Bprotect.exe

How do I remove this infection? Is there a removal tool?

Please attach your logs. (AdwCleaner, MBAM, OTL and aswMBR…!!)
Instructions: http://forum.avast.com/index.php?topic=53253.0

Bprotect.exe
http://www.file.net/process/bprotect.exe.html

seems to be some adware/annoyware
https://www.virustotal.com/file/f5607cbed88bc66d8b56cdcef09a276b0b4bf539c38a7cba4146f291e179dcd0/analysis/

Not detected by malwarebytes or avasti, have run Adwcleaner and it shows up here, my computer knowledge isbest described as basic!

***** [Internet Browsers] *****

-\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3225428

-\ Google Chrome v24.0.1312.57

File : C:\Users\Verity\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.


Found this information but to advanced for me:

http://secure-computer-solutions.com/blog/index.html

attach all logs requested by Asyn…then a removal expert will remove any leftover files…if any.

the most important is OTL log

OTL will not run. Do I cut and past the complete log including reg info?

you may run it from safe mode…
and log must be attached, or you will have to use 10 posts with copy and paste…

What error do you get with OTL or does it appear to freeze at some point

I click on start scan and nothing happens. It reads as running in Task Manager I end the programme and it reads as not responding. Have tried 3 times.

OK could you run it from safe mode please as it may be MBAM blocking it

Will do, thanks for the advice.

Still frozen, have tried downloading from several locations.

OK lets use a different programme initially

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

THEN

[*] Download RogueKiller and save it on your desktop.

NOTE: If using IE8 or better Smartscreen Filter will need to be disabled

[*]Quit all programs
[*] Start RogueKiller.exe.
[*] Wait until Prescan has finished …
[*] Click on Scan

https://dl.dropbox.com/u/73555776/RKScan.GIF

[*]Wait for the end of the scan.
[*] The report has been created on the desktop.
[*] Click on the Delete button.

https://dl.dropbox.com/u/73555776/RKDelete.GIF

[*]The report has been created on the desktop.

[*]Next click on the ShortcutsFix

https://dl.dropbox.com/u/73555776/RKFixShortcuts.GIF

[*]The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Finally ran otl successfully in safe mode and have log file.

Could you attach them please

Scan result from this morning, I pasted the instructions in the custom search window. I have results from yesterday also.

Roguekiller reports attached, run in safe mode.

AdwCleaner report, run in safe mode.

OK from normal mode please run this fix… But first disable Spybot teatimer otherwise that will revert the changes I am about to make

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
SRV - [2013/01/31 11:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
IE - HKLM\..\URLSearchHook: {a8177b71-ee19-4e0f-b2f9-02d533eb946e} - C:\Program Files\appbario\prxtbapp0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3225428
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115852&tt=4812_3&babsrc=SP_ss&mntrId=b6db4d12000000000000b4749ff298f7
IE - HKCU\..\SearchScopes\{926DEA65-BAAE-42B4-91B3-3C2C998038AF}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225428
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension [2013/01/31 17:16:42 | 000,000,000 | ---D | M]
O2 - BHO: (appbario Toolbar) - {a8177b71-ee19-4e0f-b2f9-02d533eb946e} - C:\Program Files\appbario\prxtbapp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (appbario Toolbar) - {a8177b71-ee19-4e0f-b2f9-02d533eb946e} - C:\Program Files\appbario\prxtbapp0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (appbario Toolbar) - {A8177B71-EE19-4E0F-B2F9-02D533EB946E} - C:\Program Files\appbario\prxtbapp0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [4B1DC02DE1BA720890D381B2C4061A244466E19B._service_run] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\261123~1.78\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1123.78\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20 - AppInit_DLLs: (c:\progra~2\bprote~1\22453~1.58\protec~1.dll) - File not found
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10078df6-8e39-11e1-9113-b4749fd1866a}\Shell - "" = AutoRun
O33 - MountPoints2\{10078df6-8e39-11e1-9113-b4749fd1866a}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE
O33 - MountPoints2\{1860c89d-8e3b-11e1-a08c-e81132634844}\Shell - "" = AutoRun
O33 - MountPoints2\{1860c89d-8e3b-11e1-a08c-e81132634844}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{1860c8a9-8e3b-11e1-a08c-e81132634844}\Shell - "" = AutoRun
O33 - MountPoints2\{1860c8a9-8e3b-11e1-a08c-e81132634844}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{f853cd52-8cb5-11e1-9fbf-b4749fd1866a}\Shell - "" = AutoRun
O33 - MountPoints2\{f853cd52-8cb5-11e1-9fbf-b4749fd1866a}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
[2013/02/07 11:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/02/06 09:55:57 | 000,000,000 | ---D | C] -- C:\Users\Verity\AppData\Roaming\Strongvault
[2013/02/06 09:51:31 | 000,000,000 | ---D | C] -- C:\Users\Verity\AppData\Local\Stronghold_LLC
[2013/02/06 09:50:11 | 000,000,000 | -HSD | C] -- C:\windows\System32\AI_RecycleBin
[2013/02/06 09:49:48 | 000,000,000 | ---D | C] -- C:\Users\Verity\AppData\Roaming\0T1F0D1F2W1G1I1F1T1Q
[2013/02/06 10:48:49 | 000,000,467 | ---- | M] () -- C:\Program Files\02201310484903.bat

:Files
C:\ProgramData\bProtectorForWindows
C:\Program Files\appbario
C:\Users\Verity\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.