssd.exe
Win32:Crypt-GKR (Drp)
So that folder is now in the chest.
Do you recomend to run a boot scan after i run the OTL again, should i change something  or just do as you advice regardless of the file being in the chest?
Thanks

[essexboy]

Intriguing OTL should have removed that folder - ah just reread you did the scan before running the OTL fix ?

Lets now see what MBAM reveals, on completion can you let me now what problems remain

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

[anjana]

Hi !
yesterday morning I did the
1-  Malaware scan,
2 - I did the OTL which is the log you saw.
I reinstalled Avast! finally...
3 - I did another Malaware scan with no infections found.
4 - I did an Avast full scan and found the file:C:\Users\Helena Guerrero\AppData\Local\mhfpanjmg\mjnagrptssd.exe
Win32:Crypt-GKR (Drp), (for some reason it did not appear in the Malaware scan)
So that folder is now in the chest.
 I read your suggestion this morning, but that file is already on the chest.
Should i proceed with your advice (below) as it is knowing that the folder is in the chest already or should I change something before rerunning OTL? And should I schedule a boot scan when rebooting?  thanks!

Run OTL

•Under the Custom Scans/Fixes box at the bottom, paste in the following


Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
[2010/05/16 09:35:36 | 000,000,000 | ---D | C] -- C:\Users\Helena Guerrero\AppData\Local\mhfpanjmg
[2010/05/16 16:19:17 | 000,000,000 | ---D | M] -- C:\Users\Helena Guerrero\AppData\Roaming\IObit

:Commands
[CLEARALLRESTOREPOINTS]
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]

[essexboy]

Run OTL with the script and let us see what it says

[anjana]

ok1
i run the Custom Scan and this came up in notepad:
All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
Error: Unable to interpret <[EMPTYFLASH]> in the current context!
Error: Unable to interpret <[Reboot]> in the current context!
 
OTL by OldTimer - Version 3.2.4.1 log created on 05202010_142048

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

2- I did the fix scan and here are the  results.

3 - i went to internet options LAN settings and everything is unchecked there ( I unchecked that  3 days ago because the proxy where checked and i could no use my browser, after I unchecked it my IE work), so I did not restart the computer again, do I need to do it anyway? Should automatically detect settings be checked?

[essexboy]

so I did not restart the computer again, do I need to do it anyway? Should automatically detect settings be checked?

No and yes  just a restart of IE will set the settings

What problems do you have now ?