sprotector.php URL:Mal alerts every few minutes

[reketrebn]

Hello, I have the same problem as in this topic: http://forum.avast.com/index.php?topic=142258.0 but I am totally lost at what to do.
I've downloaded malwarebytes but it needs me to deactivate anti-virus etc and I'm afraid to do so because then avast won't be blocking the pages from opening.

here's a screenshot ( it's in czech but the problem is obvious )

if you could help me I'd be very very grateful!

reketrebn

[reketrebn]

also I just found the sprotector.dll and uninstall in VaudiX folder in the program files on my (C:) .... should I delete it??
it's also in my installed programs, should I uninstall it?

[magna86]

Hi,

http://forum.avast.com/index.php?topic=53253.0

Post Malwarebytes, OTL and aswMBR logs. 

[reketrebn]

here are the malwarebytes and OTL logs

and btw there suddenly appeared some desktop.ini and some MS office file icons (those that appear temporarily when you open a document) on my desktop..is this normal?

[Pondus]

there may be after you run OTL .... these will be gone when magna removes the tools used

[magna86]

@reketrebn



  Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Then ...




1. Please download ComboFix by sUBs from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
Note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program, usually via a right click on the System Tray icon. They may interfere with Combofix.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

• Right click on the avast! system tray icon () in the lower right corner of the screen and scroll up to avast! shield controls;
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn back on this option after the cleaning by choosing avast! shield controls > Enable all shield options.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

- ComboFix will display DISCLAIMER of warranty on software.
By clicking I Agree ComboFix shall continue.
- ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
-If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
- ComboFix will scan your computer in stages, total of 50 stages.
Do not mouse-click around while ComboFix is running.
Note:If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart your computer.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
Attach log reports ( ComboFix.txt) back to topic.

[reketrebn]

@magna86

I'm still scanning with aswMBR and the Malwarebytes found 4 files and cleaned them... should I still proceed with JRT and combofix?

[Pondus]

should I still proceed with JRT and combofix?

yes...since he has recomended Combofix he may have seen something bad... and JRT will remove crap

[reketrebn]

here's the JRT log

[reketrebn]

and the combofix log..

[magna86]

Ok, CF did it's job. Now we shall run ComboFix again but via CFScript.

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]

SkipFix::

File::
c:\program files (x86)\GUTDBF1.tmp
c:\windows\Tasks\VaudiXUpdaterTask{96ADD4C9-E3D4-409B-9853-5F98DED0556E}.job

ClearJavaCache::

Folder::
c:\programdata\Premium\VaudiX
c:\users\Seli\AppData\Roaming\Mozilla\Firefox\Profiles\zqmttvxt.default-1384776424980\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )


=====Next =====


Re-run OTL, just click QuickScan and post me fresh OTL.txt logreprot.

[reketrebn]

here you go:

[magna86]

I will examine the posted logs later.

[magna86]

Run this OTLScript and then tell me how's your computer running now?


Re-run OTL.exe.

• Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
  
  

Code: [Select]

:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:FILES
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
C:\Users\Seli\Desktop\*.tmp
C:\Windows\*.tmp
C:\Program Files (x86)\*.tmp


• Then click the Run Fix button at the top.
  
• Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.

If the log doesn't appear, it can be found here:

c:\_OTL\MovedFiles\mmddyyyy_hhmmss.log

[reketrebn]

..it didn't restart. but maybe it's because I had to restart it myself before bcs it couldn't get past the "welcome" screen and load the desktop
but here's the log

and I also want to ask if that VaudiX software should be still in the installed programs section? it was obviously removed from everywhere but it'S still showing here..