Need help removing Wsearch - Windows Search, Malware

So I have noticed in the last while my PC has been running extra hard. the fan seems to be doin over time all the time when it shouldn't.

there is RAM being used up even when idle.

I have checked the services to see what is running and I have this service called "Wsearch"

a google says its malware and some tips on how to get rid of it but nothing seems to work. malware is running now and not found anything yet.

I have tried Revo and the normal add remove programs in windows and they not even finding it. also no sign on it in firefox add on page, I have a feeling it may have come through IE so I dont even want to open that and in fact im goin to just delete it when i get this sorted, nothing but trouble. I had that babylon search hijack thing a while back too.

can anyone help please, i dont fancy a full reinstall

when I try to stop it from the task manager i get "Access is denied"

thats all info I can provide for now, thanks anyone that can help

Graemzy

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Another useful one to use.


download AdwCleaner by Xplode and save to your Desktop.

• Double click on AdwCleaner.exe to run the tool.
  Vista/Windows 7/8 users right-click and select Run As Administrator.
• Click on the Scan button.
• AdwCleaner will begin...be patient as the scan may take some time to complete.
• After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
• The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
• Copy and paste the contents of that logfile in your next reply.
• A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Using AdwCleaner v3: Scan & Clean:
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...

This time click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder

nice one thankd for the help, i have ran the first program, here are the results. im goin to run the other one now

~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2011683604-3173684489-3388640950-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Graemzy\appdata\local\babylon"
Successfully deleted: [Empty Folder] C:\Users\Graemzy\appdata\local\{0A0C8B0C-73AB-4102-BC85-9C191275F31B}
Successfully deleted: [Empty Folder] C:\Users\Graemzy\appdata\local\{6A66C54B-80D8-4A6B-BC19-31234838D121}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted the following from C:\Users\Graemzy\AppData\Roaming\mozilla\firefox\profiles\j0guk11v.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112250&babsrc=NT_ss&mntrId=b89af28e000000000000701a041f2ac4");
user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112250&babsrc=KW_ss&mntrId=b89af28e000000000000701a041f2ac4&q=");
Emptied folder: C:\Users\Graemzy\AppData\Roaming\mozilla\firefox\profiles\j0guk11v.default\minidumps [388 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/12/2013 at 3:10:52.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

and the second one

# AdwCleaner v3.015 - Report created 21/12/2013 at 03:18:26
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Graemzy - GRAEMZY-PC
# Running from : C:\Users\Graemzy\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\NCH Software
Folder Found C:\Program Files (x86)\NCH Software
Folder Found C:\ProgramData\NCH Software
Folder Found C:\Users\Graemzy\AppData\Local\PackageAware
Folder Found C:\Users\Graemzy\AppData\Roaming\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\NCH Software
Key Found : [x64] HKCU\Software\NCH Software
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\Software\NCH Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Graemzy\AppData\Roaming\Mozilla\Firefox\Profiles\j0guk11v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Graemzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : homepage

*************************

AdwCleaner[R0].txt - [1856 octets] - [21/12/2013 03:18:26]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1916 octets] ##########

That seemed to get rid of alot of little goodies, conduit, babylon etc can be resource hoggers as well as nasty little infections, when you log into your browser what is the search engine that comes up?

sorry for log post again but this is the one i got after the reboot, i dont see the Wsearch one tho, I See all them babylon ones aswell, hope they stay gone.

when i open browser i have a different default page, not a search engine. that was never changed on firefox, it was however on internet exploer the last time i used it. it was goin to that babylon one!

# AdwCleaner v3.015 - Report created 21/12/2013 at 03:25:52
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Graemzy - GRAEMZY-PC
# Running from : C:\Users\Graemzy\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Graemzy\AppData\Local\PackageAware
Folder Deleted : C:\Users\Graemzy\AppData\Roaming\NCH Software
File Deleted : C:\Windows\System32\Tasks\NCH Software

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\NCH Software

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-GB)

[ File : C:\Users\Graemzy\AppData\Roaming\Mozilla\Firefox\Profiles\j0guk11v.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Graemzy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [2000 octets] - [21/12/2013 03:18:26]
AdwCleaner[R1].txt - [2060 octets] - [21/12/2013 03:24:51]
AdwCleaner[S0].txt - [1955 octets] - [21/12/2013 03:25:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2015 octets] ##########

Let's get rid of your temporary files....
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser and desktop!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

*** keep this convenient application and use!

Also download RogueKiller:
http://tigzy.geekstogo.com/roguekiller.php
Select the version that applies to the system.
Save to the Desktop.

After closing all windows and browsers, right-click the downloaded RogueKiller file and select: Run as Administrator
At the program console, wait for the Prescan to finish. (Under Status, it says: Prescan finished.)
Press: SCAN

When done, a report opens on the drive: RKreport.txt

Please provide the RKreport.txt (Mode: Scan) in your reply.

So it is just your normal search engine that appears?

ok ill go threw the motions now with the next to programs thanks for the help this is great!

as for your other question, I dont have a search engine set as my home page. I have x360a.org set as me homepage and it goes to that, using firefox that is. I use firefox all the time, only time i use ie or chrome is when something wont work in firefox or checkin to see if a site im workin works on it, and thats not very often at all, havent done a website in a long time!

Yeah i must have missed the part when you said you used firefox, apologies, i use firefox too, just make sure than when you open up IE or Chrome it isnt flinging any toolbars or search engines that you dont want at you, it shouldnt but theres more to them than meets the eyes, the other programs are just to be sure and get rid of some other goodies than might be in your system that no one knows about. Your welcome buddy!