Looking for the "All Clear" - Logs Attached

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by EscapeCat, Feb 27, 2014.

  1. EscapeCat

    EscapeCat Private First Class

    Hi!

    I just got my computer running like a dream and now my boyfriend asked me to look at his. He complained of it being slow for "approximately a year" and was having issues when using search engines. He couldn't explain exactly if it was a redirect or not, as it wasn't taking him to a random page. What was happening was he has his home page set to www.google.com. But, as soon as he opened his Google Chrome browser, a SECOND tab would open up with some other random browser called Search.Conduit. He would never use that tab that was randomly opening, he just closed it and continued doing whatever he was already doing. He did at times go into the Chrome Settings and delete the added home pages that were being added that he wasn't doing.

    Secondly, if he would use the google search box at the top of his browser, it would randomly change to Bing, Yahoo!, etc.

    Computer Specifications
    Windows 7 Home Premium, Service Pack 1
    64-Bit
    RAM 4.00 GB (3.8 GB usable)
    Intel Core i3 CPU M 380 @ 2.53 GHz
    2.53 GHz

    I'm attaching the logs from his scan now for your review. Please advise. THANK YOU!!!! :)
     

    Attached Files:

  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun RogueKiller and have it fix these:
    Code:
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : SearchProtection ("C:\Users\rick laptop\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-3679778611-1412916949-4036185238-1000\[...]\Run : SearchProtection ("C:\Users\rick laptop\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart [7]) -> FOUND
    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Attach the logfile to your next next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

    Now rerun RogueKiller and attach the new log.

    Be sure to tell me how things are running.
     
  3. EscapeCat

    EscapeCat Private First Class

    Hi Tim!

    Thanks for your reply. I re-ran RogueKiller, and those items did not show up this time so I couldn't fix them. Maybe it was part of whatever Malwarebytes fixed and removed? I dunno. In any event, I'm attaching the logs from RogueKiller and AwCleaner for your review. I really don't know much about the different items that appeared on the different tabs after the scan was complete in AwCleaner. And since you didn't tell me to fix anything yet, I did nothing. (Not sure how to fix anything anyway. Hehe.)

    We haven't had the problem with a new tab opening next to his default home page (google.com) again, but otherwise, I don't really see other issues, but we haven't used it too much, either.

    Please check out these new logs and advise. Thanks! (Oh, and I added a (2) to the Rogue Killer log because when I went to save it, it wanted to save over the previous log, and I didn't know if you wanted that.)
     

    Attached Files:

  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Make sure all that was found has a check mark in the box and hit Clean. Your system will need to restart to finish the cleaning.Let me know how things are running. ;)
     
  5. EscapeCat

    EscapeCat Private First Class

    I am just about to do that, but just a heads up... Before doing this, I went to come here to this site and opened his browser. Immediately another tab opened. I've attached a screenshot to this post. Now I'll go do that, and post my logs again.

    Please let me know what to do next! :)

    Thanks!
     

    Attached Files:

  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    It is probably just loading the tab do to how Chrome is setup.


    Try the below:
    • Click the Customize and Control Google Chrome button ( the 3 parallel lines down below the X button used to close the window ).
    • Then on the pop down form select Settings.
    • Now see the On start-up option
      • You may have the Open a specific page or set of pages radio button selected. If so, click the Set pages link and look for the problem page and delete them.
     
  7. EscapeCat

    EscapeCat Private First Class

    Hi Chaslang! He has done that more times than he can count (he was also asking people online who told him to do that), and it continues to return. :(
     
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    My last message was referring to ADWCleaner. Not RogueKiller. ​
     
  9. EscapeCat

    EscapeCat Private First Class

    Oops! I feel pretty dumb right now. Sorry about that! Meh. Hopefully that didn't create additional problems for his laptop. Dang it! :(

    So now I have done that with the ADWCleaner and am attaching the log for that here. However, after doing that and rebooting the computer, the second tab once again opened as pictured in the screenshot above. The steps that Chaslang mentioned only remove it for a very short time before it returns.
     

    Attached Files:

  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Perhaps Charlie will have some additional insight into this issue.
     
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then it is either being brought back by some program that is installed or by you shortcut link that runs Chrome. Repeat the previous instructions I gave to delete the startup tab. Then exit Chrome. Now do the below.
    • Right click on your Chrome shortcut and then click on the Properties option.
    • In the shortcut tab, remove http://www.browse-search.com/ from the Target box, click on Apply and OK to save the change.
    • Now test Chrome.
     
  12. EscapeCat

    EscapeCat Private First Class

    Hmm. Sorry for the lengthy delay in responding. He had his computer with him.

    So, he went to do delete it as mentioned above and opened the tab, but the site listed does not show up under the SETTINGS>ON START UP tab.

    Next, he has no shortcut on his desktop. The Chrome icon is only in his taskbar. When he right clicked it, properties is not an option. :(

    Hmmm....
     
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    There would be a Properties selection if run from a link on the Desktop or from the Quick Launch. Seem you are just having this load some how at startup via a startup process. Since your problem is really not malware but rather a deficiency in Chrome, I suggest that you backup bookmarks ( if desired to keep ) but back them up somewhere safe and not in any of the folders below that we will delete.

    Then uninstall Chrome and reboot the PC.
    After reboot delete the below two folders:

    C:\Users\rick laptop\AppData\Local\Google\Chrome
    C:\Program Files (x86)\Google


    Then redownload and reinstall Chrome. Check that it works properly and then import the backed up bookmarks.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds