PUP.bProtector sorted?

Yesterday I got an alert from AVG stating my laptop was infected with malware. The AVG alert said it was a Trogan and I googled how to deal with it. This involved clicking computer-organize–folders and search options-view and unchecking 'don’t show hidden files, folders and drives. This allowed me to see the recycle bin where the offending files was located. I then rebooted in safe mode and ran Malwarebytes which showed up two other trogans and tracking cookies. I deleted these and rebooted. I use firefox and had problems with it running slow so uninstalled it and reinstalled it. It ran faster but I can’t change the homepage or things like the font. I also noticed Explorer was running slow. Today I scanned using Super anti spyware and PUP.bProtector showed up. I followed the instructions elsewhere in in these forums, using AdwCleaner and scanning using Malwarebytes. I also scanned using Super Anti and AVG and all seems clear. But I have the following issues:
I can’t change homepage or font in Firefox (Explorers OK)
My installed printer had disappeared from ‘Hardware and Devices’ and I can’t install the driver for my printer.
I can’t change the font in Excell.

These three issues have been there since yesterday. I’m using Win 7 (64bit)

Any advice would be much appreciated.

Malwarebytes which showed up two other trogans and [b]tracking cookies[/b]
sure it was Malwarebytes?....as MBAM does not detect tracking cookies ???
Any advice would be much appreciated.
attach a OTL diagnostic log, then somone will have a look

Sorry MBAM detected 2 ‘threats’ the cookies were tracked by SASW

done

When you try to install the printer what error do you get ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\findlyrics@findlyrics.co: C:\Program Files (x86)\FindLyrics\FF\
O2 - BHO: (FindLyrics) - {44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - C:\Program Files (x86)\FindLyrics\FindLyrics.dll File not found

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I get a prompt saying the driver was installed successfully but looking at ‘Hardware and devices’ there’s nothing in the window. When I connect the printer via USB I get a prompt to install a Fax.

Could you go to control panel > Devices and Printers
Select Add a printer
Follow the prompts and let me know how that goes

Hi, this what i get
Add a local printer-Choose a printer port-LPT1:(Printer Port)[1st option from drop down menu]-Choose printer from list(HPDeskjet920c)-Use the driver that is currently installed(recommended)-Printer name :hp deskjet 920c(copy5) this printer will be installed with the hp deskjet 920c driver-share this printer so that others on the network can find and use it (share name hp deskjet 920c(copy5) )- you’ve successfully added hp deskjet 920c(copy5)-Print Test Page - Finish

*EDIT Forgot to say when I click ‘Finish’ i get the prompt 'default printer cannot be set **********

see also OTL quick scan log
thanks

It looks as though you have a lot of that printer … Delete all copies that are present in the list of that printer

Is the printer wired or wireless?

If wired unplug the printer from the LPT port for a few minutes
Then plug the printer back in and power it up
Does windows recognise it

The printer is wired and isn’t permanently connected to the laptop. I can’t delete the copies of the printer because I can’t locate them. Clicking Control Panel-Hardware and Sound-Devices and Printers. The window that results is empty.

OK connect the printer to the laptop and see if windows can detect it

Hi
The printers working now. I clicked on the notepad OTL scan -file - print and found the multiple copies of the printer and deleted all but one, it also lists ‘fax’ ‘Microsoft XPS Document’ and 'Send to Onenote 2010. So it looks like it’s sorted. Thanks

I’m getting fed up with the inability to make changes to Firefox settings. I use an add-on called ‘pricedrop’ which tracks products on Amazon and alerts you if the price falls. You can then reset the price point at the new lower price and you get an alert the next time it falls. If I close Firefox down and re-open it not only cannot I not change the home page but the pricedrop alerts from Wednesday keep cropping up in addition to any new ones since. I’ve now got 14 alerts I keep having to reset each time I open Firefox.

[size=12pt]I got fed up with firefox and uninstalled it and deleted all the folders associated with Mozilla from the C drive. Whilst it was being uninstalled I got a threat warning from AVG saying I’d been infected with a Trogan Horse Generic29.AHHS located in C:$RECYCLE.BIN\5-1-5-21-37929205205-3819457138-4037491838-1000$afe47218d3ef99208cfc4c-859cb12bee\n.

I updated and ran Malwarebytes no threats detected
Updated and ran AVG no threats detected
Updtaed and ran SuperAntiSpyware which detected 82 tracking cookies.

The Trogan Horse Generic29. is what started all this on Wednesday and I deleted that from the recycle bin after going into documents and unchecking ‘hide protected operating system files’. Is it still on my system?

*****EDIT*******Just to add I checked the $recycle bin and ‘5-1-5-21-37929205205-3819457138-4037491838-1000$afe47218d3ef99208cfc4c-859cb12bee\n.’ is not there. [/size]

That looks to be a false positive on the part of AVG, there is malware that hides in the recycle bin but it is only for SID C:$RECYCLE.BIN\5-1-5-18

I can run the deeper zero access check but I can see no sign of it

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

  1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
  2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Hi

It didn’t reboot after combo finished so i rebooted manually. Please see log attached

The computer appears to be running fine, The only issue is with Firefox, which I re-installed earlier. I still can’t make any changes stick e.g. homepage, privacy settings, fonts etc.

When you removed Firefox did you fully uninstall ? http://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

I didn’t do it using the method described in your link. I went into the Mozilla file on the C Drive in the ‘programmes’ folder and used the uninstall wizard in mozzilla folder.

Aye but to remove it fully you need to ensure all has gone. Once you followed those steps is it now working ?

Hi I followed those instruction and re-installed FFox and it a-OK now. I’m having problems with explorer though. When I launch explorer it goes to the home page if I do a search, for example, and click on a search link a new page opens but it’s blank. I tried to uninstall explorer but it won’t let me it keeps telling me i need permission from ‘TrustedInstaller’

thanks for all your help by the way. I realise I haven’t properly thanks you. I don’t know where my manners are. :slight_smile:

Try IE10 http://windows.microsoft.com/en-gb/internet-explorer/ie-10-worldwide-languages