BitGuard notified as an infected file, BUT ...

[REDACTED]

Uninstalling BitGuard doesn't totally work.
The folder C:/ProgramData/BitGuard/2.6.1694.246/{c16 ... } can't be deleted or renamed from an Administrator User, says you need admin privilege but gives no continue button to set it.
The folder was a hidden or system file, I had to change the options to display it.

[Pondus]

BitGuard notified as an infected file

And what malware name did avast give?

Was it   PUP.bProtector ?

[essexboy]

Needs removing as adware

[REDACTED]

malware name-  Threat: Win32:BProtect-B [Trj]

[REDACTED]

removing as adware?

Er!

[Pondus]

removing as adware?

Er!

see instructions here  https://forum.avast.com/index.php?topic=53253.0
attach Malwarebytes and Farbar Recovery Scan Tool logs ... 3 logs total

below the box you write in here, see Attachments and other options


When done, a malware expert will assist you

[REDACTED]

Only done Malware so far ...

hmm how to attach, that is the question ...

Ah! I see now.

[essexboy]

Will need FRST to continue cleaning

[REDACTED]

Yes, sorry, I'm looking at the instructions now

[REDACTED]

FRST files attached

This line looks interesting:

Task: {2A0EEACD-0342-4325-AFBF-B1BF642C37D7} - \BitGuard No Task File <==== ATTENTION

[essexboy]

Let me know how the computer is after this

CAUTION :  This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dllATTENTION! ====> ZeroAccess?
ShellExecuteHooks-x32:  - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  No File [ ]
CHR Extension: (Delta Toolbar) - C:\Users\bobinski\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2015-08-01]
2015-08-01 15:35 - 2013-05-25 17:07 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2015-08-01 14:37 - 2013-01-09 19:29 - 00000420 ____H C:\Windows\Tasks\ContinueToSaveUpdaterTask{876AA107-075C-4817-9340-18CFA7B9D19E}.job
2015-08-01 14:37 - 2012-11-20 18:06 - 00000408 ____H C:\Windows\Tasks\OptimizerProUpdaterTask{EF833DE1-DB9D-4840-9FF8-603FD95EFDDB}.job
2015-08-01 14:27 - 2013-10-19 18:40 - 00000000 ____D C:\ProgramData\BitGuard
2015-08-01 14:27 - 2013-05-25 17:15 - 00000000 ____D C:\Program Files (x86)\Tuguu SL
2015-08-01 14:27 - 2013-05-25 17:07 - 00000000 ____D C:\Program Files (x86)\Delta
2015-07-30 20:18 - 2013-10-05 09:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
C:\$Recycle.Bin\S-1-5-21-878039286-2426789999-187418573-1001\$20c6343bf07ac0e2f41117a0515252a3
C:\$Recycle.Bin\S-1-5-18\$20c6343bf07ac0e2f41117a0515252a3
C:\Users\George\jagex_runescape_preferences.dat
C:\Users\George\jagex_runescape_preferences2.dat
C:\Users\George\jagex__preferences3.dat
Task: {2A0EEACD-0342-4325-AFBF-B1BF642C37D7} - \BitGuard No Task File <==== ATTENTION
Task: {348EE900-37E7-49F1-8876-BC59FD6E4758} - System32\Tasks\OptimizerProUpdaterTask{EF833DE1-DB9D-4840-9FF8-603FD95EFDDB} => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exe <==== ATTENTION
Task: {3A0FE4C1-DD79-4444-BAA4-934FC4AD302E} - System32\Tasks\{6D0A03D6-D463-4AAC-B383-E964FCAB608F} => pcalua.exe -a E:\setup.exe -d E:\
Task: {99A68130-E0A9-4773-A7AF-F4458D6E03B2} - System32\Tasks\ContinueToSaveUpdaterTask{876AA107-075C-4817-9340-18CFA7B9D19E} => C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exe [2012-09-19] () <==== ATTENTION
Task: {C66F2927-8905-4D20-853E-A1F65B837196} - \EPUpdater No Task File <==== ATTENTION
Task: C:\Windows\Tasks\ContinueToSaveUpdaterTask{876AA107-075C-4817-9340-18CFA7B9D19E}.job => C:\ProgramData\Premium\ContinueToSave\ContinueToSave.exeK/schedule /profilepath C:\ProgramData\Premium\ContinueToSave\profile.ini <==== ATTENTION
Task: C:\Windows\Tasks\OptimizerProUpdaterTask{EF833DE1-DB9D-4840-9FF8-603FD95EFDDB}.job => C:\ProgramData\Premium\OptimizerPro\OptimizerPro.exeI/schedule /profilepath C:\ProgramData\Premium\OptimizerPro\profile.ini <==== ATTENTION
C:\ProgramData\Premium
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers

 
Save this as fixlist.txt, in the same location as FRST.exe

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Scan.
  
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S0].txt as well.
  

[REDACTED]

It took ages as it reloaded and a boot scan was scheduled.

fix log and bootscan attached ...

Off to work now, havn't done the next bit yet.

[REDACTED]

Avast! warning about AdwCleaner attached

[Pondus]

Just ignore ...

[REDACTED]

# AdwCleaner v4.208 - Logfile created 02/08/2015 at 23:06:30
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : bobinski - GEORGES-PC
# Running from : C:\Users\bobinski\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\StarApp
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
Folder Deleted : C:\Program Files (x86)\MocaFlix
Folder Deleted : C:\Program Files (x86)\Web Cake
Folder Deleted : C:\Program Files\Uninstaller
Folder Deleted : C:\Users\bobinski\AppData\LocalLow\continuetosave
Folder Deleted : C:\Users\bobinski\AppData\LocalLow\Delta
Folder Deleted : C:\Users\bobinski\AppData\LocalLow\SaveAs
Folder Deleted : C:\Users\George\AppData\Local\PackageAware
Folder Deleted : C:\Users\George\AppData\LocalLow\ShopperReports3
Folder Deleted : C:\Users\George\AppData\LocalLow\ShoppingReport
Folder Deleted : C:\Users\George\AppData\Roaming\Babylon
Folder Deleted : C:\Users\George\AppData\Roaming\Web Cake
Folder Deleted : C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage-journal
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjoijdanhaiflhibkljeklcghcmmfffh_0.localstorage
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fjoijdanhaiflhibkljeklcghcmmfffh_0.localstorage-journal
File Deleted : C:\Program Files (x86)\WebCakeLayers.crx
File Deleted : C:\Users\George\Desktop\Sync Folder.lnk
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_omni-cdn.getwebcake.com_0.localstorage-journal
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage
File Deleted : C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_omni-cdn.getwebcake.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\5908f8cb76feb40
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8e4eb48d
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_a8235b05
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Delta
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : HKLM\SOFTWARE\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DMUninstaller
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ContinueToSave
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C776EBEBCBCFBE408892EE7B12517FC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C776EBEBCBCFBE408892EE7B12517FC

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Google Chrome v44.0.2403.125

[C:\Users\bobinski\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.soft-quick.info/?l=1&q={searchTerms}
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=26AE7EE40000E7F5
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : eooncjejnppfjjklapaamhcdmjbilmde
[C:\Users\George\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : fjoijdanhaiflhibkljeklcghcmmfffh

*************************

AdwCleaner[R0].txt - [7055 bytes] - [02/08/2015 23:02:19]
AdwCleaner[S0].txt - [7102 bytes] - [02/08/2015 23:06:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7161  bytes] ##########