Search Protect
Posted: July 7, 2014
Threat Metric
The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to
give every identifiable malware threat. Our Threat Meter includes several criteria based off of
specific malware threats to value their severity, reach and volume. The Threat Meter is able to give
you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count,
Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic
breakdown of how all threats are ranked within our own extensive malware database. The scoring for
each specific malware threat can be easily compared to other emerging threats to draw a contrast in
its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to
remove a threat or pursue additional analytical research for all types of computer users.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Ranking: | 1,156 |
|---|---|
| Threat Level: | 5/10 |
| Infected PCs: | 382,425 |
| First Seen: | July 7, 2014 |
|---|---|
| Last Seen: | October 17, 2023 |
| OS(es) Affected: | Windows |
Search Protect is a potentially unwanted program by Client Connect Ltd that could generate random ads and cause redirects to questionable sites. Use of the Search Protect ads or redirected sites may result in leading to an unwanted download or loading of a site that asks you to take part in a questionable action on the internet. Search Protect was once part of the conduit network of sites and generic search engines. Since then, Search Protect is used more as a means of changing your default home page to an unwanted site and advertising various sponsored links or ads so the creators of Search Protect can be get paid. Removal of the Search Protect program is necessary to prevent your home page from redirecting or other actions taking place on your web browser that interrupt you from surfing the internet in a normal fashion.
Aliases
Win64.Application.SearchProtect.AB@gen [GData]Artemis [McAfee-GW-Edition]Artemis!A2C9DD9C88B8 [McAfee]Generic.ABF [AVG]Riskware/ClientConnect [Fortinet]Adware.Conduit.298 [DrWeb]SearchProtect.1DD [AVG]Riskware/Searchprotect [Fortinet]PUP/Win32.SearchProtect [AhnLab-V3]Conduit Search Protect [Sophos]not-a-virus:RiskTool.Win32.SearchProtect.a [Kaspersky]Trojan ( 0049ef011 ) [K7AntiVirus]RiskTool.SearchProtect.r6 (Not a Virus) [CAT-QuickHeal]
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC32LO~1.DLL
File name: VC32LO~1.DLLSize: 219.92 KB (219920 bytes)
MD5: 106fc33504ded471797f3650a3059885
Detection count: 95
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\Main\bin\CltMngSvc.exe
File name: CltMngSvc.exeSize: 3.24 MB (3246864 bytes)
MD5: 50ce1e27440dc18eb5252955a74e62ec
Detection count: 91
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\SearchProtect\Main\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES%\SearchProtect\SearchProtect\bin\VC32LO~1.DLL
File name: VC32LO~1.DLLSize: 221.45 KB (221456 bytes)
MD5: b1bbd3ddc3c7556e053d00019c83eb44
Detection count: 80
Mime Type: unknown/DLL
Path: %PROGRAMFILES%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\Main\bin\CltMngSvc.exe
File name: CltMngSvc.exeSize: 2.73 MB (2732032 bytes)
MD5: 23a89e668465ee970182c5812deb5c74
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\SearchProtect\Main\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64LO~1.DLL
File name: VC64LO~1.DLLSize: 249.1 KB (249104 bytes)
MD5: cea1f3c1147a4564be99bc406c2ac71a
Detection count: 72
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
\??\C:\Windows\system32\drivers\SPPD.sys
File name: SPPD.sysSize: 18.87 KB (18872 bytes)
MD5: bc93b6c15237718a06bb325c49071abf
Detection count: 66
File type: System file
Mime Type: unknown/sys
Path: \??\C:\Windows\system32\drivers
Group: Malware file
Last Updated: February 10, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64LO~1.DLL
File name: VC64LO~1.DLLSize: 249.1 KB (249104 bytes)
MD5: 07da861511af296a7f64c3afa2da1a2f
Detection count: 60
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\Main\bin\CltMngSvc.exe
File name: CltMngSvc.exeSize: 3.24 MB (3241232 bytes)
MD5: 88556832027cdeb45394b5883df00a16
Detection count: 56
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\SearchProtect\Main\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC32Loader.dll
File name: VC32Loader.dllSize: 219.92 KB (219920 bytes)
MD5: 98d147ccd483cb71926dfaad168c48f8
Detection count: 52
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC32LO~1.DLL
File name: VC32LO~1.DLLSize: 221.45 KB (221456 bytes)
MD5: 0b7c31a875f05a4664911b1e5d4335bb
Detection count: 46
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64LO~1.DLL
File name: VC64LO~1.DLLSize: 249.1 KB (249104 bytes)
MD5: c598cc2ada03e90b588957e9a2ff7715
Detection count: 46
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64Loader.dll
File name: VC64Loader.dllSize: 247.05 KB (247056 bytes)
MD5: c1d32b1462f6c92c507b157ea00caaba
Detection count: 44
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
\??\C:\Windows\system32\drivers\SPPD.sys
File name: SPPD.sysSize: 19.38 KB (19384 bytes)
MD5: 68d7304239069573a46d384cd71f5ec3
Detection count: 35
File type: System file
Mime Type: unknown/sys
Path: \??\C:\Windows\system32\drivers
Group: Malware file
Last Updated: February 10, 2016
%PROGRAMFILES(x86)%\SearchProtect\UI\bin\cltmngui.exe
File name: cltmngui.exeSize: 3.28 MB (3287312 bytes)
MD5: 52a4d97313e888b35cbaa8b6c01183d8
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\SearchProtect\UI\bin
Group: Malware file
Last Updated: February 12, 2016
%PROGRAMFILES%\SearchProtect\SearchProtect\bin\VC32LO~1.DLL
File name: VC32LO~1.DLLSize: 221.45 KB (221456 bytes)
MD5: 7bccece3b36ef34e5ab24a8a7114cbad
Detection count: 16
Mime Type: unknown/DLL
Path: %PROGRAMFILES%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
%LOCALAPPDATA%\bvyvavay\bvyvavay.exe
File name: bvyvavay.exeSize: 2.18 MB (2185216 bytes)
MD5: 3fecacabe8cd7a900ea2423d6765f040
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %LOCALAPPDATA%\bvyvavay
Group: Malware file
Last Updated: April 27, 2016
\??\C:\Windows\system32\drivers\SPPD.sys
File name: SPPD.sysSize: 18.87 KB (18872 bytes)
MD5: bf47089977bba0a0fe4aa9b7bfcf310d
Detection count: 15
File type: System file
Mime Type: unknown/sys
Path: \??\C:\Windows\system32\drivers
Group: Malware file
Last Updated: February 10, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC32Loader.dll
File name: VC32Loader.dllSize: 219.89 KB (219896 bytes)
MD5: 20a8b186142a0f70e3e89e04cf3c34ea
Detection count: 15
File type: Dynamic link library
Mime Type: unknown/dll
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64LO~1.DLL
File name: VC64LO~1.DLLSize: 249.1 KB (249104 bytes)
MD5: 11d05707c3f825000e5b27a5c4e209d2
Detection count: 14
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: March 1, 2016
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\cltmng.exe
File name: cltmng.exeSize: 4.25 MB (4256016 bytes)
MD5: 941663f8a1a09853bd7bb17116187e9f
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: January 26, 2023
%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC32LO~1.DLL
File name: VC32LO~1.DLLSize: 219.92 KB (219920 bytes)
MD5: eeeb6458a904dbddb2e30d3190476c29
Detection count: 1
Mime Type: unknown/DLL
Path: %PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin
Group: Malware file
Last Updated: February 13, 2016
More files
Registry Modifications
The following newly produced Registry Values are:
CLSID{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}File name without pathOrbiterInstaller[1].exeRegexp file mask%PROGRAMFILES%\SearchProtect\Main\bin\CltMngSvc.exe%PROGRAMFILES%\SearchProtect\SearchProtect\bin\SPVC32Loader.dll%PROGRAMFILES(x86)%\SearchProtect\Main\bin\CltMngSvc.exe%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\SPVC32Loader.dll%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\SPVC64Loader.dll%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64Loader.dll%WINDIR%\AppPatch\AppPatch64\VCLdr64.dll%WINDIR%\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb%WINDIR%\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb%WINDIR%\AppPatch\nbin\VC32Loader.dll%WINDIR%\system32\SearchProtectService.exe%WinDir%\System32\Tasks\avaavaevy[RANDOM CHARACTERS]%WinDir%\System32\Tasks\avaavxvyex%WinDir%\System32\Tasks\avabvbavad%WinDir%\System32\Tasks\avabvbxvh%WinDir%\System32\Tasks\avabvbyvyb%WinDir%\System32\Tasks\avabvbyvyc%WinDir%\System32\Tasks\avabvdxvy%WinDir%\System32\Tasks\avabvexvac%WINDIR%\System32\Tasks\avabvyxvdy%WINDIR%\System32\Tasks\avaxvavya%WinDir%\System32\Tasks\avaxvbxvgx%windir%\System32\Tasks\avayvaxvaa%WinDir%\System32\Tasks\bvxvaxxvyd%WinDir%\System32\Tasks\bvxvbvef%WinDir%\System32\Tasks\bvxvbxvd%WinDir%\System32\Tasks\bvxvbxxvaa%WinDir%\System32\Tasks\bvxvbyxvaa%WinDir%\System32\Tasks\bvxvcxxvaf%WinDir%\System32\Tasks\bvxvcyxvyy%WinDir%\System32\Tasks\bvxvdxvx%WinDir%\System32\Tasks\bvxvexvbg%WinDir%\System32\Tasks\bvxvgxvyy%WinDir%\System32\Tasks\bvxvyxvgy%WinDir%\System32\Tasks\bvxvyxxvcy%WinDir%\System32\Tasks\bvyvavay%WinDir%\System32\Tasks\bvyvbvhx%WinDir%\System32\Tasks\bvyvbvyb%WinDir%\System32\Tasks\bvyvbvyf%WINDIR%\SysWOW64\SearchProtectService.exe%WinDir%\Tasks\avaavxvyex[RANDOM CHARACTERS]%WinDir%\Tasks\avabvbxvh[RANDOM CHARACTERS]%WinDir%\Tasks\avaxvbxvgx[RANDOM CHARACTERS]%WinDir%\Tasks\bvxvcxxvaf.job%WinDir%\Tasks\bvxvdxvx[RANDOM CHARACTERS]HKEY..\..\..\..{RegistryKeys}Software\Conduit_Search_ProtectSoftware\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.xxx\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.zza\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32LdrSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\software_removal_tool.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\software_reporter_tool.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavxvyexSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbavadSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbxvhSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbyvybSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbyvycSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvdxvySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvexvacSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvyxvdySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvbxvgxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvavcSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvaxxvydSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbvefSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxvdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaaSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbyxvaaSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvcxxvafSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvcyxvyySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvdxvxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvexvbgSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvgxvyySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvecSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvgySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxxvcySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvavaySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvhxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvybSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvyfSOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\ORBTRSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sonocontrolSoftware\Microsoft\Windows\CurrentVersion\Run\SearchProtectSOFTWARE\ORBTRSoftware\SearchProtectSoftware\SearchProtectIN4TSoftware\SearchProtectINTSoftware\SearchProtectINT2Software\SearchProtectWSSOFTWARE\SPPDCOMSOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\ORBTRSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\sonocontrolSOFTWARE\Wow6432Node\ORBTRSOFTWARE\Wow6432Node\SearchProtectSOFTWARE\Wow6432Node\SPPDCOMSYSTEM\ControlSet001\Enum\Root\LEGACY_SPPDSYSTEM\ControlSet001\services\CltMngSvcSYSTEM\ControlSet001\services\OrbiterSYSTEM\ControlSet001\services\SPPDSYSTEM\ControlSet001\services\SPSSYSTEM\ControlSet002\Enum\Root\LEGACY_SPPDSYSTEM\ControlSet002\services\CltMngSvcSYSTEM\ControlSet002\services\OrbiterSYSTEM\ControlSet002\services\SPPDSYSTEM\ControlSet002\services\SPSSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPPDSYSTEM\CurrentControlSet\services\CltMngSvcSYSTEM\CurrentControlSet\services\OrbiterSYSTEM\CurrentControlSet\services\SPPDSYSTEM\CurrentControlSet\services\SPSHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SearchProtectSetup Support for SearchProtect{2AEF02C3-5159-4C81-A688-8D954F0DEE56}_NewSearch
CLSID{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}File name without pathOrbiterInstaller[1].exeRegexp file mask%PROGRAMFILES%\SearchProtect\Main\bin\CltMngSvc.exe%PROGRAMFILES%\SearchProtect\SearchProtect\bin\SPVC32Loader.dll%PROGRAMFILES(x86)%\SearchProtect\Main\bin\CltMngSvc.exe%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\SPVC32Loader.dll%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\SPVC64Loader.dll%PROGRAMFILES(x86)%\SearchProtect\SearchProtect\bin\VC64Loader.dll%WINDIR%\AppPatch\AppPatch64\VCLdr64.dll%WINDIR%\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb%WINDIR%\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb%WINDIR%\AppPatch\nbin\VC32Loader.dll%WINDIR%\system32\SearchProtectService.exe%WinDir%\System32\Tasks\avaavaevy[RANDOM CHARACTERS]%WinDir%\System32\Tasks\avaavxvyex%WinDir%\System32\Tasks\avabvbavad%WinDir%\System32\Tasks\avabvbxvh%WinDir%\System32\Tasks\avabvbyvyb%WinDir%\System32\Tasks\avabvbyvyc%WinDir%\System32\Tasks\avabvdxvy%WinDir%\System32\Tasks\avabvexvac%WINDIR%\System32\Tasks\avabvyxvdy%WINDIR%\System32\Tasks\avaxvavya%WinDir%\System32\Tasks\avaxvbxvgx%windir%\System32\Tasks\avayvaxvaa%WinDir%\System32\Tasks\bvxvaxxvyd%WinDir%\System32\Tasks\bvxvbvef%WinDir%\System32\Tasks\bvxvbxvd%WinDir%\System32\Tasks\bvxvbxxvaa%WinDir%\System32\Tasks\bvxvbyxvaa%WinDir%\System32\Tasks\bvxvcxxvaf%WinDir%\System32\Tasks\bvxvcyxvyy%WinDir%\System32\Tasks\bvxvdxvx%WinDir%\System32\Tasks\bvxvexvbg%WinDir%\System32\Tasks\bvxvgxvyy%WinDir%\System32\Tasks\bvxvyxvgy%WinDir%\System32\Tasks\bvxvyxxvcy%WinDir%\System32\Tasks\bvyvavay%WinDir%\System32\Tasks\bvyvbvhx%WinDir%\System32\Tasks\bvyvbvyb%WinDir%\System32\Tasks\bvyvbvyf%WINDIR%\SysWOW64\SearchProtectService.exe%WinDir%\Tasks\avaavxvyex[RANDOM CHARACTERS]%WinDir%\Tasks\avabvbxvh[RANDOM CHARACTERS]%WinDir%\Tasks\avaxvbxvgx[RANDOM CHARACTERS]%WinDir%\Tasks\bvxvcxxvaf.job%WinDir%\Tasks\bvxvdxvx[RANDOM CHARACTERS]HKEY..\..\..\..{RegistryKeys}Software\Conduit_Search_ProtectSoftware\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchProtectSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\chrome.exe\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.xxx\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\explorer.zza\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\firefox.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\iexplore.exe\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\Layers\VC32LdrSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\software_removal_tool.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\software_reporter_tool.exe\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdbSOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exeSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavxvyexSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbavadSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbxvhSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbyvybSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvbyvycSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvdxvySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvexvacSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avabvyxvdySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvbxvgxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvavcSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvaxxvydSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbvefSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxvdSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxxvaaSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbyxvaaSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvcxxvafSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvcyxvyySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvdxvxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvexvbgSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvgxvyySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvecSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxvgySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvyxxvcySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvavaySOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvhxSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvybSOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvyvbvyfSOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost\ORBTRSOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sonocontrolSoftware\Microsoft\Windows\CurrentVersion\Run\SearchProtectSOFTWARE\ORBTRSoftware\SearchProtectSoftware\SearchProtectIN4TSoftware\SearchProtectINTSoftware\SearchProtectINT2Software\SearchProtectWSSOFTWARE\SPPDCOMSOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost\ORBTRSOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\sonocontrolSOFTWARE\Wow6432Node\ORBTRSOFTWARE\Wow6432Node\SearchProtectSOFTWARE\Wow6432Node\SPPDCOMSYSTEM\ControlSet001\Enum\Root\LEGACY_SPPDSYSTEM\ControlSet001\services\CltMngSvcSYSTEM\ControlSet001\services\OrbiterSYSTEM\ControlSet001\services\SPPDSYSTEM\ControlSet001\services\SPSSYSTEM\ControlSet002\Enum\Root\LEGACY_SPPDSYSTEM\ControlSet002\services\CltMngSvcSYSTEM\ControlSet002\services\OrbiterSYSTEM\ControlSet002\services\SPPDSYSTEM\ControlSet002\services\SPSSYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPPDSYSTEM\CurrentControlSet\services\CltMngSvcSYSTEM\CurrentControlSet\services\OrbiterSYSTEM\CurrentControlSet\services\SPPDSYSTEM\CurrentControlSet\services\SPSHKEY_LOCAL_MACHINE\Software\[APPLICATION]\Microsoft\Windows\CurrentVersion\Uninstall..{Uninstaller}SearchProtectSetup Support for SearchProtect{2AEF02C3-5159-4C81-A688-8D954F0DEE56}_NewSearch
Additional Information
The following directories were created:
%AppData%\SearchProtect%LOCALAPPDATA%\GuardboxEngine%LOCALAPPDATA%\NextSearch%LOCALAPPDATA%\avaavaevy%LOCALAPPDATA%\avaavxvyex%LOCALAPPDATA%\avabvbavad%LOCALAPPDATA%\avabvbxvh%LOCALAPPDATA%\avabvbyvyb%LOCALAPPDATA%\avabvbyvyc%LOCALAPPDATA%\avabvcxvyx%LOCALAPPDATA%\avabvdxvy%LOCALAPPDATA%\avabvexvac%LOCALAPPDATA%\avabvyxvdy%LOCALAPPDATA%\avaxvbxvgx%LOCALAPPDATA%\avayvaxxvae%LOCALAPPDATA%\avayvxvaxc%LOCALAPPDATA%\bvxvavc%LOCALAPPDATA%\bvxvaxxvyd%LOCALAPPDATA%\bvxvbvbh%LOCALAPPDATA%\bvxvbvef%LOCALAPPDATA%\bvxvbxvd%LOCALAPPDATA%\bvxvbxxvaa%LOCALAPPDATA%\bvxvbyxvaa%LOCALAPPDATA%\bvxvcxxvaf%LOCALAPPDATA%\bvxvcyxvyy%LOCALAPPDATA%\bvxvdxvx%LOCALAPPDATA%\bvxvexvbg%LOCALAPPDATA%\bvxvgxvyy%LOCALAPPDATA%\bvxvhxvh%LOCALAPPDATA%\bvxvyxvec%LOCALAPPDATA%\bvxvyxvgy%LOCALAPPDATA%\bvxvyxxvcy%LOCALAPPDATA%\bvyvavay%LOCALAPPDATA%\bvyvbvhx%LOCALAPPDATA%\bvyvbvyb%LOCALAPPDATA%\bvyvbvyf%LOCALAPPDATA%\bvyvcvbb%LOCALAPPDATA%\bvyvdvag%LOCALAPPDATA%\bvyvdvyh%LocalAppData%\SearchProtect%PROGRAMFILES%\GuardboxEngine%PROGRAMFILES%\NextSearch%PROGRAMFILES%\ORBTR%PROGRAMFILES%\Search-Protect%PROGRAMFILES%\SearchProtect%PROGRAMFILES%\Setup Support for SearchProtect%PROGRAMFILES(x86)%\GuardboxEngine%PROGRAMFILES(x86)%\NextSearch%PROGRAMFILES(x86)%\ORBTR%PROGRAMFILES(x86)%\Search-Protect%PROGRAMFILES(x86)%\SearchProtect%PROGRAMFILES(x86)%\Setup Support for SearchProtect%PROGRAMFILES(x86)%\sp-downloader%USERPROFILE%\Configuración local\Datos de programa\SearchProtect%USERPROFILE%\Configurações Locais\Dados de aplicativos\SearchProtect%USERPROFILE%\Impostazioni locali\Dati applicazioni\SearchProtect%USERPROFILE%\Local Settings\Application Data\avabvbxvh%USERPROFILE%\Lokale Einstellungen\Anwendungsdaten\SearchProtect%USERPROFILE%\Ustawienia lokalne\Dane aplikacji\SearchProtect%UserProfile%\Local Settings\Application Data\GuardboxEngine%UserProfile%\Local Settings\Application Data\SearchProtect%UserProfile%\Local Settings\Application Data\avaavaevy%UserProfile%\Local Settings\Application Data\avaavxvyex%UserProfile%\Local Settings\Application Data\avabvbavad%UserProfile%\Local Settings\Application Data\avabvexvac%UserProfile%\Local Settings\Application Data\avaxvbxvgx%UserProfile%\Local Settings\Application Data\avayvaxxvae%UserProfile%\Local Settings\Application Data\avayvxvaxc%UserProfile%\Local Settings\Application Data\bvxvbvef%UserProfile%\Local Settings\Application Data\bvxvdxvx%UserProfile%\Local Settings\Application Data\bvxvexvbg%UserProfile%\Local Settings\Application Data\bvxvgxvyy%UserProfile%\Local Settings\Application Data\bvxvhxvh%UserProfile%\Local Settings\Application Data\bvxvyxvec%UserProfile%\Local Settings\Application Data\bvxvyxxvcy%WINDIR%\SysWOW64\config\systemprofile\AppData\Local\SearchProtect%WINDIR%\System32\config\systemprofile\AppData\Local\SearchProtect%WinDir%\SysWOW64\SearchProtect%WinDir%\System32\SearchProtect
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.