Win32:bprotect-d trj

Hello TwinHeadedEagle!E1…I also have problem with Win32:bprotect-d trj,I wasn’t able to remove it nor to block or repair,and it shows when I was running a boot-scan with avast…I would really appreciate if you or anyone could help me with this…here are my log reports,and the TDSSKiller didnt produce a log file for me to attach also, it did say that no threats were found.can anyone help me somehow,please?

I’m on it …

Hi topic,

C:\Program Files\Telenor Internet
Are you from Serbia? :smiley:
Da li si ti iz Srbije?

As one of collegues know to say here … you really have adware city. :slight_smile:

  • Do NOT use any USB devices while cleaning is in progress:

For start go to control panel > programs and feauter and from there try to uninstall the following:
If something you can’t uninstall, just skip it and go to the next item

Uninstall::
BitGuard
Bundled software uninstaller
Complitly
DefaultTab
DefaultTab Chrome
Delta toolbar
FilesFrog Update Checker
iLivid
Lyrics-Monkey
MixiDJ chrome Toolbar
MixiDJ Toolbar
WebCake 3.00

Reboot the PC. Re-run FRST, tick the Addition.txt options and press Scan button. Please post here the fresh FRST logs …

Damn! Uhhh, Wow, lots of adware there. Run MBAM (Malwarebytes).

In answer to the question “If I disable Avast! I won’t get a warning about Zoek?”

The answer to that is yes. It is a known Fixit tool, and disabling Avast! will allow it too run.

Do not run any program untill I tell you so (including Malwarebytes). AdwC. has already done enough, half of it will not want to uninstall by itself …

Just follow uninstall process (their uninstaller should clean PUP software thorough from registry) as I do not want to hunt PUP leftovers in system.

ty Magna,Michael…yes,I’m from Serbia…
Magna in control panel I found only BitGuard and MixiDJ chrome Toolbar…is that enough?can I skip the rest?

I reboot my PC…here are new logs…Michael,Magna what to do next?

Ja sam takodje iz Srbije. :smiley:
//I am from serbia too

Pricekaj dok pregledam izvestaje.
//Please hold on while I look at your logs …

u redu…hvala!

EN: Below is a instruction for creating and running FixList fro FRST tool. This shall tell FRST to target the bad things …
Do not use any USB devices until I tell you so !

SR: Ispod se nalazi uputstvo za pravljenje FixList i pokretanje FRST alata preko FixList skripte. Ovo ce reci FRST alatu da cilja maliciozne i PUP/adware unose …
Ne koristi USB uredjaje dok ti to ne zatrazim !


  1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:
Start
File: C:\Users\Acer\STOR_Win7_XP_11.1.0.1006.exe
C:\Users\Acer\AppData\Roaming\DefaultTab
C:\ProgramData\Premium
C:\Program Files\SmartTweak Software
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\5w0wbqq4.default\Extensions\ffxtlbr@mixidj.com
C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol
C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
C:\Program Files\OnlineHD.TV
C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx
C:\Users\Acer\AppData\Local\Temp\*.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\Run: [MSIDLL] - rundll32.exe msixhm32.dll,AvZkkUURWhHo
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\Run: [SpeedUpMyComputer] - C:\Program Files\SmartTweak Software\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearchresults.com/?c=3501&t=01
URLSearchHook: HKCU - (No Name) - {62d40876-df18-411f-9d34-a9dd7a197bc5} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt200YYrs&ptnrS=ZUxpt200YYrs&ptb=0ED57B0E-4ED2-448E-B4CF-968FA1FADD20&ind=2012110318&n=77ee5dee&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - BF3A61E8060249EDB2343ECDB2C7EBD5 URL = http://mixidj.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=708108EDB927F374&affID=121133&tsp=4951
SearchScopes: HKCU - {41DB8BE9-D286-4FE3-8DD0-3F222DEEC605} URL = http://search.babylon.com/?q={searchTerms}&affID=116775&tt=201112_ccp_ctrl_4712_1&babsrc=SP_ss&mntrId=70817955000000000000001e101f1f81
SearchScopes: HKCU - {564973FB-5DA1-47C1-B401-01D6A0D76890} URL = http://www.mysearchresults.com/search?c=3501&t=01&q={searchTerms}
SearchScopes: HKCU - {acbd5593-e5ee-4c15-b48f-1823ce819dec} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZUxpt200YYrs&ptnrS=ZUxpt200YYrs&ptb=0ED57B0E-4ED2-448E-B4CF-968FA1FADD20&ind=2012110318&n=77ee5dee&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {CF28A6B9-332D-4645-B5EA-66BE2AEED611} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3205709
SearchScopes: HKCU - {DB7E87E2-09E5-46B1-AD93-B3D253D39D77} URL = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^RS&apn_uid=cf420e15-32c6-49dc-a3b3-ac3388e0c258&apn_sauid=E257BA9D-A611-4E81-9991-80A02B93B25F
Toolbar: HKCU - No Name - {62D40876-DF18-411F-9D34-A9DD7A197BC5} -  No File
FF Extension: MixiDJ Toolbar - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\5w0wbqq4.default\Extensions\ffxtlbr@mixidj.com [2013-07-22]
CHR Extension: (BrotherSoft Extreme3) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnjjbcnbmjmhgpliahlamecmbejpaol [2013-08-10]
CHR HKLM\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx [2012-10-24]
CHR HKCU\...\Chrome\Extension: [bhnjjbcnbmjmhgpliahlamecmbejpaol] - C:\Users\Acer\AppData\Local\CRE\bhnjjbcnbmjmhgpliahlamecmbejpaol.crx [2012-10-24]
Task: {2DD011C2-1C66-409A-B217-3786E1C64F46} - System32\Tasks\DTReg => C:\Users\Acer\AppData\Roaming\DefaultTab\DefaultTab\DTReg.exe <==== ATTENTION
Task: {BEA1E6CD-BEC4-421C-B236-DA76DFAC11BC} - System32\Tasks\OptimizerPro1UpdaterTask{10CA0351-BF62-492A-BD47-F333DA308FA2} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{10CA0351-BF62-492A-BD47-F333DA308FA2}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== ATTENTION
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8aed481d-0bf8-11e3-9c1e-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf509b-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50a9-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50b4-13d9-11e2-9f76-047d7b94b6a8} - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {8daf50c0-13d9-11e2-9f76-047d7b94b6a8} - E:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {bc60983a-1254-11e2-9ff4-047d7b94b6a8} - D:\Windows\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: {bc60984c-1254-11e2-9ff4-047d7b94b6a8} - D:\Windows\AutoRun.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
REBOOT:
End
  1. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
    To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
    Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

  2. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
    Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.

Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

ty very much,Magna!I saved fixlist in Downloads folder 'cause there is FRST not on Desktop,I hope that is all right(they are in same folder).I started again FRST Fix and here is report-I hope it looks fine!

hvala puno Magna!sacuvao sam fixlist u downloads folderu,tamo je i FRST ne na desktopu,nadam se da je to u redu…pokrenuo sam ponovo FRST Fix i evo izvestaja-nadam se da izgleda u redu?

We will continue later.

Nastavicemo nesto kasnije.

:slight_smile:

ok…u redu…

Hi topic,

Fix has passes just fine. Now please post me the fresh FRST logs (both of them, addition and primary FRST logreport).

Hello Magna!
here you are…tnx for the help again…zaista hvala!

now I again did boot time scan with avast and it’s still same-6 infections,can’t do anything with them but when I look in scan history it shows they are all moved to chest or repaired-action succesful,but when I turn boot time scan again all the same :(.and they are all in… Acer\Windows\ TemporaryInternetFiles…please help!pomagaj…hvala.ty

Hi,

  1. Do not attach USB devices until I tell you so. We shall use MCShield tool for USB check/cleaning …

  1. Same as before … create FixList and run FRST by clicking on Fix button. You have instruction for creating and running FRST at the first page.
Start
Folder: C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi
C:\Users\Acer\STOR_Win7_XP_11.1.0.1006.exe
FF Extension: No Name - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\profiles\extensions\extensions [2012-11-01]
FF Extension: GoPhotoIt - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2012-07-31]
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: D - D:\AutoRun.exe
HKU\S-1-5-21-93680539-1060710319-753579946-1000\...\MountPoints2: E - E:\AutoRun.exe
CMD: DEL %TEMP%\*.* /F /S /Q
End

  1. We shall now scan and remove malware from USB devices using MCShield (domaci proizvod sa mycity.rs foruma)

Preuzmi MCShield sa sledeće adrese:

http://www.mcshield.net/download/MCShield-Setup.exe

[*]Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

[*]Kad se završi uvodno skeniranje, prikljuci sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabeleži negde kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

[*]Klik na Logs u MCShield Control Center i pod/za AllScans.txt klik na Save dugme. AllScans.txt izvestaj ce biti sacuvan na Desktop-u.

Postavi taj izvestaj na forum.


  1. At this point your PC should be clean. Just to confirm that, we will run zoek tool for that:

http://www.mcshield.net/pg/images/arrow.png
Preuzmi smeenk-ov zoek (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) sa ovog linka i sačuvaj ga na Desktop.
Raspakuj arhivu u neki folder (uputstvo), a zatim:

[] zatvori browser i ostale pokrenute programe;
[
] privremeno deaktiviraj zaštitni softver ( ukoliko je to potrebno ) Uputstvo ;
[*] dvoklikom pokreni zoek na ikonicu programa ;
pričekaj da se alat startuje …

http://amf.mycity.rs/pg/images/arrow.png
Klikni na More Options dugme i stikliraj polje ispred sledece opcije:

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Auto Clean
Napomena: Stikliraj samo navedenu opciju, ostale opcije ne dirati ! !

[*] Klikni na
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
dugme i pričekaj da se skeniranje završi.
[*] zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)

:arrow: Kopiraj sadrzaj tog loga u poruku.

Hi! :smiley:
I’ve done everything…here are the results-I split fixlog in two files(1,2) cause the file size is 761KB,the max.allowd size is about 500KB…I hope that results are ok?!
I’ll run boot time scan with avast later,it needs more time to finish and I’ll report that too…
thank’s for the great help,Magna!hvala!

and fixlog 2…

BOOT TIME SCAN with AVAST went excellent-NO VIRUS FOUND(and went double faster than the last time!) :smiley:
You’ve done very GREAT JOB Magna!thank you again!
I suppose that are and those other reports clear(fixlog,zoek,MCShield)?
jos jednom HVALA i pozdrav!