I picked up something called PUP.nProtector. I think it’s associated with some Babylon Tool Bar. My system, which is usually reasonably fast, has been horribly sluggish. This isn’t picked up by Avast or Malwarebytes – only SUPERAntiSpyware. I scanned with SAS several times and could not get rid of it. I finally thought to turn off System Restore and then restarted this last time and now the SAS scan just finished and it shows clear, but I don’t trust it because my computer is still sluggish.
There was something associated with this Babylon – some kind of BrowserProtect. It shows up in Task Manager under Processes and it won’t even let me “End Process”. When I do that it disappears for a split second and then comes right back.
I found a Babylon file under C/Program Data. It was empty so I removed it. There is also a file there called BrowserProtect. It has an uninstall but I don’t know what it is. I’m wondering if someone with some computer smarts would know what it is and if it’s safe to remove. I have attached a screenshot of what’s inside the folder.
I’d just like to make sure I don’t have malware or worse on my system. If this isn’t the place I should be asking, could you please direct me to a good place to go for this?
essexboy has always been such good help to me and I’m hoping you can help me out this time.
Now after this restart I’m getting WinPatrol windows asking me if things can be added to startup. I clicked on no and I got the window I am also attaching.
I am going to click NO on this warning window again and see if it will pop up so I can send you what it’s trying to add to startup.
Here is the OLT log. There is another file called Extras but I can’t add any more attachments.
:OTL
[2012/12/30 18:07:13 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\ifr0owo3.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2013/01/23 20:28:22 | 000,006,502 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-534870922-2497477711-3022182379-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKU\S-1-5-21-534870922-2497477711-3022182379-1003..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
:Files
c:\progra~2\browse~1
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Re: my previous attachments - I got sick of clicking “NO” on those two boxes over and over last night. I finally took a chance and clicked “YES” on that little X warning box so hope I didn’t mess anything up in doing that.
After OLT Run Fix command completed there was a .Txt file that opened. There were a number of entries that showed “failed”. I found that file in my “Computer” inside an _ OLT folder/Moved Files folder.
Another .Txt file opened after the reboot following QuickScan and I am attaching that here. Please advise if you want the other one attached also.
When I rebooted after the QuickScan, I got that light blue page that stated it was configuring and it said stage 2 of 3. That appeared for only a second or so and then disappeared. I mention this because the same thing kept happening yesterday when I would run sfc /scannow. Time after time it would say that corrupt files were found and successfully repaired and “The system file repair changes will take effect after the next reboot.” So after reboot I would run sfc /scannow again and get the same message. Each time I rebooted after running sfc I’d get that blue page saying it was configuring updates and not to shut off the computer. That would appear just for a second or two. The last Windows Updates that were installed were Jan. 8 and were shown as successful.
Am I going to have to turn System Restore off again after all this is over in order to dump any bad files that might be in there?
I think I had my Iomega external HD hooked up to my PC when all this started on Jan. 23. If I hook it up again and then run the full scans with SAS, MBAM and Avast, will that take care of cleaning that up?
:OTL
[2012/12/30 18:07:13 | 000,093,072 | ---- | M] () (No name found) -- C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\ifr0owo3.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi
[2013/01/23 20:28:22 | 000,006,502 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O3 - HKU\S-1-5-21-534870922-2497477711-3022182379-1003\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O4 - HKU\S-1-5-21-534870922-2497477711-3022182379-1003..\Run: [Wisdom-soft ScreenHunter 6.0 Free] 0 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
OK - so I’m assuming you want me to redo the whole sequence. I will have to wait for a bit because I’ve got my external HDD hooked up and am running a full scan with Avast right now. Anymore, it seems like it takes a really long time just to scan my computer, so I’m sure this will take more than a while.
Yes clear system restore, do you know how to do that ?
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
Up to now I don’t even know if I’ve said thank you since I’ve been so wrapped up in my computer malfunctioning, and other things. So the very first thing I want to say is “Thank you!”
I have now cleared my System Restore and then set a new restore point.
I already have Malwarebytes Pro and SUPERAntiSpyware Pro. I also have KeyScrambler Premium and use LastPass for my passwords. But what is this Trustee Rapport. First time I’ve ever had anyone mention this to me. Is this a program associated with Avast?
No this is mainly if you do online banking, it ensures that you are at the right site for your bank and not a sham one. Main details are on the page I linked to…
And it was my pleasure to assist ;D
