Some help please. It appears that my avast will not scan.

Viruses and worms
1

Something is slowing my browser down a lot. I decided to do a scan and I cannot seem to get one to start. I have clicked on my tray icon and managed to open up the avast panel and go into many parts except if I click on scan or security, then it just exits the main window, returning to just the tray status. I am definitely not a techie and don’t know where to go from here. Thanks.

2

attach logs…not copy and paste

http://forum.avast.com/index.php?topic=53253.0. AdwCleaner / malwarebytes / OTL

3

Monitoring

4

Okay here are my logs.

5

Hi,

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:PROCESSES
KillAllProcesses

:REG
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
[-HKEY_CLASSES_ROOT\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"=-

:FILES
C:\Program Files (x86)\Swag_Bucks
C:\Users\zach\AppData\Roaming\Mozilla\Firefox\Profiles\1vih52vh.default\searchplugins\dokotoolbar.xml
C:\Users\zach\AppData\Roaming\Mozilla\Firefox\Profiles\1vih52vh.default\searchplugins\swagbuckscom.xml

:OTL
FF - prefs.js..browser.search.defaultenginename: "Swagbucks.com"
FF - prefs.js..browser.search.selectedEngine: "Swagbucks.com"
FF - prefs.js..browser.search.useDBForOrder: true

:COMMANDS
[CREATERESTOREPOINT]
[REBOOT]

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

THEN…

Scan with Combofix:

[*] Please download ComboFix by sUBs and save it to your Desktop.
You may read how Combofix works here.

[*] Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

[*] Run ComboFix. Click on I Agree! & follow the prompts.
Note: If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.

[*] When finished, it will produce a report for you. Please attach log reports (ComboFix.txt) back to topic.
(typical log location: C:\ComboFix.txt )

6

More logs.

7

Open notepad and copy/paste the text present inside the code box below:

DirLook::
c:\program files (x86)\Browny02

SkipFix::

Folder::
c:\programdata\Babylon

ClearJavaCache::

FileLook::
c:\users\zach\AppData\Roaming\mjusbsp\cdloader2.exe

Firefox::
FF - ProfilePath - c:\users\zach\AppData\Roaming\Mozilla\Firefox\Profiles\1vih52vh.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - user.js: extensions.dokotoolbar.tlbrSrchUrl - hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0AD818F46ACC09A5&affID=125830&tsp=5039
FF - user.js: extensions.dokotoolbar.tb_url - hxxp://www.doko-search.com/?q={searchTerms}&babsrc=TB_ss&mntrId=0AD818F46ACC09A5&affID=125830&tsp=5039
FF - user.js: extensions.dokotoolbar.id - 0ad81bf200000000000018f46acc09a5
FF - user.js: extensions.dokotoolbar.appId - {43083724-E0DA-43B9-B7D5-4C5EB0781850}
FF - user.js: extensions.dokotoolbar.instlDay - 15996
FF - user.js: extensions.dokotoolbar.vrsn - 1.8.26.9
FF - user.js: extensions.dokotoolbar.vrsni - 1.8.26.9
FF - user.js: extensions.dokotoolbar.vrsnTs - 1.8.26.916:55
FF - user.js: extensions.dokotoolbar.prtnrId - dokotoolbar
FF - user.js: extensions.dokotoolbar.prdct - dokotoolbar
FF - user.js: extensions.dokotoolbar.aflt - babsst
FF - user.js: extensions.dokotoolbar.smplGrp - none
FF - user.js: extensions.dokotoolbar.tlbrId - base
FF - user.js: extensions.dokotoolbar.instlRef - sst
FF - user.js: extensions.dokotoolbar.dfltLng - en
FF - user.js: extensions.dokotoolbar.excTlbr - false
FF - user.js: extensions.dokotoolbar.ffxUnstlRst - true
FF - user.js: extensions.dokotoolbar.admin - false
FF - user.js: extensions.dokotoolbar.autoRvrt - false
FF - user.js: extensions.dokotoolbar.rvrt - false
FF - user.js: extensions.dokotoolbar.newTab - false

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

NEXT …

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.

8

More logs. Am I getting close to being cleaned up? Thanks for all the help so far.

9

Posted logs looks good. How’s your computer running now?

10

Nice and smooth. It still concerns me that I can’t seem to get Avast to do a scan when prompted. Is there a box that is supposed to pop open showing it scanning if you click on scan now?

11

Can’t tell why avast hang but we have been remove all malware and junk files. As additional, it’s clean an file cache & temp files. Your PC is clean.

I shall remove used tools:

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

Please download DelFix by “Xplode” to your Desktop.

Run the tool and check the following boxes below;

[] Remove disinfection tools
[] Create registry backup
[*] Purge System Restore

Now click on “Run” button. Wait for the programme completes his work.
All the tools we used should be gone.
Tool will create and open an log report (DelFix.txt)
Note: The report will also be stored on C:\DelFix.txt

I don’t need DelFix log report.

I recommended to use MCShield if you will.
You may download MCShield from one of the following links:

MyCity - Official download link
Softpedija - Mirror download link

It will prevent infection by computer via USB flash drive, mobile phone or any other memory card.
And not only will prevent infection, but it will immediately clean flash drive, memory card or external HDD.

12

Thank you very much for all your help. Truly appreciated by someone who has no knowledge about coding and such.