PUP.bProtector

[argus]

Do you know how many antivirus programs active to your computer?
Norton, BullGuard, McAfee, Kaspersky, BitDefender.

All this must be removed. Then do the following.


Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds to run the tool.

    * When done, DDS will open two (2) logs:
        1. DDS.txt
        2. Attach.txt

Save both reports to your desktop. DDS.txt and Attach.txt attach back to topic.

[MattiieG]

that may be why then, I hadn't got around to removing them all

[MattiieG]

Argus, I do not have BitDefender on my computer...
Does it say I do? Because I have never installed it.

[argus]

BitDefender driver 

Code: [Select]

DRV:[b]64bit:[/b] - [2013/01/25 14:33:16 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)

[Pondus]

Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files

[argus]

Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files

Maybe,  but ...


MattiieG
Remove everything you can, I'll look at later DDS report and if necessary to remove residues.

[MattiieG]

OK, I have removed all of the anti-viruses I can see
lets hope this works

[MattiieG]

ok, just creating dds.txt now

[Pondus]

it works here on my iPad !

[argus]

Try here

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.pif

[MattiieG]

yeah, I just went onto their website and got it from there
anyways.

[argus]

Very good, but we still have a little job.



1. Please download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

--------------------------------------------------------------------
2. Temporarily disable your AntiVirus program.
If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

• Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
  
• In the window that opens on the top right corner, click Settings.
  
• In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
  
• => Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
  
• In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.
  

Note: Do not forget to turn on this option after the cleaning.

--------------------------------------------------------------------
3. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix's window while it is running.
If you see a message like "Illegal operation attempted on a registry key that has been marked for deletion" just restart computer once more.

--------------------------------------------------------------------
4. When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
 Attach log reports ( ComboFix.txt) back to topic.

[MattiieG]

Got it
I think that's it, right?

[argus]

Open notepad and copy/paste the text present inside the code box below:

Code: [Select]


File::
c:\progra~2\mcafee\SITEAD~1\McSACore.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.5\ccSvcHst.exe

Driver::
McAfee SiteAdvisor Service
Skype C2C Service
NCO

DDS::
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

Firefox::
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cx06n1gp.default\
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Save this as CFScript.txt



Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:\ComboFix.txt )

[MattiieG]

I shall do this tomorrow, I am off now, is that ok?