avast Bowser Extension Crashing?

I was killing some Processes that weren’t need (TeamViewer, Skype, Chrome) etc. When i attempted to kil Chrome Avast popped up saying that the Extension crashed. When I checked Chrome I found a Purple Page saying…

“He’s dead Jim”

Either Chrome ran out of memory, or the process was terminated for some reason.

That’s all Dandy but the browser should’ve closed. What I don’t get is why Avast would be crashing due to me Killing Chrome

I’ll attach a picture of Avast!'s warning and The Picture I got from chrome

I’ll also attach the Logs for MBAM, Answber, Adwcleaner, OTL etc.

http://public.avast.com/~gmerek/aswMBR.exe ← This site is down for me. I’m unable to connect, but I can connect to other sites.

I’ll edit this post as the logs come.

Looks like GMER is down

What problems are you having apart from the memory issue ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2013/05/08 03:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
IE - HKU\S-1-5-21-725948458-2086357066-3993053614-1001\..\SearchScopes\F3D3513C5CDF4BEBA354CB403F6F83CC: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3290971&CUI=UN14401524916243169&UM=2
O4 - HKU\S-1-5-21-725948458-2086357066-3993053614-1001..\Run: [SearchProtect] C:\Users\Michael\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
[2013/06/28 14:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/06/28 14:56:16 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\SearchProtect
[2013/06/28 14:56:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Conduit
[2013/06/28 14:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit


:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Random FPS (Frame Per Second drops). PC seems to be slower on start-up. Adwcleaner. I’ll run the OTL script in a second

That may have been search protect, which will soon be history :slight_smile:

OTL Log. I could’ve sworn I had already killed Search protect. Presistence little thing.

I only got 1 log from that one.

Also, thanks for the quick response.

It was also set as a service and some clean-ups miss that… How is the FPS now ?

Stable. Everything is running smoothly now. Thanks Essexboy!

Run OTL and press the clean up button to remove it

I lost both logs and OTL when I pressed Clean-up. But when I re-ran OTL it came back with the SearchConduit. Any ideas on why?

It could be that I missed that element, although it is not associated with search protect

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKU\S-1-5-21-725948458-2086357066-3993053614-1001\..\SearchScopes\F3D3513C5CDF4BEBA354CB403F6F83CC: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3290971&CUI=UN14401524916243169&UM=2

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

OTL’s logs. OTLFix is the Custom. OTLQS is the QuickScan without a script implemented. I have also attached the Extra’s Log for you.

Intriguing the fix states not found yet conduit is still showing in one of the IE users, is it showing anywhere else ?

Not in Chrome. At least I haven’t seen it. Is their another way to wipe it?

I will try one more OTL run , then you may have to remove it manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
IE - HKCU\..\SearchScopes\F3D3513C5CDF4BEBA354CB403F6F83CC: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3290971&CUI=UN14401524916243169&UM=2

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Explorer crashed with OTL running that fix. I’ve hard rebooted but I’ve noticed 2 normally hidden Icons. Both Desktop.ini.

! can open one but not the other. Anything? I’ll try the FFix again

desktop.ini is safe. don’t remove it.

Wait, i do not think it is normal for desktop.ini to be locked.

They are system files unhidden by OTL during the removal process so are safe.

OTL crashed me again. Either something in the script is wrong or the Program is blocking it. My AV isn’t doing anything right now. It is Avast so… Any ideas?

As for desktop.ini. There’s two there. Which means 1 may or may not be malicous. Remanets of the Rootkit? It might’ve been Ransomware. It was identified by Avast! as RootKit-Gen. The file was executed. Avast blocked it. Attempted to infect explorer.exe. File Name: Keymaker.exe. I thought it was removed via MBAM. I’ll look into both.

Edit: It is normal. Under the Paths C:\Users(user name)\Desktop and C:\Users\Public\Desktop

Edit 2: Thanks for yuor time Essex. I am thankful for your sticking around and helping out.

I have tried OTL in Admin and Non-Admin mode. Now what (Since it still won’t work). It fails at, Resetting HOSTS file.

OK could you run the OTL fix from safe mode please