PUP.bProtector

Bullguard use Bitdefender virus engine, maybe that is why the log show some bitdefender files

Maybe, but …

MattiieG
Remove everything you can, I’ll look at later DDS report and if necessary to remove residues.

OK, I have removed all of the anti-viruses I can see
lets hope this works :slight_smile:

ok, just creating dds.txt now

it works here on my iPad !

Try here

http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.pif

yeah, I just went onto their website and got it from there
anyways.

Very good, but we still have a little job.

  1. Please download ComboFix from here and save it to your Desktop.
    If you are unsure how ComboFix works please read this guide carefully.
    note: ComboFix must be downloaded to your Desktop.

  1. Temporarily disable your AntiVirus program.
    If you are unsure how to do this please read this or this Instruction.

Instructions how to disable avast:

[*]Right-click on the avast! icon in the lower right corner of the screen and choose Open Avast! User Interface.
[*]In the window that opens on the top right corner, click Settings.
[*]In a new window that opens, choose the option Troubleshooting, Uncheck Enable avast! self-defense, and click OK.
[*]=> Again, right-click on the avast! icon in the lower right corner of the screen and select avast! shield controls .
[*]In the menu that appears, choose Disable Permanently. When you are prompted to turn off security, click Yes.

Note: Do not forget to turn on this option after the cleaning.


  1. Run ComboFix. Click on I Agree!

ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.
Note:Do not mouse-click Combofix’s window while it is running.
If you see a message like “Illegal operation attempted on a registry key that has been marked for deletion” just restart computer once more.


  1. When the tool is finished, it will produce a log report for you. (typical location: C:[b]ComboFix.txt[/b] )
    Attach log reports ( ComboFix.txt) back to topic.

Got it :slight_smile:
I think that’s it, right?

Open notepad and copy/paste the text present inside the code box below:



File::
c:\progra~2\mcafee\SITEAD~1\McSACore.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Norton Identity Safe\Engine\2013.2.1.5\ccSvcHst.exe

Driver::
McAfee SiteAdvisor Service
Skype C2C Service
NCO

DDS::
uStart Page = hxxp://search.orbitdownloader.com
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

Firefox::
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cx06n1gp.default\
FF - user.js: browser.search.defaultengine - u-Search
FF - user.js: browser.search.defaultenginename - u-Search
FF - user.js: browser.search.order.1 - u-Search
FF - user.js: browser.newtab.url - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.startup.homepage - hxxp://u-search.net/?a=1&e=1
FF - user.js: browser.search.defaulturl - hxxp://u-search.net/?a=1&e=2&q=
FF - user.js: keyword.URL - hxxp://u-search.net/?a=1&e=2&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Save this as CFScript.txt

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above.

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )

I shall do this tomorrow, I am off now, is that ok?

Ok, but I’m not on the forum tomorrow, but you certainly do this.
I’ll see when I’m online.

I do not know if you will know what this is, but on my TaskManager, it shows a svchost with 233 k
in it there is
AudioEndpointBuilder
HomegroupListener
PcaSvc
SysMain
TrkWks
UxSms
Wlansvc
and wudfsvc

Do you know why this is taking up so much memory?

These are services within Svchost containers, are all legitimate.

okok, I ended it, then all of a sudden it came back, what’s going on? do you know?

I ended it, then all of a sudden it came back

I do not understand what, Combofix?

there are also p2p programs running on my laptop, are these regular? (p2pimsvc, p2psvc)
and, the avast! icons have gone missing from my system tray thing - the big where the internet strength and sound is.
how can I get the icons back?
and I meant svchost

and, therefore, due to there being no avast! icons, I cannot use combofix

Reboot the machine and it will be fine.

ahh, ty :slight_smile:

Don’t panic ;D