Win32:bprotect-d trj

[topic]

Hello TwinHeadedEagle!E1...I also have problem with Win32:bprotect-d trj,I wasn't able to remove it nor to block or repair,and it shows when I was running a boot-scan with avast...I would really appreciate if you or anyone could help me with this...here are my log reports,and the TDSSKiller didnt produce a log file for me to attach also, it did say that no threats were found.can anyone help me somehow,please?

[magna86]

I'm on it ...

[magna86]

Hi topic,

C:\Program Files\Telenor Internet
Are you from Serbia?   
Da li si ti iz Srbije?



As one of collegues know to say here ... you really have adware city. 
- Do NOT use any USB devices while cleaning is in progress:

For start go to control panel > programs and feauter and from there try to uninstall the following:
If something you can't uninstall, just skip it and go to the next item


Uninstall::
BitGuard
Bundled software uninstaller
Complitly
DefaultTab
DefaultTab Chrome
Delta toolbar
FilesFrog Update Checker
iLivid
Lyrics-Monkey
MixiDJ chrome Toolbar
MixiDJ Toolbar
WebCake 3.00


Reboot the PC. Re-run FRST, tick the Addition.txt options and press Scan button. Please post here the fresh FRST logs ...

[Michael (alan1998)]

Damn! Uhhh, Wow, lots of adware there. Run MBAM (Malwarebytes).

In answer to the question "If I disable Avast! I won't get a warning about Zoek?"

The answer to that is yes. It is a known Fixit tool, and disabling Avast! will allow it too run.

[magna86]

Do not run any program untill I tell you so (including Malwarebytes). AdwC. has already done enough, half of it will not want to uninstall by itself ...

Just follow uninstall process (their uninstaller should clean PUP software thorough from registry) as I do not want to hunt PUP leftovers in system.

[topic]

ty Magna,Michael...yes,I'm from Serbia...
Magna in control panel I found only BitGuard and MixiDJ chrome Toolbar...is that enough?can I skip the rest?

[topic]

I reboot my PC...here are new logs...Michael,Magna what to do next?

[magna86]

Ja sam takodje iz Srbije. 
//I am from serbia too


Pricekaj dok pregledam izvestaje.
//Please hold on while I look at your logs ...

[topic]

u redu...hvala!

[magna86]

EN: Below is a instruction for creating and running FixList fro FRST tool. This shall tell FRST to target the bad things ...
Do not use any USB devices until I tell you so !

SR: Ispod se nalazi uputstvo za pravljenje FixList i pokretanje FRST alata preko FixList skripte. Ovo ce reci FRST alatu da cilja maliciozne i PUP/adware unose ...
Ne koristi USB uredjaje dok ti to ne zatrazim !

------

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

Code: [Select]

Start
File: C:\Users\Acer\STOR_Win7_XP_11.1.0.1006.exe
C:\Users\Acer\AppData\Roaming\DefaultTab
C:\ProgramData\Premium
C:\Program Files\SmartTweak Software
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\5w0wbqq4.default\Extensions\ffxtlbr@mixidj.com
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
C:\Program Files\OnlineHD.TV
C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
C:\Users\Acer\AppData\Local\Temp\*.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\Run: [MSIDLL] - rundll32.exe msixhm32.dll,AvZkkUURWhHo
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3501&t=01
URLSearchHook: HKCU - (No Name) - {62d40876-df18-411f-9d34-a9dd7a197bc5} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt200YYrs&ptnrS=ZUxpt200YYrs&ptb=0ED57B0E-4ED2-448E-B4CF-968FA1FADD20&ind=2012110318&n=77ee5dee&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - BF3A61E8060249EDB2343ECDB2C7EBD5 URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=708108EDB927F374&affID=121133&tsp=4951
SearchScopes: HKCU - {41DB8BE9-D286-4FE3-8DD0-3F222DEEC605} URL = http://search.babylon.com/?q={searchTerms}&affID=116775&tt=201112_ccp_ctrl_4712_1&babsrc=SP_ss&mntrId=70817955000000000000001e101f1f81
SearchScopes: HKCU - {564973FB-5DA1-47C1-B401-01D6A0D76890} URL = http://www.mysearchresults.com/search?c=3501&t=01&q={searchTerms}
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt200YYrs&ptnrS=ZUxpt200YYrs&ptb=0ED57B0E-4ED2-448E-B4CF-968FA1FADD20&ind=2012110318&n=77ee5dee&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {CF28A6B9-332D-4645-B5EA-66BE2AEED611} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
SearchScopes: HKCU - {DB7E87E2-09E5-46B1-AD93-B3D253D39D77} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^RS&apn_uid=cf420e15-32c6-49dc-a3b3-ac3388e0c258&apn_sauid=E257BA9D-A611-4E81-9991-80A02B93B25F
Toolbar: HKCU - No Name - {62D40876-DF18-411F-9D34-A9DD7A197BC5} -  No File
FF Extension: MixiDJ Toolbar - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\5w0wbqq4.default\Extensions\ffxtlbr@mixidj.com [2013-07-22]
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2013-08-10]
CHR HKLM\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx [2012-10-24]
CHR HKCU\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
Task: {2DD011C2-1C66-409A-B217-3786E1C64F46} - System32\Tasks\DTReg => C:\Users\Acer\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {BEA1E6CD-BEC4-421C-B236-DA76DFAC11BC} - System32\Tasks\OptimizerPro1UpdaterTask{10CA0351-BF62-492A-BD47-F333DA308FA2} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{10CA0351-BF62-492A-BD47-F333DA308FA2}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8aed481d-0bf8-11e3-9c1e-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf509b-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50a9-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50b4-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50c0-13d9-11e2-9f76-047d7b94b6a8} - E:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {bc60983a-1254-11e2-9ff4-047d7b94b6a8} - D:\Windows\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {bc60984c-1254-11e2-9ff4-047d7b94b6a8} - D:\Windows\AutoRun.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
REBOOT:
End
2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
[size=9]To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt[/size]
[size=9]Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.[/size]

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
[size=9]Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.[/size]



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
[size=9]Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.[/size]

[topic]

ty very much,Magna!I saved fixlist in Downloads folder 'cause there is FRST not on Desktop,I hope that is all right(they are in same folder).I started again FRST Fix and here is report-I hope it looks fine!

hvala puno Magna!sacuvao sam fixlist u downloads folderu,tamo je i FRST ne na desktopu,nadam se da je to u redu...pokrenuo sam ponovo FRST Fix i evo izvestaja-nadam se da izgleda u redu?

[magna86]

We will continue later.

Nastavicemo nesto kasnije.



 

[topic]

ok...u redu...

[magna86]

Hi topic,

Fix has passes just fine. Now please post me the fresh FRST logs (both of them, addition and primary FRST logreport).

[topic]

Hello Magna!
here you are...tnx for the help again....zaista hvala!