Why wasn't I protected?

[REDACTED]

In my weekly full scan on my paid version of Avast Internet Security, it reported that I had something called win32:searchprotect-BE and it was extremely dangerous. It recommended deletion, which I tried to do, but it couldn't do that so it placed it in quarantine. How do I know this thing is actually gone? It came from some webpage called i-dressup that my daughter was on a few days ago. Apparently, it buries itself and infects and steals stuff from my computer, according to what info I've been able to find. it apparently can propagate and give totally false readings about all my computer status, etc. I also tried to find ways to get rid of it, which are all many pages long and sound like you have to be a computer guru to get through it. I am paying for this software because I wanted to extra protection to avoid this very kind of thing. Avast has alerted me many times about different things and stopped my going to a web page, etc., but this time, nothing happened ... and this is the worst infection I've ever had.

NEW
I attached all the files as instructed, but the only one I see is the aswMBR.txt why aren't the others attached?

[Asyn]

Attach your basic diagnostic logs. (MBAM, FRST and aswMBR)
Instructions: https://forum.avast.com/index.php?topic=53253.0

[Pondus]

win32:searchprotect-BE and it was extremely dangerous.

it is not, it is a PUP = Possible Unwanted Program

The Win32:SearchProtect-B [PUP] infection is used to boost advertising revenue, as in the use of blackhat SEO, to inflate a site’s page ranking in search results.

Win32:SearchProtect-B [PUP] got on your computer after you have installed a freeware software (video recording/streaming, download-managers or PDF creators) that had bundled into their installation this browser hijacker. This Potentially Unwanted Propgram is also bundled within the custom installer on many download sites (examples: CNET, Brothersoft or Softonic), so if you have downloaded a software from these websites, chances are that Win32:SearchProtect-B [PUP] was installed during the software setup process.

[TwinHeadedEagle]

Monitoring...

[Pondus]

NEW
I attached all the files as instructed, but the only one I see is the aswMBR.txt why aren't the others attached?

did you click on more attachments ?

the normal way to do this is to click on reply button and attach logs in your next reply (not edit your first post) because that is what the malware expert is waiting (monitoring)  to see

[Asyn]

NEW
I attached all the files as instructed, but the only one I see is the aswMBR.txt why aren't the others attached?

did you click on more attachments ?

Adding to Pondus' question, reread the instructions in the link I posted, you'll find it (Attaching logs) there.

[REDACTED]

Can you tell this is my first time posting on this forum? 

[Asyn]

OK, now you've to wait a bit...

[TwinHeadedEagle]

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
  
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

Code: [Select]

createsrpoint;
autoclean;
emptyclsid;
emptyalltemp;
ipconfig /flushdns >>"%temp%\log.txt";b

• Make sure that Scan All Users option is checked.
  
• Push Run Script and wait patiently. The scan may take a couple of minutes.
  
• When the scan completes, a zoek-results logfile should open in notepad.
  
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

[REDACTED]

Here is the Zoesk scan. A couple of notes, as this was scanning, I had turned off my Avast for an hour, but the scan took longer than that and the Avast came back on. I shut it down again, but wanted to let you know in case that might have a false effect on the scan results. Also, I noticed my email client is listed as Thunderbird and my browser is listed as Firefox. I signed up for this forum a while back, and that info was accurate at that time. I am using an email client called Foxmail v. 7.2 (build 7.201) and my browser is Ice Dragon v. 38.0.5 (a product of Comodo Security Solutions). I saw that there wasn't anything in the Zoesk scan that applied to these programs, and I just wanted to also let you know that. I assume my current email client and browser were not checked as a result. If I need to scan again, please let me know. Thanks.

[TwinHeadedEagle]

Yes, you actually didn't scan at all, so please do it.

[REDACTED]

The dated file is the scan I ran yesterday. The other is an update of that scan that I ran this morning.

[TwinHeadedEagle]

Excellent. How is your PC behaving now?

[REDACTED]

Great! Thanks to everyone who contributed to helping me with this problem.