Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

searchprotection.exe [Solved]


  • This topic is locked This topic is locked

#16
killallviruses

killallviruses

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 290 posts
There is no extras.txt log on my desktop, computer is running fine, chrome is very slow, heres the log from C:\_OTL\MovedFiles\<date_number.log>

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection deleted successfully.
C:\Users\Randles\AppData\Roaming\Search Protection\SearchProtection.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-2957639889-2282880335-1771364558-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dell.com\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
C:\Users\Randles\AppData\Roaming\Search Protection folder moved successfully.
========== FILES ==========
< dir C:\Users\Randles\AppData\Roaming\BACS.exe /C >
Volume in drive C has no label.
Volume Serial Number is 1639-3798
Directory of C:\Users\Randles\AppData\Roaming\BACS.exe
02/10/2013 09:04 <DIR> .
02/10/2013 09:04 <DIR> ..
04/10/2013 14:59 7,866 Bacs.appInfo
04/10/2013 14:59 1,425 BacsNB.config
04/10/2013 14:59 73,166 Persistence.config
3 File(s) 82,457 bytes
2 Dir(s) 412,293,373,952 bytes free
C:\Users\Randles\Desktop\cmd.bat deleted successfully.
C:\Users\Randles\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Randles
->Temp folder emptied: 38695114 bytes
->Temporary Internet Files folder emptied: 18626552 bytes
->Google Chrome cache emptied: 407147344 bytes
->Flash cache emptied: 2126 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34196138 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 1046504957 bytes

Total Files Cleaned = 1,474.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12132013_090503

Files\Folders moved on Reboot...
C:\Users\Randles\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#17
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Chrome Reset

We have to reset Chrome. How to do this please look here.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

Question

How is the System running? Any issues?
  • 0

#18
killallviruses

killallviruses

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 290 posts
MBAM quick scan log

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Randles :: RANDLES-PC [administrator]

Protection: Disabled

13/12/2013 17:16:04
mbam-log-2013-12-13 (17-16-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204745
Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




ESET Log

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=294ffe717b37674e95d6da0e54837f83
# engine=16262
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-13 05:11:23
# local_time=2013-12-13 05:11:23 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=772 16777213 83 86 1409961 163664555 0 0
# compatibility_mode=5893 16776573 100 94 12304 139419733 0 0
# scanned=125598
# found=2
# cleaned=2
# scan_time=2626
sh=0341CAE720C3B9865F10676B484013E06EFF956F ft=1 fh=08e687e2217f194d vn="a variant of Win32/HackTool.Patcher.T application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\11132013_095944\C_Users\Randles\Downloads\Sony.Sound.Forge.Audio.Studio.10.0.176.Multi\Sony.Sound.Forge.Audio.Studio.10.0.176.exe"
sh=2C7C651D15D2771EE89E1FCF9148B071F5980B0E ft=1 fh=8a43b250fe7eb64f vn="a variant of Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)" ac=C fn="C:\_OTL\MovedFiles\12132013_090503\C_Users\Randles\AppData\Roaming\Search Protection\SearchProtection.exe"
  • 0

#19
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
And how is the PC running? Any issues? (=> How is Chrome running?)
  • 0

#20
killallviruses

killallviruses

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 290 posts
Chrome is miles better, thankyou so much

What about those 2 things that ESET found?
  • 0

#21
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts

What about those 2 things that ESET found?

Don't worry. They got deleted and it was only some Adware ;)

- FIRST -

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

- NEXT -

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

Posted Image

- NEXT -

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • ESET

What's with MBAM?

Malwarebytes is a very good free scanner! It isn't an one demand scanner so it won't have any problems with your AntiVirus! It would be good if you scan your PC after Malware every 1-2 months (of course with Malwarebytes).
But if you like to uninstall it, then make that:

I want you to uninstall the following programs (Start > Control Panel > Add/Remove Programs):

  • Malwarebytes

- NEXT -

Download File-Hippo Updatechecker http://www.filehippo.../updatechecker/ Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then there are probably all programs up to date)
  • Click on the first item of the list, download the Update , after that reboot the Computer and take the next item of the list!

- NEXT -


Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide (http://www.geekstogo...g-your-machine/) written by tech expert Artellos.

Keep safe! :thumbsup:
  • 0

#22
killallviruses

killallviruses

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 290 posts
Thank man

I ve done what you said, I didnt bother with MBAM as I already have the full paid license for it

Thanks again
  • 0

#23
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
No problem. You are most welcome. :thumbsup:
  • 0

#24
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP