Solved Why would I get a Stop Scan during Avast (free) Smart Scan?

April 11, 2015 at 13:02:09
Specs: Windows 7
I'm using the free version of Avast. When running the usual smart scan it suddenly reads the scan was stopped at 69%. I big red dot. Never gets to grime fighter

message edited by WhiteRhino


See More: Why would I get a Stop Scan during Avast (free) Smart Scan?

Report •

#1
April 11, 2015 at 15:59:23
✔ Best Answer
Lets have a look at what is going on, by using some special tools.

Here are the first 2 steps, there will be more steps needed after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#2
April 12, 2015 at 19:58:37
Thanks for your efforts, but I'm way in the weeds here. Stuff popping up I'm not sure how to deal with. I'm probably to the point where it's time for a new computer. Again, I appreciate your help but I'm too out of my depth.

Report •

#3
April 12, 2015 at 20:13:51
" I'm probably to the point where it's time for a new computer"
And make the same mistakes again.
Yes, it is usually User error that gets you into this predicament.

Have a go, if you are thinking of a new comp, nothing to lose.


Report •

Related Solutions

#4
April 12, 2015 at 20:22:43
Never for a moment did I think it was anything but user error. But I'm just that ignorant of the whole process to complete your instructions.
If I get a new machine, would you advise using avast again or a different protection? Is it worth paying to upgrade from free?
And I repeat, I appreciate your time and effort here.

Report •

#5
April 12, 2015 at 20:34:03
"If I get a new machine, would you advise using avast again or a different protection?"
Nothing wrong with Avast, it is the User, go to any Malware forum & no matter what AV they have installed, they got infected.

"Is it worth paying to upgrade from free?"
No, I personally use the free Microsoft AV that comes with the operating system.

Do you install programs?


Report •

#6
April 12, 2015 at 20:42:53
Here is the first report upon running suggested program:
# AdwCleaner v4.201 - Logfile created 12/04/2015 at 23:39:28
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : 8000sff - 8000SFF-PC
# Running from : C:\Users\8000sff\Downloads\adwcleaner_4.201(2).exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\e6ef235f0000128b
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Users\8000sff\AppData\Roaming\Groovorio
Folder Deleted : C:\Users\8000sff\AppData\Roaming\Systweak
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Users\8000sff\AppData\Roaming\Mozilla\Firefox\Profiles\wvgyj7ul.default-1413240465725\searchplugins\trovi.xml
File Deleted : C:\Users\8000sff\AppData\Roaming\Mozilla\Firefox\Profiles\wvgyj7ul.default-1413240465725\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ASP

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\a39ed3f7-3975-88bb-2562-4e9f73166320
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tune
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tune
Key Deleted : HKLM\SOFTWARE\WebBar

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2262 bytes] - [12/04/2015 23:38:37]
AdwCleaner[S0].txt - [2233 bytes] - [12/04/2015 23:39:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2292 bytes] ##########


Report •

#7
April 12, 2015 at 20:50:47
You have done that perfectly.

Report •

#8
April 12, 2015 at 21:04:46
I think I can, I think I can:
unkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Professional x86
Ran by 8000sff on Sun 04/12/2015 at 23:56:10.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVERRESTORE.EXE-EE5530A6.pf

~~~ Folders

~~~ FireFox

Emptied folder: C:\Users\8000sff\AppData\Roaming\mozilla\firefox\profiles\wvgyj7ul.default-1413240465725\minidumps [290 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/12/2015 at 23:57:21.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#9
April 12, 2015 at 21:08:05
We are on the right track, we will now dismantle the nasties bit by bit.
I will let you know when we are finished & show you how you got all this stuff.

How long can you stay online, let me know when you have to go offline, bed/work etc.
I'm here.
http://www.timeanddate.com/worldclo...

Update & Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan ( now called Threat Scan )
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box to Scan for rootkits.
http://i.imgur.com/dZgt1g2.gif
Copy and Paste the contents of the log, in your reply please.
Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.


Report •

#10
April 12, 2015 at 21:09:51
"I think I can, I think I can"
I'm sure you can, if you get stuck, just let me know.

Report •

#11
April 12, 2015 at 21:13:58
Will do. I'm going to begin this sequence. Can I leave the browser open through this?

Report •

#12
April 12, 2015 at 21:24:02
"Can I leave the browser open through this?"
Yep.


Report •

#13
April 12, 2015 at 21:52:08
Here you go.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2015
Scan Time: 12:27:54 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.13.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: 8000sff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293317
Time Elapsed: 4 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OptimizerPro, C:\ProgramData\{61cef395-5c28-14cd-61ce-ef3955c2ce55}\hqghumeaylnlf.exe, Quarantined, [21f55715dbaf9f97b2db74cd0df5e11f],

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#14
April 12, 2015 at 21:53:17
Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

Report •

#15
April 12, 2015 at 21:53:59
I also ran it a second time after checking the rootkit box
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/13/2015
Scan Time: 12:41:31 AM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.13.02
Rootkit Database: v2015.03.31.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: 8000sff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 293914
Time Elapsed: 5 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#16
April 12, 2015 at 22:00:27
"I also ran it a second time after checking the rootkit box
Malwarebytes Anti-Malware"
Perfect, you are going super well, I had spotted you missed it, but I always cover all the bases to allow for mistakes.

Report •

#17
April 12, 2015 at 23:34:50
Opp's, thought I had posted this, sorry.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif

message edited by Johnw


Report •

Ask Question