Hello, I have the same problem as in this topic: http://forum.avast.com/index.php?topic=142258.0 but I am totally lost at what to do.
I’ve downloaded malwarebytes but it needs me to deactivate anti-virus etc and I’m afraid to do so because then avast won’t be blocking the pages from opening.

here’s a screenshot ( it’s in czech but the problem is obvious )

if you could help me I’d be very very grateful!

reketrebn

also I just found the sprotector.dll and uninstall in VaudiX folder in the program files on my (C:) … should I delete it??
it’s also in my installed programs, should I uninstall it?

Hi,

http://forum.avast.com/index.php?topic=53253.0

Post Malwarebytes, OTL and aswMBR logs.

here are the malwarebytes and OTL logs

and btw there suddenly appeared some desktop.ini and some MS office file icons (those that appear temporarily when you open a document) on my desktop…is this normal?

there may be after you run OTL … these will be gone when magna removes the tools used

@reketrebn

http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool to your desktop.

[]Shut down your protection software now to avoid potential conflicts.
[]Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select “Run as Administrator”.
[]The tool will open and start scanning your system.
[]Please be patient as this can take a while to complete depending on your system’s specifications.
[]On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
[]Post the contents of JRT.txt into your next message.

Then …

1. Please download ComboFix by sUBs from here and save it to your Desktop.
   If you are unsure how ComboFix works please read this guide carefully.
   Note: ComboFix must be downloaded to your Desktop.

2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
   If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right click on the avast! system tray icon (
http://www.mcshield.net/pg/images/avast5.png
) in the lower right corner of the screen and scroll up to avast! shield controls;
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

3. Run ComboFix. Click on I Agree!

[i][size=7pt]- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.

• ComboFix will check if there is a newer version of ComboFix available.
  Click Yes if prompted to download.[/size]
  -If Recovery Console is not installed, ComboFix will offer download & installation.
  Click Yes to allow ComboFix to install Recovery Console.
• ComboFix will scan your computer in stages, total of 50 stages.
  Do not mouse-click around while ComboFix is running.
  Note:If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart your computer.
  [/i]

4. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
   Attach log reports ( ComboFix.txt) back to topic.

@magna86

I’m still scanning with aswMBR and the Malwarebytes found 4 files and cleaned them… should I still proceed with JRT and combofix?

should I still proceed with JRT and combofix?

here’s the JRT log

and the combofix log…

Ok, CF did it’s job. Now we shall run ComboFix again but via CFScript.

Open notepad and copy/paste the text present inside the code box below:

SkipFix::

File::
c:\program files (x86)\GUTDBF1.tmp
c:\windows\Tasks\VaudiXUpdaterTask{96ADD4C9-E3D4-409B-9853-5F98DED0556E}.job

ClearJavaCache::

Folder::
c:\programdata\Premium\VaudiX
c:\users\Seli\AppData\Roaming\Mozilla\Firefox\Profiles\zqmttvxt.default-1384776424980\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

=====Next =====

Re-run OTL, just click QuickScan and post me fresh OTL.txt logreprot.

here you go:

I will examine the posted logs later.

Run this OTLScript and then tell me how’s your computer running now?

Re-run OTL.exe.

[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.

:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:FILES
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
C:\Users\Seli\Desktop\*.tmp
C:\Windows\*.tmp
C:\Program Files (x86)\*.tmp

[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn’t appear, it can be found here:

c:_OTL\MovedFiles\mmddyyyy_hhmmss.log

…it didn’t restart. but maybe it’s because I had to restart it myself before bcs it couldn’t get past the “welcome” screen and load the desktop
but here’s the log

and I also want to ask if that VaudiX software should be still in the installed programs section? it was obviously removed from everywhere but it’S still showing here…

..it didn't restart. but maybe it's because I had to restart it myself before bcs it couldn't get past the "welcome" screen and load the desktop but here's the log

and I also want to ask if that VaudiX software should be still in the installed programs section? it was obviously removed from everywhere but it'S still showing here..

Any other problems?

okay, I uninstalled it and it seems that it’s gone for good. Thank you endlessly for your awesome help and patience with me!! I’m really grateful and I hope it doesn’t repeat again soon -_-
I only want to ask if there’s any way how to prevent these things? or should I scan the pc periodically with something more than avast or cc cleaner? and which programs I downloaded should I keep?

thank you once again for saving me!

Here are few tips for you. Also preform post-cleaning steps to remove used tools.
You are malware free. Posted logs are now appear cleans and show no signs of active infection.

Good workman always cleans up after himself.
• The following will implement some post-cleanup procedures:

It is necessary to uninstall ComboFix :

[*] Click Start (or
http://amf.mycity.rs/pg/images/VistaStartButton.png
) then Run.

On Windows7 or Vista you may use Start Search field if Run is not available.

[*] In the line of text type in (Copy) the following:

ComboFix /Uninstall

Note that there is a space between " ComboFix " and " /Uninstall " .

[*] then click OK (or press Enter ).

Wait for the uninstall process is complete.

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

• To help AntiVirus to protect your computer and speed it up, I recommend that you download, install and keep the following free programs:

1. Keep Malwarebytes Anti-Malware, update it regularly or from time to time and run a Quick Scan weekly.
   Malwarebytes will detect and remove all traces of known malware. MBAM isn’t AntiVirus and it can NOT replace it.

2. Keep MCShield Anti-Malware, the tool will be updated regularly and perform auto-checking for malware to each attached USB memory device.
   MCShield, has been designed as a lightweight scanner that’s smart enough to catch even new worms and work in fully automatic removal mode.

3. It’s recommended to delete Temporary Files every once in a while. Run the tool and click on the Start button and TFC will begin to clean. Then restart the computer.
   Temp File Cleaner aka TFC by OldTimer
   TFC is small & usefull utility that shall clean up temp files from all userprofiles and system folders.

• How to protect yourself?

• I recommend that you use one of the fantastic opportunities provided by
  http://www.mcshield.net/pg/images/avast5.png
  avast! 2014.

1. Adjust avast! to target PUP software:
   Run avast! 2014 by clicking the system tray icon in the lower right corner of the screen.
   Click on Settings, in the new window that opens, click on Active Protection, then under File System Shield click on gear wheel…
   Under Sensitivity part of option check box for Scan for potentialy unwanted programs PUP.

2. avast! Software Updater. Run avast!, click on Tools > Software Updater.
   For security reasons, make sure you do update your browser(s), Java, Flash Player, and basically every software you use often.

3. avast! Browser Cleanup. Run avast!, click on Tools > BrowserCleanup.
   Browser Cleanup tool is an integrated tool in avast! AV that allows you the control on browsers unwanted addons.

4. avast! Malware Scan. Run avast!, click on Scan and preform QuickScan by clicking on Start button.
   Every once in a whilere, it’s recommended to preform virus scan with avast! 2014.

• Windows Updates, beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
  Widnows XP; Windows Vista; Windows 7 and Windows 8

all done!! thank you for everything!