BProtect-A problem & others

[REDACTED]

I ran this week's scan and 2 issues were reported & I was advised to run a boot scan. which I did & Avast detected 6 issues. How do I remove these problems please. I ran mwb & that only picked up a few pups. Can anyone help please? I have attached the Avast boot log & mbam log. Do you need any more info?

Cheers

[Pondus]

How do I remove these problems please.

Malwarebytes quarantined what it found according to log
the other log show detection in temp folder

run TFC-Cleaner    http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/

see instructions here   https://forum.avast.com/index.php?topic=53253.0
scroll down to Farbar Recovery Scan Tool ...run as instructed and attach the two diagnostic logs

[REDACTED]

Monitoring.

[REDACTED]

The TFC seems to be stuck in a loop after recording a high number of bytes cleaned from the temp file of my SINGLE USER desktop. It didn't close the IE or hide the desktop. As far as I know I don't have an Admin account on my pc (W7 Home Premium). Any ideas please? Should I just exit TFC?

[REDACTED]

Apologies - TFC appears to have finished at last (after about 20mins!) I shall now attempt the next bit of your instructions.

[REDACTED]

I have run Farbar as instructed (hopefully!) and the 2 txt files are attached.

[REDACTED]

• Step #1 Fix with FRST
  Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
  • Open Notepad.exe. Do not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --

Code: [Select]

Start
Closeprocesses:
Emptytemp:
Task: {D292F15C-6E58-4C64-BCFF-A558E3D6CFC7} - \DealPlyUpdate No Task File <==== ATTENTION
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3589787884-2957561167-770806260-1000\...\Run: [] => [X]
CHR HKU\S-1-5-21-3589787884-2957561167-770806260-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3589787884-2957561167-770806260-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.talktalk.co.uk/mail/?check_cookie=1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> {70a02aa7-2f3f-41d4-97da-b9db0de80624} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AF4^xdm005^YYA^gb&si=CJa3g-SL4b4CFWqWtAodc1IA5w&ptb=39AC8499-7934-4C49-B1AF-C521F769E269&ind=2014060416&n=780c1f80&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-3589787884-2957561167-770806260-1000 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKU\S-1-5-21-3589787884-2957561167-770806260-1000 -> {70a02aa7-2f3f-41d4-97da-b9db0de80624} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^AF4^xdm005^YYA^gb&si=CJa3g-SL4b4CFWqWtAodc1IA5w&ptb=39AC8499-7934-4C49-B1AF-C521F769E269&ind=2014060416&n=780c1f80&psa=&st=sb&searchfor={searchTerms}
Toolbar: HKU\S-1-5-21-3589787884-2957561167-770806260-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
End

• • Click on File > Save as...
    
    • Inside the File Name box type fixlist.txt
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;
    
    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Attach the log in your next reply.

• Step #2 Fix with AdwCleaner
  
  • Download AdwCleaner by Xplode to your Desktop from the following link.
    
    • Download Link #1
    • Download Link #2
  • Right-click on AdwCleaner.exe and choose Run as administrator;
  • Click on Scan and let the program run unhindered;
  • When done, click on Clean and allow the system to reboot after it is done;
  • A log will be opened automatically after the restart;
  • Attach the log in your reply.

• Step #3 Fix with Junkware Removal Tool
  Download Junkware Removal Tool by thisisu to your Desktop from the link below.
  Download Link 1
  Download Link 2
  
  • Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself this article;
  • Run the program either by double-clicking(Windows XP) or Right-clicking and choosing Run as administrator(Windows Vista and above);
  • Please be patient as the tool cleans your system;
  • After completion of the process a log named JRT.txt will automatically open and is save to your Desktop;
  • Attach the log in your next reply.

• Required Log(s):
  
  • FRST Fix Log
  • AdwCleaner Log
  • Junkware Removal Tool Log

Regards,
Valinorum

[Pondus]

Apologies - TFC appears to have finished at last (after about 20mins!) I shall now attempt the next bit of your instructions.

i Guess it removed several GB of temp files ?

[REDACTED]

On step 3 of Valinorum's instructions (Fix with Junkware Removal) there are 2 downloads - both appear to contain an identically named jrt.exe. Is this right? If so which one should I use? or should I run both?

How long should the av be disabled for?

[Pondus]

  Is this right? If so which one should I use?

The download link that work      

  How long should the av be disabled for?

Until you are done ..... avast may block the work

[REDACTED]

Attached are the 3 files in response to Valinorum's post.

I seem to have lost a lot of hidden icons from the task bar including Avast - is that a problem?

[REDACTED]

Apologies! I've been too impatient again! The hidden icons re-appeared after restarting the computer (see my previous post).

Have I got the all clear now that I've followed the 3 steps to heaven? (files attached to my previous post).

[REDACTED]

Apologies - TFC appears to have finished at last (after about 20mins!) I shall now attempt the next bit of your instructions.

i Guess it removed several GB of temp files ?

I didn't pay attention to the actual figures - besides I have no real idea of what a large file is in this context.

Frank
PS Hope this posts ok - I've never attempted to include a quote in a post before!

[REDACTED]

How is your PC performing? Please attach a screenshot of the hidden icons you are seeing.

[REDACTED]

How is your PC performing? Please attach a screenshot of the hidden icons you are seeing.

Hi I attempted to post a reply to your question - but it seems to have disappeared - so here it is again:

My computer seems to be working ok so far, apart from the effects of the clearing down of temp files. Coincidently the web site of my main email service provider (Tiscali) became unreachable about the time that your cleanup operation finished. I assumed that my failure to access my emails was somehow caused by the cleanup - but I was wrong (Tiscali, the poor relation of TalkTalk, suffers all-too-frequent serious outages - usually when they attempt an "upgrade" to their website!).

Can you please confirm that as far as you can tell, the infection has been removed and that normal service can be resumed.

The screen print you asked for of my hidden icons is attached. As you can see it looks to be restored to how it was.

Thanks for all your help so far.
Regards
Frank