search protect problem

[JonnyLectron]

I was browsing the web, and caught some annoying and nasty program.
I don't know what it is, here are some symptoms.
The program boots all 3 of my web browsers (chrome, ie, and firefox) and changes the search engine as well as the home page to searchprotected.io

The problem is that I have used malware bytes, the junkware removal tool, microsoft security essentials, and chrome software removal tools, as well as ccCleaner to attempt to remove the software. I figured out how to set the computer to block searchprotected.io so that if I try to access the domain on ANY internet browsing software (even software with ie ad plugins), the request won't work.

The program is repeatedly launching itself, and starting my browsers is a no gui mode to change my settings. I know it accesses chromes settings tab, because i have chrome setup to continue where i left off, and whenever i see chrome's icon flicker on my taskbar, my settings page is in the recently closed tabs.

Also, anything i did in my last browsing session opens as well, such as youtube videos, or sites with ads that play sound and video. Which is annoying.


Please help, I only have one other idea, and that is a clean install of windows 7.

 

[JonnyLectron]

I have even went the route of wiping and selling my 2 external hard drives, and buying 2 new units to put back in the cases.

 

[Empire Software]

reset all or your browsers to default settings. check under programs and features and uninstall. run a malwarebytes scan to make sure it never comes back

 

[JonnyLectron]

I have tried that as stated above

 

[JonnyLectron]

Update

found a program opening in my windows task manager. GPUpd56BBFDBB0.exe

The file description is in another language (i suspect latin) but I couldn't figure out how to copy that to add in. Next time it opens I will grab a screen cap of that as well

 

[JonnyLectron]

Got a screen grab of potential problem applications.

 

[iSuck]

Check the browser extensions for unfamiliar addons and remove them. Manage Browser add ons in IE, Chrome, Firefox, Opera

Try scanning for malware using ADWCleaner and Hitman PRO.

ADWCleaner (free) - https://toolslib.net/downloads/viewdownload/1-adwcleaner/
Hitman PRO (the trial removes malware) - HitmanPro 3 - SurfRight

Check your startup program lists (do this in CCleaner or MSconfig.exe's Startup tab) and your Programs and Features lists for anything suspicious.

If all else fails, use Kaspersky TDSSKiller, a rootkit scanner, to make sure that any rootkits aren't changing your settings.

If you are curious about those two files, upload them to VirusTotal. VirusTotal scans them in the "cloud", in layman's terms on another computer on the internet, and will give you the virus scan results from a myriad of antiviruses. (it's pretty cool!)

 

[iSuck]

If Kaspersky TDSSKiller fails, kill them in Task Manager, open the file location of those suspicious files in Task Manager, then in the file location delete them. This usually isn't risky unless the files are critical, although if they are associated with a program on your computer, that program may stop working. You could send them to the recycle bin and restore them if the deletion presents a problem later on. This is under the assumption that those files are causing the homepage problem. Even if that isn't the case, they are very suspicious and could be another security problem that should be removed anyway.