Jump to content

Removal instructions for ProtectSurf


Recommended Posts

  • Staff

What is ProtectSurf?

The Malwarebytes research team has determined that ProtectSurf is a browser hijacker. These so-called "hijackers" manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

How do I know if my computer is affected by ProtectSurf?

This is how the start- and settings-page looks:

main.png

And you may see these warnings:

warning1.png

warning2.png

or this icon in your taskbar:

icons.png

and this entry in your list of installed programs :

warning3.png

How did ProtectSurf get on my computer?

Browser hijackers use different methods for distributing themselves. This particular one was bundled with other software.

How do I remove ProtectSurf?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of ProtectSurf?
  • The rogue replaces your hosts file, so you may have to restore the old one. You can find third-party hosts file alternatives at hpHosts or at mvps.org or you can simply reset the default hosts file as outlined here by Microsoft.
How would the full version of Malwarebytes Anti-Malware help protect me?We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the ProtectSurf hijacker. �It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

Signs in a HijackThis log:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:3128O1 - Hosts: 54.235.90.58 nhiablhefhhhnmpnkelgcnephfcldokbO4 - HKLM\..\Run: [BService] C:\Program Files\Bench\BService\1.1\bservice.exeO4 - HKLM\..\Run: [Wd] C:\Program Files\Bench\Wd\wd.exeO4 - HKLM\..\Run: [Bench Communicator Watcher] C:\Program Files\Bench\Proxy\pwdg.exeO4 - HKLM\..\Run: [Bench Settings Cleaner] C:\Program Files\Bench\Proxy\cl.exeO4 - HKLM\..\RunOnce: [ProtectSurf-repairJob] wscript.exe "C:\Users\{username}\AppData\Local\ProtectSurf\repair.js" "ProtectSurf-repairJob"
Alterations made by the installer:

 

File system details  ---------------------------------------------    Adds the folder C:\Program Files\Bench\BService\1.1       Adds the file bhelper.dll"="8/20/2014 5:20 PM, 53248 bytes, A       Adds the file bservice.exe"="8/20/2014 5:20 PM, 52736 bytes, A    Adds the folder C:\Program Files\Bench\NmHost       Adds the file manifest.json"="8/20/2014 5:20 PM, 117 bytes, A       Adds the file nmhost.exe"="8/20/2014 5:20 PM, 165376 bytes, A    Adds the folder C:\Program Files\Bench\Proxy       Adds the file cl.exe"="8/20/2014 5:15 PM, 55296 bytes, A       Adds the file icon.ico"="8/25/2014 8:59 AM, 32038 bytes, A       Adds the file proc.exe"="8/20/2014 5:15 PM, 430592 bytes, A       Adds the file pwdg.exe"="8/20/2014 5:15 PM, 127488 bytes, A    Adds the folder C:\Program Files\Bench\Updater       Adds the file products.xml"="9/10/2014 1:38 PM, 377 bytes, A       Adds the file updater.exe"="8/20/2014 5:15 PM, 67072 bytes, A    Adds the folder C:\Program Files\Bench\Updater\1.7.0.0       Adds the file updater.exe"="8/20/2014 5:15 PM, 419840 bytes, A    Adds the folder C:\Program Files\Bench\Wd       Adds the file wd.exe"="8/20/2014 5:20 PM, 92672 bytes, A    Adds the folder C:\Program Files\ProtectSurf       Adds the file background.html"="8/25/2014 8:59 AM, 157 bytes, A       Adds the file config.xml"="8/25/2014 8:59 AM, 2242 bytes, A       Adds the file extension_info.json"="8/25/2014 8:59 AM, 2009 bytes, A       Adds the file FrameworkBHO.dll"="8/25/2014 9:00 AM, 355432 bytes, A       Adds the file FrameworkBHO64.dll"="8/25/2014 9:00 AM, 576104 bytes, A       Adds the file FrameworkEngine.exe"="8/25/2014 9:00 AM, 264936 bytes, A    Adds the folder C:\Program Files\ProtectSurf\AppFramework       Adds the file appAPI_bg.js"="8/25/2014 8:59 AM, 2582 bytes, A       Adds the file appAPI_browseraction.js"="8/25/2014 8:59 AM, 799 bytes, A       Adds the file appAPI_common.js"="8/25/2014 8:59 AM, 9871 bytes, A       Adds the file appAPI_content.js"="8/25/2014 8:59 AM, 1247 bytes, A       Adds the file appAPI_settings.js"="8/25/2014 8:59 AM, 83 bytes, A       Adds the file appAPI_webrequest.js"="8/25/2014 8:59 AM, 138 bytes, A       Adds the file jquery.min.js"="8/25/2014 8:59 AM, 93548 bytes, A    Adds the folder C:\Program Files\ProtectSurf\CanvasFramework       Adds the file canvas_bg.js"="8/25/2014 8:59 AM, 5651 bytes, A       Adds the file canvasscript_engine.js"="8/25/2014 8:59 AM, 437 bytes, A       Adds the file md5.js"="8/25/2014 8:59 AM, 3264 bytes, A       Adds the file registry.js"="8/25/2014 8:59 AM, 908 bytes, A       Adds the file webrequest.js"="8/25/2014 8:59 AM, 4005 bytes, A    Adds the folder C:\Program Files\ProtectSurf\framework       Adds the file backgroundscript_engine.js"="8/25/2014 8:59 AM, 1872 bytes, A       Adds the file base.js"="8/25/2014 8:59 AM, 2933 bytes, A       Adds the file browser.js"="8/25/2014 8:59 AM, 11200 bytes, A       Adds the file console.js"="8/25/2014 8:59 AM, 489 bytes, A       Adds the file framework.js"="8/25/2014 8:59 AM, 3542 bytes, A       Adds the file global.js"="8/25/2014 8:59 AM, 1850 bytes, A       Adds the file i18n.js"="8/25/2014 8:59 AM, 1661 bytes, A       Adds the file initialize.js"="8/25/2014 8:59 AM, 316 bytes, A       Adds the file invoke_async.js"="8/25/2014 8:59 AM, 2312 bytes, A       Adds the file io.js"="8/25/2014 8:59 AM, 1308 bytes, A       Adds the file json2.js"="8/25/2014 8:59 AM, 2791 bytes, A       Adds the file lang.js"="8/25/2014 8:59 AM, 1633 bytes, A       Adds the file legacy.js"="8/25/2014 8:59 AM, 1270 bytes, A       Adds the file message_target.js"="8/25/2014 8:59 AM, 854 bytes, A       Adds the file messaging.js"="8/25/2014 8:59 AM, 1507 bytes, A       Adds the file storage.js"="8/25/2014 8:59 AM, 3603 bytes, A       Adds the file timer.js"="8/25/2014 8:59 AM, 409 bytes, A       Adds the file updater.js"="8/25/2014 8:59 AM, 2417 bytes, A       Adds the file userscript_client.js"="8/25/2014 8:59 AM, 310 bytes, A       Adds the file userscript_engine.js"="8/25/2014 8:59 AM, 3062 bytes, A       Adds the file utils.js"="8/25/2014 8:59 AM, 2492 bytes, A       Adds the file xhr.js"="8/25/2014 8:59 AM, 3081 bytes, A    Adds the folder C:\Program Files\ProtectSurf\framework-ui       Adds the file browser_button.js"="8/25/2014 8:59 AM, 5135 bytes, A       Adds the file context_menu.js"="8/25/2014 8:59 AM, 738 bytes, A       Adds the file context_menu_item_handler.html"="8/25/2014 8:59 AM, 225 bytes, A       Adds the file framework_api.js"="8/25/2014 8:59 AM, 1589 bytes, A       Adds the file notification.html"="8/25/2014 8:59 AM, 6591 bytes, A       Adds the file notifications.js"="8/25/2014 8:59 AM, 2409 bytes, A       Adds the file options.js"="8/25/2014 8:59 AM, 660 bytes, A       Adds the file ui_base.js"="8/25/2014 8:59 AM, 1788 bytes, A    Adds the folder C:\Program Files\ProtectSurf\framework-ui\theme\bubble       Adds the file bottom-left.png"="8/25/2014 8:59 AM, 316 bytes, A       Adds the file bottom-middle.png"="8/25/2014 8:59 AM, 240 bytes, A       Adds the file bottom-right.png"="8/25/2014 8:59 AM, 311 bytes, A       Adds the file middle-left.png"="8/25/2014 8:59 AM, 235 bytes, A       Adds the file middle-right.png"="8/25/2014 8:59 AM, 234 bytes, A       Adds the file tail-bottom.png"="8/25/2014 8:59 AM, 315 bytes, A       Adds the file tail-left.png"="8/25/2014 8:59 AM, 307 bytes, A       Adds the file tail-right.png"="8/25/2014 8:59 AM, 304 bytes, A       Adds the file tail-top.png"="8/25/2014 8:59 AM, 315 bytes, A       Adds the file top-left.png"="8/25/2014 8:59 AM, 310 bytes, A       Adds the file top-middle.png"="8/25/2014 8:59 AM, 240 bytes, A       Adds the file top-right.png"="8/25/2014 8:59 AM, 308 bytes, A    Adds the folder C:\Program Files\ProtectSurf\icons       Adds the file button.png"="8/25/2014 8:59 AM, 696 bytes, A       Adds the file icon100.png"="8/25/2014 8:59 AM, 6515 bytes, A       Adds the file icon128.png"="8/25/2014 8:59 AM, 8387 bytes, A       Adds the file icon32.png"="8/25/2014 8:59 AM, 1711 bytes, A       Adds the file icon48.png"="8/25/2014 8:59 AM, 2908 bytes, A    In the existing folder C:\Users\{username}\AppData\Local       Adds the file proxy.log"="9/10/2014 1:38 PM, 0 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\BenchUpdater       Adds the file products.xml"="9/10/2014 1:39 PM, 440 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf       Adds the file chrome_gp_update.js"="8/20/2014 5:20 PM, 2348 bytes, A       Adds the file chrome_installer.js"="8/20/2014 5:20 PM, 6304 bytes, A       Adds the file clear_cache.js"="8/20/2014 5:20 PM, 522 bytes, A       Adds the file common.js"="8/20/2014 5:20 PM, 13540 bytes, A       Adds the file firefox_installer.js"="8/20/2014 5:20 PM, 6848 bytes, A       Adds the file gpedit.exe"="8/20/2014 5:20 PM, 93184 bytes, A       Adds the file icon.ico"="8/25/2014 8:59 AM, 32038 bytes, A       Adds the file ie_installer.js"="8/20/2014 5:20 PM, 3685 bytes, A       Adds the file installer.js"="8/20/2014 5:20 PM, 799 bytes, A       Adds the file main_installer.js"="8/20/2014 5:20 PM, 1567 bytes, A       Adds the file migrate.js"="8/20/2014 5:20 PM, 4746 bytes, A       Adds the file projectInstaller.js"="8/20/2014 5:20 PM, 3004 bytes, A       Adds the file repair.js"="8/20/2014 5:20 PM, 1735 bytes, A       Adds the file SoftwareDetector.exe"="8/20/2014 5:20 PM, 78848 bytes, A       Adds the file sqlite3.exe"="8/20/2014 5:20 PM, 492544 bytes, A       Adds the file storageedit.exe"="8/20/2014 5:20 PM, 75264 bytes, A       Adds the file uninstall.exe"="9/10/2014 1:38 PM, 191385 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox       Adds the file background.html"="8/25/2014 8:59 AM, 157 bytes, A       Adds the file bootstrap.js"="8/25/2014 8:59 AM, 2857 bytes, A       Adds the file chrome.manifest"="8/25/2014 8:59 AM, 57 bytes, A       Adds the file extension_info.json"="8/25/2014 8:59 AM, 1669 bytes, A       Adds the file install.rdf"="8/25/2014 8:59 AM, 1202 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework       Adds the file appAPI_bg.js"="8/25/2014 8:59 AM, 2582 bytes, A       Adds the file appAPI_browseraction.js"="8/25/2014 8:59 AM, 799 bytes, A       Adds the file appAPI_common.js"="8/25/2014 8:59 AM, 9871 bytes, A       Adds the file appAPI_content.js"="8/25/2014 8:59 AM, 1247 bytes, A       Adds the file appAPI_settings.js"="8/25/2014 8:59 AM, 83 bytes, A       Adds the file appAPI_webrequest.js"="8/25/2014 8:59 AM, 138 bytes, A       Adds the file jquery.min.js"="8/25/2014 8:59 AM, 83059 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework       Adds the file canvas_bg.js"="8/25/2014 8:59 AM, 5651 bytes, A       Adds the file canvasscript_engine.js"="8/25/2014 8:59 AM, 437 bytes, A       Adds the file md5.js"="8/25/2014 8:59 AM, 3264 bytes, A       Adds the file registry.js"="8/25/2014 8:59 AM, 796 bytes, A       Adds the file webrequest.js"="8/25/2014 8:59 AM, 5575 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework       Adds the file backgroundscript_engine.js"="8/25/2014 8:59 AM, 1580 bytes, A       Adds the file base.js"="8/25/2014 8:59 AM, 2933 bytes, A       Adds the file browser.js"="8/25/2014 8:59 AM, 12801 bytes, A       Adds the file chrome_windows.js"="8/25/2014 8:59 AM, 2627 bytes, A       Adds the file console.js"="8/25/2014 8:59 AM, 540 bytes, A       Adds the file content_proxy.js"="8/25/2014 8:59 AM, 502 bytes, A       Adds the file framework.js"="8/25/2014 8:59 AM, 4381 bytes, A       Adds the file i18n.js"="8/25/2014 8:59 AM, 1601 bytes, A       Adds the file invoke_async.js"="8/25/2014 8:59 AM, 2312 bytes, A       Adds the file io.js"="8/25/2014 8:59 AM, 976 bytes, A       Adds the file lang.js"="8/25/2014 8:59 AM, 3080 bytes, A       Adds the file legacy.js"="8/25/2014 8:59 AM, 1270 bytes, A       Adds the file message_target.js"="8/25/2014 8:59 AM, 854 bytes, A       Adds the file messaging.js"="8/25/2014 8:59 AM, 1507 bytes, A       Adds the file storage.js"="8/25/2014 8:59 AM, 6156 bytes, A       Adds the file timer.js"="8/25/2014 8:59 AM, 977 bytes, A       Adds the file uninstall.js"="8/25/2014 8:59 AM, 73 bytes, A       Adds the file userscript_client.js"="8/25/2014 8:59 AM, 310 bytes, A       Adds the file userscript_engine.js"="8/25/2014 8:59 AM, 3062 bytes, A       Adds the file utils.js"="8/25/2014 8:59 AM, 2492 bytes, A       Adds the file xhr.js"="8/25/2014 8:59 AM, 2155 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui       Adds the file browser_button.js"="8/25/2014 8:59 AM, 9099 bytes, A       Adds the file content_notifications.js"="8/25/2014 8:59 AM, 9098 bytes, A       Adds the file contentNotification.tmpl"="8/25/2014 8:59 AM, 836 bytes, A       Adds the file contentNotificationStyle.tmpl"="8/25/2014 8:59 AM, 3729 bytes, A       Adds the file context_menu.js"="8/25/2014 8:59 AM, 2144 bytes, A       Adds the file framework_api.js"="8/25/2014 8:59 AM, 1627 bytes, A       Adds the file notifications.js"="8/25/2014 8:59 AM, 3542 bytes, A       Adds the file options.js"="8/25/2014 8:59 AM, 934 bytes, A       Adds the file ui_base.js"="8/25/2014 8:59 AM, 1788 bytes, A    Adds the folder C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons       Adds the file button.png"="8/25/2014 8:59 AM, 696 bytes, A       Adds the file icon100.png"="8/25/2014 8:59 AM, 6515 bytes, A       Adds the file icon128.png"="8/25/2014 8:59 AM, 8387 bytes, A       Adds the file icon32.png"="8/25/2014 8:59 AM, 1711 bytes, A       Adds the file icon48.png"="8/25/2014 8:59 AM, 2908 bytes, A    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\Blocker       Adds the file 212e90ffa529f5c99c44dc574c6f9a16"="9/10/2014 1:38 PM, 2158094 bytes, A       Adds the file 8d3f613ded3421026a6b47abd4042139"="9/10/2014 1:38 PM, 8 bytes, A       Adds the file b24f88eb229178ba93accf228dc5b280"="9/10/2014 1:38 PM, 70 bytes, A    Adds the folder C:\Users\{username}\AppData\LocalLow\Protect\CanvasStorage       Adds the file 7bf8e2b7288ee31947f028830fe682c3"="9/10/2014 1:38 PM, 28 bytes, A       Adds the file 8ab1244a97308124c8207af9517ce460"="9/10/2014 1:38 PM, 94 bytes, A       Adds the file a645fa10d3b7c3be385a23d8e9796994"="9/10/2014 1:38 PM, 30 bytes, A       Adds the file c8ca0d6097bee7d978cc54b0e9075409"="9/10/2014 1:38 PM, 46 bytes, A       Adds the file ee9adb2bad520b37c67f38edc62ec22d"="9/10/2014 1:38 PM, 230 bytes, A    Adds the folder C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectSurf       Adds the file ProtectSurf Settings.url"="9/10/2014 1:38 PM, 122 bytes, A       Adds the file ProtectSurf.lnk"="9/10/2014 1:38 PM, 1964 bytes, A       Adds the file Uninstall.lnk"="9/10/2014 1:38 PM, 1071 bytes, A    In the existing folder C:\Windows\System32\drivers\etc       Alters the file hosts        6/10/2009 11:39 PM, 824 bytes, A ==> 9/10/2014 1:38 PM, 871 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001"="9/10/2014 1:39 PM, 3234 bytes, A       Adds the file bench-sys"="9/10/2014 1:38 PM, 3242 bytes, A    In the existing folder C:\Windows\Tasks       Adds the file bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="9/10/2014 1:41 PM, 346 bytes, A       Adds the file bench-sys.job"="9/10/2014 1:38 PM, 346 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE]       "38990"="REG_SZ", "ProtectSurf"    [HKEY_LOCAL_MACHINE\SOFTWARE\AdvertisingSupport]       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1410349105"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService]       "Path"="REG_SZ", "C:\Program Files\Bench\BService\1.1"       "Version"="REG_SZ", "1.1"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\BService\38990]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\InstalledExtensions]       "38990"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\nmhost.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\NmHost\38990]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater]       "path"="REG_SZ", "C:\Program Files\Bench\Updater\updater.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Bench\Updater\38990]       "(Default)"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.bench.nmhost]       "(Default)"="REG_SZ", "C:\Program Files\Bench\NmHost\manifest.json"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]       "Bench Communicator Watcher"="REG_SZ", "C:\Program Files\Bench\Proxy\pwdg.exe"       "Bench Settings Cleaner"="REG_SZ", "C:\Program Files\Bench\Proxy\cl.exe"       "BService"="REG_SZ", "C:\Program Files\Bench\BService\1.1\bservice.exe"       "Wd"="REG_SZ", "C:\Program Files\Bench\Wd\wd.exe"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]       "ProtectSurf-repairJob"="REG_SZ", "wscript.exe "C:\Users\{username}\AppData\Local\ProtectSurf\repair.js" "ProtectSurf-repairJob""    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\38990_ProtectSurf]       "DisplayIcon"="REG_SZ", "C:\Users\{username}\AppData\Local\ProtectSurf/icon.ico"       "DisplayName"="REG_SZ", "ProtectSurf"       "DisplayVersion"="REG_SZ", "1.0"       "InstallLocation"="REG_SZ", "C:\Users\{username}\AppData\Local\ProtectSurf"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 1       "Publisher"="REG_SZ", "Gratifying Apps"       "UninstallString"="REG_SZ", "C:\Users\{username}\AppData\Local\ProtectSurf\uninstall.exe "    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures]       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job"="REG_BINARY, ................................       "bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job.fp"="REG_DWORD", -302409137       "bench-sys.job"="REG_BINARY, ................................       "bench-sys.job.fp"="REG_DWORD", -1007540638    [HKEY_LOCAL_MACHINE\SOFTWARE\ProtectSurf]       "(Default)"="REG_SZ", "C:\Users\{username}\AppData\Local\ProtectSurf"       "AllowProxy"="REG_SZ", "1"       "CDN"="REG_SZ", "protectsurf-a.akamaihd.net"       "InstallTime"="REG_SZ", "1410356305"       "Pid"="REG_SZ", ""       "Seen"="REG_SZ", "1"       "SeenDate"="REG_SZ", "1410349105"       "SystemId"="REG_SZ", "619bdd98c7140d14e62a62d4922b6abd"       "UTCInstallTime"="REG_SZ", "1410349105"       "ZoneId"="REG_SZ", ""    [HKEY_LOCAL_MACHINE\SOFTWARE\Proxy\Installations\ProtectSurf]       "aoi"="REG_SZ", "1410356305"       "domain"="REG_SZ", "protectsurf-a.akamaihd.net"       "ext"="REG_SZ", "ProtectSurf"       "format"="REG_SZ", "//{domain}/loaders/{pid}/l.js?pid={pid}&systemid={systemid}&ext={ext}&aoi={aoi}&zoneid={zoneid}&crr={crr}&type=p"       "more_info_url"="REG_SZ", "http://protectsurf.com"       "pid"="REG_SZ", ""       "protect_redirect_url"="REG_SZ", "http://protectsurf.com/warning.php?%blocked_url%"       "settings_url"="REG_SZ", "http://protectsurf.com/settings.php"       "system_black_list_url"="REG_SZ", "http://protectsurf-a.akamaihd.net/protect/block.json"       "zoneid"="REG_SZ", ""    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]       "ProxyEnable"="REG_DWORD", 1       "ProxyServer"="REG_SZ", "http=127.0.0.1:3128"    [HKEY_CURRENT_USER\Software\Proxy]       "app_name"="REG_SZ", "ProtectSurf"       "AutoConfigURL"="REG_SZ", ""       "disableChainProxy"="REG_DWORD", 0       "ProxyEnable"="REG_DWORD", 0       "ProxyServer"="REG_SZ", ""       "totalFail"="REG_DWORD", 0    [HKEY_CURRENT_USER\Software\Proxy\installations\ProtectSurf]    [HKEY_CURRENT_USER\System\CurrentControlSet\Control\NetTrace\Session]
Malwarebytes Anti-Malware log:

 

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 9/10/2014Scan Time: 1:45:09 PMLogfile: mbamProtectSurf.txtAdministrator: YesVersion: 2.00.2.1012Malware Database: v2014.09.10.04Rootkit Database: v2014.08.21.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 264352Time Elapsed: 2 min, 48 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 4PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, 2812, Delete-on-Reboot, [f20adb10b9c2ee4833b6d1534eb5db25]PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, 3524, Delete-on-Reboot, [4eaec724c5b61c1ab6f9051040c3e41c]PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, 3248, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de]PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, 3396, Delete-on-Reboot, [af4dd2194d2e24125f0aefeb966c22de]Modules: 9PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], Registry Keys: 9PUP.Optional.GratifyingApps.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\38990_ProtectSurf, Quarantined, [5d9f0ae1651638fe612a5a5f25dc53ad], PUP.Optional.ProtectSurf.A, HKLM\SOFTWARE\ProtectSurf, Quarantined, [d9235497e19a43f3f9a18c6c6e94857b], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\BService, Quarantined, [6795ae3d7506c96d4041927ec43f966a], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\InstalledExtensions, Quarantined, [4eaeb13a27547bbbc9b9749c0102966a], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\NmHost, Quarantined, [8676777442393105e59ecc440201f20e], PUP.Optional.Bench.A, HKLM\SOFTWARE\BENCH\Updater, Quarantined, [f705e803700b83b3afd5d13f4db618e8], PUP.Optional.Bench.A, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.bench.nmhost, Quarantined, [718bc526413a3105263e451536cebf41], PUP.Optional.ProtectSurf.A, HKLM\SOFTWARE\PROXY\INSTALLATIONS\ProtectSurf, Quarantined, [40bc72798ceff343405e8375cb371ae6], PUP.Optional.ProtectSurf.A, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\PROXY\INSTALLATIONS\ProtectSurf, Quarantined, [7d7fa447df9c67cf39640bedb64c43bd], Registry Values: 6PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Wd, C:\Program Files\Bench\Wd\wd.exe, Quarantined, [f20adb10b9c2ee4833b6d1534eb5db25]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Communicator Watcher, C:\Program Files\Bench\Proxy\pwdg.exe, Quarantined, [4eaec724c5b61c1ab6f9051040c3e41c]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Bench Settings Cleaner, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [f5076b800a719b9be1cfc154bf442ed2]PUP.Optional.SmartApps, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ProtectSurf-repairJob, wscript.exe "C:\Users\{username}\AppData\Local\ProtectSurf\repair.js" "ProtectSurf-repairJob", Quarantined, [28d4c02b344785b1e73df96235cf758b]PUM.Bad.Proxy, HKU\S-1-5-21-4016700205-1717049133-1125222536-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, http=127.0.0.1:3128, Quarantined, [13e9ad3ec5b6e452ff38c34c986bb24e]PUP.Optional.Bench.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|BService, C:\Program Files\Bench\BService\1.1\bservice.exe, Quarantined, [2bd183685526cc6a5b8e29a713ef22de]Registry Data: 0(No malicious items detected)Folders: 24PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost, Quarantined, [847858934c2f44f280de1913679c2ad6], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater, Quarantined, [5e9ebb30a8d3092d97d63eef699adc24], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater, Quarantined, [ef0deefda7d4ee48a4633b93a55df010], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0, Quarantined, [ef0deefda7d4ee48a4633b93a55df010], PUP.Optional.Bench.A, C:\Program Files\Bench\BService, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd, Delete-on-Reboot, [b14be902f982f244c6241eb2ae544eb2], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy, Delete-on-Reboot, [af4dd2194d2e24125f0aefeb966c22de], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf, Delete-on-Reboot, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectSurf, Quarantined, [de1e5299cfac2c0a305cec0ad032cf31], Files: 156PUP.Optional.GratifyingApps.A, C:\Users\{username}\Desktop\41c8e31207e107ee931c1e7fb74aab95ea20496f40065c60f3593346631d0b29.exe, Quarantined, [06f6ce1d32498da9b7d49128629fc937], PUP.Optional.GratifyingApps.A, C:\Users\{username}\AppData\Local\ProtectSurf\uninstall.exe, Quarantined, [5d9f0ae1651638fe612a5a5f25dc53ad], PUP.Optional.Proxy.A, C:\Users\{username}\AppData\Local\proxy.log, Delete-on-Reboot, [b547c42733485dd950bee31ce2203bc5], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001, Quarantined, [b84413d8afcc9e98ec0f040449ba7b85], PUP.Optional.BenchUpdater.A, C:\Windows\System32\Tasks\bench-sys, Quarantined, [c23ad11abcbf5dd9718a56b2bd46af51], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\nmhost.exe, Quarantined, [847858934c2f44f280de1913679c2ad6], PUP.Optional.BenchUpdater, C:\Program Files\Bench\NmHost\manifest.json, Quarantined, [847858934c2f44f280de1913679c2ad6], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-S-1-5-21-4016700205-1717049133-1125222536-1001.job, Quarantined, [0eeef7f4c5b686b0d19b1d10c73c3fc1], PUP.Optional.BenchUpdater.A, C:\Windows\Tasks\bench-sys.job, Quarantined, [44b8f7f493e839fd03692706ae5520e0], PUP.Optional.BenchUpdater.A, C:\Users\{username}\AppData\Local\BenchUpdater\products.xml, Quarantined, [5e9ebb30a8d3092d97d63eef699adc24], PUP.Optional.Bench.A, C:\Program Files\Bench\Wd\wd.exe, Delete-on-Reboot, [f20adb10b9c2ee4833b6d1534eb5db25], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\pwdg.exe, Delete-on-Reboot, [4eaec724c5b61c1ab6f9051040c3e41c], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\cl.exe, Quarantined, [f5076b800a719b9be1cfc154bf442ed2], PUP.Optional.SmartApps, C:\Users\{username}\AppData\Local\ProtectSurf\repair.js, Quarantined, [28d4c02b344785b1e73df96235cf758b], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\products.xml, Quarantined, [ef0deefda7d4ee48a4633b93a55df010], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\updater.exe, Quarantined, [ef0deefda7d4ee48a4633b93a55df010], PUP.Optional.AdwarePlugin, C:\Program Files\Bench\Updater\1.7.0.0\updater.exe, Quarantined, [ef0deefda7d4ee48a4633b93a55df010], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bhelper.dll, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\BService\1.1\bservice.exe, Delete-on-Reboot, [2bd183685526cc6a5b8e29a713ef22de], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\icon.ico, Quarantined, [af4dd2194d2e24125f0aefeb966c22de], PUP.Optional.Bench.A, C:\Program Files\Bench\Proxy\proc.exe, Delete-on-Reboot, [af4dd2194d2e24125f0aefeb966c22de], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\chrome_gp_update.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\chrome_installer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\clear_cache.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\common.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox_installer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\gpedit.exe, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\icon.ico, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\ie_installer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\installer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\main_installer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\migrate.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\projectInstaller.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\SoftwareDetector.exe, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\sqlite3.exe, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\storageedit.exe, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\background.html, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\bootstrap.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\chrome.manifest, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\extension_info.json, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\install.rdf, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_bg.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_browseraction.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_common.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_content.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_settings.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\appAPI_webrequest.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\AppFramework\jquery.min.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework\canvasscript_engine.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework\canvas_bg.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework\md5.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework\registry.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\CanvasFramework\webrequest.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\backgroundscript_engine.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\base.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\browser.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\chrome_windows.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\console.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\content_proxy.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\framework.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\i18n.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\invoke_async.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\io.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\lang.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\legacy.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\message_target.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\messaging.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\storage.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\timer.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\uninstall.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\userscript_client.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\userscript_engine.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\utils.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework\xhr.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\browser_button.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\contentNotification.tmpl, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\contentNotificationStyle.tmpl, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\content_notifications.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\context_menu.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\framework_api.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\notifications.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\options.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\framework-ui\ui_base.js, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons\button.png, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons\icon100.png, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons\icon128.png, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons\icon32.png, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Local\ProtectSurf\firefox\icons\icon48.png, Quarantined, [c8344ba0a4d7072f6f1a6096887a06fa], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\background.html, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\config.xml, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\extension_info.json, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\FrameworkBHO.dll, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\FrameworkBHO64.dll, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\FrameworkEngine.exe, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_bg.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_browseraction.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_common.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_content.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_settings.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\appAPI_webrequest.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\AppFramework\jquery.min.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework\canvasscript_engine.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework\canvas_bg.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework\md5.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework\registry.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\CanvasFramework\webrequest.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\backgroundscript_engine.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\base.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\browser.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\console.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\framework.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\global.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\i18n.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\initialize.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\invoke_async.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\io.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\json2.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\lang.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\legacy.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\message_target.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\messaging.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\storage.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\timer.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\updater.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\userscript_client.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\userscript_engine.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\utils.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework\xhr.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\browser_button.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\context_menu.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\context_menu_item_handler.html, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\framework_api.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\notification.html, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\notifications.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\options.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\ui_base.js, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\bottom-left.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\bottom-middle.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\bottom-right.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\middle-left.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\middle-right.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\tail-bottom.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\tail-left.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\tail-right.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\tail-top.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\top-left.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\top-middle.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\framework-ui\theme\bubble\top-right.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons\button.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons\icon100.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons\icon128.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons\icon32.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Program Files\ProtectSurf\icons\icon48.png, Quarantined, [b74588639dde171f69218670a1616f91], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectSurf\ProtectSurf Settings.url, Quarantined, [de1e5299cfac2c0a305cec0ad032cf31], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectSurf\ProtectSurf.lnk, Quarantined, [de1e5299cfac2c0a305cec0ad032cf31], PUP.Optional.ProtectSurf.A, C:\Users\{username}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ProtectSurf\Uninstall.lnk, Quarantined, [de1e5299cfac2c0a305cec0ad032cf31], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.