Search Protect message on start up

[andrew129260]

App folder? Do you mean app data? You can right click your documents folder and do a restore previous versions to restore the folder. If you restore though, malware may come back with it.

Nothing in there should involve personal data.

Some malware copy your personal data to the temp folders, which is why that warning is there. If you see all your documents, music, pictures and videos etc, and your personal data is all there in the expected places C:\users\*your username*, do not worry about that folder.

 

[kevtherev]

Silly me, the folder (AppData) was hidden, unlocked and is now o/k ??
Attached is latest scan results and I think that I have removed IObit software from my PC.

 

[andrew129260]

1.) Ya appdata is hidden by default. No worries.


2.) I did not see any iobit this time. Good job!

There is a setup file for it in your downloads folder though here:

c:\users\kevin\downloads\infohelper.exe

I would delete it.


3.)Herd protect found more: (Or I missed some before, I took my time looking at the log this time-apologies.)

Remove just like before the following:

File path: 		c:\users\kevin\appdata\roaming\getprivate\gp_upd.exe
Publisher: 		
MD5: 			5a9f1e5cae14c680846fb62016139986
SHA-1: 			e020a54e6ef01cd35f1554688beea51242c8ba13
Created: 		23/05/2014 14:50:35
Detections: 		3
Determination: 		Inconclusive

File path: 		c:\users\kevin\appdata\local\temp\gpupd.exe
Publisher: 		
Signer: 		Closed Joint-Stock Company 
MD5: 			356cba6f32e67e7c607a0d467334a93e
SHA-1: 			c8ea747c00b74a4393057fceefdea96df5c2effc
Created: 		26/05/2014 18:33:46
Detections: 		4
Determination: 		Adware

File path: 		c:\windows\iun6002.exe
Publisher: 		Indigo Rose Corporation
MD5: 			456462905091db042141487fe030e3c9
SHA-1: 			bb57b4850528c3c8d9bf159fb5b9f414ddc7d5d7
Created: 		25/04/2013 12:49:28
Detections: 		1

File path: 		c:\programdata\installmate\{b6fb7da3-dcc3-4756-9c74-f6e285b1e79a}\setup.exe
Publisher: 		Tarma Software Research Pty Ltd
Signer: 		Tarma Software Research Pty Ltd
MD5: 			c97564797b0780cdbd2c50337805257e
SHA-1: 			4fc8449d2fcd970b9d5db764917d70b2d9fd0e25
Created: 		01/04/2014 12:07:02
Detections: 		1

File path: 		c:\programdata\installmate\{6586566d-cc51-4b6a-bdff-daee3173edca}\setup.exe
Publisher: 		Tarma Software Research Pty Ltd
Signer: 		Tarma Software Research Pty Ltd
MD5: 			c9e49b72b0e19e2757bfadc5c3ef8ece
SHA-1: 			73c30425c6825e6d9ab4c964fa82f9543dcd1c71
Created: 		11/03/2014 11:20:49
Detections: 		2

File path: 		c:\users\kevin\appdata\roaming\settings manager\systemk\components\systemkhlpff10.dll
Publisher: 		Aztec Media Inc
Signer: 		AZTEC MEDIA INC.
MD5: 			785916b14c94472c45864f1261f9df92
SHA-1: 			875bf27a9d7ec8a57e1d22728a94605e77a66f99
Created: 		26/05/2014 11:50:15
Detections: 		3

File path: 		c:\users\kevin\appdata\roaming\settings manager\systemk\components\systemkhlpff11.dll
Publisher: 		Aztec Media Inc
Signer: 		AZTEC MEDIA INC.
MD5: 			3b2d14bbf707833886d0a3a6a6b6aa84
SHA-1: 			d899a4b906a21bd09967dec18e585bbc0857613f
Created: 		26/05/2014 11:50:15
Detections: 		3

4.)Since you have show hidden files on,
Go into the c:\users\kevin\appdata\roaming\ file path and do a shift delete on the folder "settings manager". Lots of junk in there. Let me know the results. Shift delete will bypass the recycle bin and delete completely.

5.) -Uninstall spyhunter software. If not found in the uninstall a program, remove it in herdprotect.

6.)Restart the PC.

7.) How is the pc by the way? Pop up still appearing at boot? It shouldn't after the above is done.

 

[kevtherev]

7.) How is the pc by the way? Pop up still appearing at boot? It shouldn't after the above is done.

Thanks a million andrew, the annoying Pop up has now gone. I cannot thank you and the others involved enough. Once again, many many thanks.
PS:- I promise that I will take more care in the future on what I download.

 

[andrew129260]

I advise you to install and use the following security programs so you do not get infected again:

-Panda antivirus -You can only have 1 antivirus installed at a time, I recommend using this one and uninstalling what you are using now.

-Malwarebytes
-Superantispyware
-Should I remove it

Run them around once every 2 weeks.

Should I remove it is not a malware scanner. What it does is it looks at all of the installed programs on your PC and gives you a percentage % of how many people uninstall the software. If the percentage % is high, I would remove it as it is most likely not a good program. It also gives a ton of information about what the program does and how it behaves.

I also suggest using a standard user account in windows, and only using an admin account when you need to install software:

http://www.sevenforums.com/tutorials/181024-user-account-create.html

When using a standard account and you make a change or install a program that affects the whole system, UAC will prompt you to continue. Make sure the setting or program you are tying to install is listed, then click yes to continue. If you are just browsing the web and the prompt appears with a program you have not heard of, or do not know what it is, it is much safer to click no then yes. No will block the action, and if you were trying to do something, you can always start it again and choose yes.

UAC makes this easy, see here:

What is user account control (UAC)?

I also suggest choosing always notify for UAC:

What are User Account Control settings?

Those are my recommendations to you, and I Highly suggest you follow them.