Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser hijacker - safebrowsing.biz

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 19th, 2016, 5:17 am

I think I have a browser hijacker. I am using Google Chrome
Symptoms: the following sometimes happen
1. New tab opens as safebrowsing.biz
2. A new search bar appears below usual URL search bar and 'sucks in' text I am typing , directing me to another site, often an adult site
3. Clicking through to items form pages takes me to a random site
4. Sometimes step 3 takes me to a protection message page from my internet provider.

FRST.txt & ADDITION.txt results attached

Many thanks
You do not have the required permissions to view the files attached to this post.
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am
Advertisement
Register to Remove

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 1:00 am

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello Kerriemj and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

Last edited by capnkrunch on June 20th, 2016, 6:38 pm, edited 1 time in total.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 1:01 am

Hello Kerriemj :)

Is this computer used for business purposes, including home or small business?

Regards,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 9:11 am

No, just personal use
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 2:21 pm

Hello Kerriemj :)

Alright, let's get started then.

Registry Cleaner/Driver Updater Warning
You have a registry cleaner/optimizer (Advanced System Care 9) and a driver updater (Driver Booster) installed. These programs often do more harm than good. The Windows registry does not need to be cleaned and can handle 1000s of orphaned entries without any performance impact. On the other hand, one wrong change or deletion could result in your computer becoming unbootable.

Drivers generally do not need to be updated unless there is a good reason to do so. Driver updaters are dangerous because installing the wrong driver can cause your hardware to stop interacting with your system properly. I have personally seen several instances where driver updaters have screwed up people's network cards so bad that a reinstall of Windows was the only way to solve the problem.

In light of this, I strongly recommend that you uninstall these programs and have included instructions to do so below. For more information see (both from the Malwarebytes Unpacked blog):
Registry Cleaners: Digital Snake Oil
Driver Updaters: Digital Snake Oil, Part 2

Step one...

Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  • Download TCRB from HERE and save it to your Desktop.
  • Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  • Launch TCRB.
  • Click the Backup Registry tab and make sure all the boxes are checked.
  • Click on Backup Now.
  • Once the backup is finished you can now exit the program.

STOP! If you were not able to successfully make a backup with TCRB do not continue. Please report back with what happened so we can get it figured out. Otherwise continue to step two.

Step two...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    Advanced SystemCare 9
    Driver Booster 3.4
    IObit Malware Fighter 3
    IObit Uninstaller
    Java 8 Update 60
    Smart Defrag 5
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Step three...

AdwCleaner - Scan Only
  • Please download AdwCleaner by Xplode save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Do not attempt to clean anything at this point.
  • Click on the Logfile button.
  • This will open a file, AdwCleaner[S1].txt. Copy and paste the contents of that logfile in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Your decision about registry cleaners and driver updaters
  • Were you able to make a backup with TCRB?
  • AdwCleaner[S1].txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 3:04 pm

- no problem with instructions
- have uninstalled all as advised
- made a back up with TCRB
- changes in computer YES, routes to safebrowsing.biz or another unwanted site everytime I open browser now instead of just sometimes, and routes me to unwanted sites much more frequently when I click on links
- AdwCleaner[S1].txt:

# AdwCleaner v5.200 - Logfile created 20/06/2016 at 19:53:05
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Kerrie - LENNY
# Running from : C:\Users\Kerrie\Desktop\adwcleaner_5.200.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

Service Found : WtuSystemSupport
Service Found : vToolbarUpdater40.3.1

***** [ Folders ] *****

Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar
Folder Found : C:\ProgramData\pokki
Folder Found : C:\ProgramData\avg web tuneup
Folder Found : C:\ProgramData\Avg_Update_0316av
Folder Found : C:\ProgramData\eab878a7-1a01-0
Folder Found : C:\ProgramData\eab878a7-2875-1
Folder Found : C:\ProgramData\Application Data\AVG Secure Search
Folder Found : C:\ProgramData\Application Data\AVG Security Toolbar
Folder Found : C:\ProgramData\Application Data\pokki
Folder Found : C:\ProgramData\Application Data\avg web tuneup
Folder Found : C:\ProgramData\Application Data\Avg_Update_0316av
Folder Found : C:\ProgramData\Application Data\eab878a7-1a01-0
Folder Found : C:\ProgramData\Application Data\eab878a7-2875-1
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
Folder Found : C:\Program Files (x86)\LenovoBrowserGuard
Folder Found : C:\Program Files (x86)\avg web tuneup
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Users\Kerrie\AppData\Local\LenovoBrowserGuard
Folder Found : C:\Users\Kerrie\AppData\Local\PackageAware
Folder Found : C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
Folder Found : C:\Users\Kerrie\AppData\Local\avg web tuneup
Folder Found : C:\Users\Kerrie\AppData\LocalLow\avg web tuneup
Folder Found : C:\Users\Kerrie\AppData\Roaming\RHEng
Folder Found : C:\Users\Kerrie\AppData\Roaming\SpringFiles
Folder Found : C:\Program Files\avg web tuneup
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Users\Default User\AppData\Local\Pokki
Folder Found : C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
File Found : C:\Users\Kerrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
File Found : C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\extensions\Avg@toolbar.xpi
File Found : C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\searchplugins\avg-secure-search.xml

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : SweetLabs App Platform
Task Found : 0316tbUpdateInfo
Task Found : 0316tbUpdateInfo

***** [ Registry ] *****

Key Found : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Found : HKCU\Software\Classes\Directory\shell\pokki
Key Found : HKCU\Software\Classes\Drive\shell\pokki
Key Found : HKCU\Software\Classes\lnkfile\shell\pokki
Key Found : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKCU\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
Key Found : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Classes\pokki
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found : HKCU\Software\SweetLabs App Platform
Key Found : HKCU\Software\System Healer
Key Found : HKLM\SOFTWARE\LenovoBrowserGuard
Key Found : HKLM\SOFTWARE\AVG Tuneup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : [x64] HKLM\SOFTWARE\AVG Secure Search
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\SweetLabs App Platform
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\System Healer
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]

***** [ Web browsers ] *****

[C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\prefs.js] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\user.js] Found : user_pref("network.hxxp.request.max-start-delay", 0);
[C:\Users\Kerrie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : uk.ask.com
[C:\Users\Kerrie\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : mysearch.avg.com
[C:\Users\Kerrie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Found : hxxp://homepage-web.com/?s=lenovo&m=home

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8055 bytes] - [20/06/2016 19:53:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8128 bytes] ##########
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 5:42 pm

Hello Kerriemj :)

The programs are questionable but not actually malware. I suggest that we remove them unless you know that you use them.

  • AVG Web TuneUp
  • Lenovo Browser Guard
  • Start Menu AKA Sweet Labs Start Menu AKA Pokki
  • Start Menu 8 (by IOBit)

Pokki is junkware preinstalled by Lenovo. It is detected as PUP (Potentially Unwanted Program) by some security vendors.

Lenovo Browser Guard is adware preinstalled by Lenovo. It belongs to the well known Conduit family of adware/hijackers.

AVG Web TuneUp has had severe security and privacy issues and will redirect searches to their AVG search service.

Start Menu 8 can display popups and ads. You already have Classic Shell installed which is an open source, ad-free start menu replacement so I don't think there's any need for this program.

I also included Surfing Protection by IOBit. This supposedly will protect your searches from being hijacked but it obviously didn't here. In addition, Firefox blocks the extension. It is less suspect than the others but I still recommend removing it.

As I said, I strongly recommend you remove all four of these programs. Instructions:

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    AVG Web TuneUp
    Lenovo Browser Guard
    Start Menu
    Start Menu 8
    Surfing Protection
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

Let me know what you want to do about these programs. It will affect the next steps as we start cleaning things up.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 6:03 pm

unable to uninstall AVG Web Tuneup - tired but it remains
cannot find Lenovo Browser Guard
Have uninstalled the others
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 6:46 pm

Hello Kerriemj :)

Don't worry about the ones you couldn't install/find, let's just keep rolling.

Step one...

AdwCleaner - Scan and Clean
  • You should still have AdwCleaner on your Desktop. If not please download it HERE.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Click on Cleaning.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot a log will open AdwCleaner[C1].txt. Copy and paste the contents of that logfile in your reply.


Step two...

FRST Fix
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-24] ()
    HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
    HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2016-04-26] (IObit)
    AppInit_DLLs: C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC64~1.DLL => No File
    SearchScopes: HKU\S-1-5-21-2310641378-1333773240-3601253655-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DE37A385-75EC-45E7-AD32-B5980DB7E7E1}&mid=dbd1bf63834a47cda1e639f8ba9a5951-251aef0b5bb942b21cf9944a92193a800548e85c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-05-11 12:21:06&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
    BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-24] (AVG)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-15] (Oracle Corporation)
    BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-24] (AVG)
    AutoConfigURL: [S-1-5-21-2310641378-1333773240-3601253655-1001] => hxxp://un-stop.info/wpad.dat?51f512566930a5fdf0c27b1c6824824511621150
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-15] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-15] (Oracle Corporation)
    FF user.js: detected! => C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\user.js [2014-12-30]
    FF SearchPlugin: C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\searchplugins\avg-secure-search.xml [2016-05-24]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-05-24]
    FF Extension: AVG Web TuneUp - C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\avg@toolbar.xpi [2016-05-24]
    FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\iobitascsurfingprotection@iobit.com [2016-01-01] [not signed]
    R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
    R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
    R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit)
    R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-16] (AVG Secure Search)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-24] ()
    R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
    2016-06-18 09:34 - 2016-06-18 09:34 - 00003010 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Kerrie)
    2016-06-16 18:53 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
    2016-06-16 14:48 - 2016-06-16 14:48 - 00001452 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2016-06-16 14:48 - 2016-06-16 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2016-06-16 14:47 - 2016-06-19 09:31 - 00002261 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
    2016-06-16 14:47 - 2016-06-16 23:32 - 00000252 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job
    2016-06-16 14:47 - 2016-06-16 15:02 - 00002248 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
    2016-06-16 14:47 - 2016-06-16 14:47 - 00003364 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
    2016-06-16 14:47 - 2016-06-16 14:47 - 00003300 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor
    2016-06-16 14:47 - 2016-06-16 14:47 - 00003212 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
    2016-06-16 14:47 - 2016-06-16 14:47 - 00003208 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
    2016-06-16 14:47 - 2016-06-16 14:47 - 00002428 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Kerrie
    2016-06-16 14:47 - 2016-06-16 14:47 - 00001250 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
    2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\WINDOWS\IObit
    2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
    2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    2016-06-14 21:33 - 2016-06-16 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
    2016-06-14 21:33 - 2016-06-14 21:33 - 00000000 ____D C:\Users\Kerrie\AppData\Roaming\SpringFiles
    2016-06-19 09:17 - 2014-12-26 19:18 - 00000000 ____D C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
    2016-06-16 15:04 - 2014-12-30 01:12 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-06-16 14:47 - 2016-01-01 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
    2016-06-16 14:47 - 2014-12-30 01:13 - 00000000 ____D C:\Users\Kerrie\AppData\LocalLow\IObit
    2016-06-16 14:47 - 2014-12-30 01:12 - 00000000 ____D C:\Users\Kerrie\AppData\Roaming\IObit
    C:\Users\Kerrie\AppData\Local\Temp\K3GYwEuk91.exe
    C:\Users\Kerrie\AppData\Local\Temp\paKTTavOGu.exe
    Task: {0703B387-979A-4D47-9F87-C51AE2CB7D0D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0E0F4513-5E96-4A7C-A2B4-0C75B25BCDF8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
    Task: {1BB3DD25-B526-45DA-806D-DBBE5DFBC12F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {1D16FF08-9C66-4B9A-AD2F-06699C6BBC6F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
    Task: {3652D8A1-D33B-4070-A85D-91D3669BDE76} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-05-06] (IObit)
    Task: {3709EA69-3A45-4763-BD46-89DF7D432896} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {3CD1D6D6-54F6-46B2-BEB3-18FC916C673C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
    Task: {3D70AA8F-C39B-470F-9BC3-186039055AE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {3F9F39EE-7484-43CD-A041-4F3B70795295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {5A5ECC60-FD89-4610-A0FE-261CBB3FB00A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
    Task: {5DF80346-D81F-4F55-9B42-A6FED89D2093} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {66121A92-721F-4EB7-AFB8-9790A28ECAF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {6933E6F7-0A72-475A-BE9C-68DFB624D0C4} - System32\Tasks\Uninstaller_SkipUac_Kerrie => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
    Task: {7F5BDAFF-AFDC-4D99-AB52-CC3ECAE454A1} - System32\Tasks\SweetLabs App Platform => C:\Users\Kerrie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)
    Task: {85C554CE-4D3E-4F1D-8E43-BB2CB7A884E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8F0A6D7F-16D1-4B07-A054-9902F35E0B53} - System32\Tasks\ASC9_SkipUac_Kerrie => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-05-16] (IObit)
    Task: {CBF9C9A1-C111-4AC8-9823-B6EC00F4549F} - \CCleanerSkipUAC -> No File <==== ATTENTION
    Task: {D0F20F99-12A7-484A-A313-F5D760018D4C} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-04-29] (IObit)
    Task: {D9AB11F9-56D2-4DC4-95E1-A8764A109A46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {DD786E67-2782-487E-8EA3-1056676B203E} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-04-18] (IObit)
    Task: {E5C8C921-F227-4806-9210-700DAC362F16} - System32\Tasks\Driver Booster SkipUAC (Kerrie) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
    Task: {F3BD4867-DB96-435A-9B89-497AA3B04922} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kerrie.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    ShortcutWithArgument: C:\Users\Kerrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    ShortcutWithArgument: C:\Users\Kerrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
    FirewallRules: [{F426FBE5-DD1D-42CF-B184-0EB863942D94}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{A2CE0339-0D4B-4131-80B8-206EE759790E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
    FirewallRules: [{36ACD960-528E-44A7-82A2-E5E50BF5BEDC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{42637095-8BD6-46F8-8FC9-D28ED09A4A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
    FirewallRules: [{CDFE346C-ADEF-4E5E-A808-B36140918F2C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    FirewallRules: [{4FB3DAE1-6574-40C9-91AC-C0FF9FF0BD5C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
    Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION
    
    C:\Program Files (x86)\AVG Web TuneUp
    C:\Program Files (x86)\Common Files\AVG Secure Search
    C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
    C:\Program Files\AVG Web TuneUp
    C:\Program Files (x86)\Java
    
    Folder: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
    Folder: C:\ProgramData\eab878a7-2875-1
    Folder: C:\ProgramData\eab878a7-1a01-0
    
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • AdwCleaner[C1].txt
  • Fixlog.txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 7:14 pm

step 1
# AdwCleaner v5.200 - Logfile created 21/06/2016 at 00:09:59
# Updated 14/06/2016 by ToolsLib
# Database : 2016-06-20.3 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Kerrie - LENNY
# Running from : C:\Users\Kerrie\Desktop\adwcleaner_5.200.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.3.1

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\ProgramData\Avg_Update_0316av
[-] Folder Deleted : C:\ProgramData\eab878a7-1a01-0
[-] Folder Deleted : C:\ProgramData\eab878a7-2875-1
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Security Toolbar
[#] Folder Deleted : C:\ProgramData\Application Data\pokki
[#] Folder Deleted : C:\ProgramData\Application Data\avg web tuneup
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0316av
[#] Folder Deleted : C:\ProgramData\Application Data\eab878a7-1a01-0
[#] Folder Deleted : C:\ProgramData\Application Data\eab878a7-2875-1
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
[-] Folder Deleted : C:\Program Files (x86)\LenovoBrowserGuard
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Kerrie\AppData\Local\LenovoBrowserGuard
[-] Folder Deleted : C:\Users\Kerrie\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
[-] Folder Deleted : C:\Users\Kerrie\AppData\Local\avg web tuneup
[-] Folder Deleted : C:\Users\Kerrie\AppData\LocalLow\avg web tuneup
[-] Folder Deleted : C:\Users\Kerrie\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Kerrie\AppData\Roaming\SpringFiles
[-] Folder Deleted : C:\Program Files\avg web tuneup
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Users\Default User\AppData\Local\Pokki
[#] Folder Deleted : C:\Users\Default\AppData\Local\Pokki

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml
[-] File Deleted : C:\Users\Kerrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] File Deleted : C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\extensions\Avg@toolbar.xpi

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : SweetLabs App Platform
[-] Task Deleted : 0316tbUpdateInfo
[-] Task Deleted : 0316tbUpdateInfo

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WtuServer.WtuServerObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4BC8AD89-AC5F-4DBD-A38F-C355C7DD33D7}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\SweetLabs App Platform
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKLM\SOFTWARE\LenovoBrowserGuard
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LenovoBrowserGuard
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Value Deleted : HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\prefs.js] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\user.js] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Users\Kerrie\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com
[-] [C:\Users\Kerrie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://homepage-web.com/?s=lenovo&m=home

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [7304 bytes] - [21/06/2016 00:09:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [8215 bytes] - [20/06/2016 19:53:05]
C:\AdwCleaner\AdwCleaner[S2].txt - [7496 bytes] - [21/06/2016 00:09:09]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7523 bytes] ##########
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 7:22 pm

sorry, accidentally posted twice

Save it next to FRST64.exe as fixlist.txt - do I just save it as fixlist.txt in the downloads directory where FRST64 is? Bit confused exactly where to save to

thanks
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby capnkrunch » June 20th, 2016, 7:25 pm

Hello Kerriemj :)

Sorry my instructions were unclear. Yes save fixlog.txt in Downloads. FRST64.exe and fixlog.txt must be in the same directory for the fix to run.

Regards,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 7:33 pm

ran FRST64 scan, but the window just disappeared & I did not get a reboot prompt
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 7:39 pm

FRST64 seems to have disappeared from the downloads folder!
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am

Re: Browser hijacker - safebrowsing.biz

Unread postby Kerriemj » June 20th, 2016, 7:48 pm

Sorted! Was being a bit dim!
fixlog.txt:
Fix result of Farbar Recovery Scan Tool (x64) Version: 19-06-2016 01
Ran by Kerrie (2016-06-21 00:40:52) Run:2
Running from C:\Users\Kerrie\Downloads\FRST-OlderVersion
Loaded Profiles: Kerrie (Available Profiles: Kerrie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [1941064 2016-05-24] ()
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5893920 2015-11-12] (IObit)
HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2016-04-26] (IObit)
AppInit_DLLs: C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC64~1.DLL => No File
SearchScopes: HKU\S-1-5-21-2310641378-1333773240-3601253655-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={DE37A385-75EC-45E7-AD32-B5980DB7E7E1}&mid=dbd1bf63834a47cda1e639f8ba9a5951-251aef0b5bb942b21cf9944a92193a800548e85c&lang=en&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2015-05-11 12:21:06&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-24] (AVG)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-15] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.3.1.831\AVG Web TuneUp.dll [2016-05-24] (AVG)
AutoConfigURL: [S-1-5-21-2310641378-1333773240-3601253655-1001] => hxxp://un-stop.info/wpad.dat?51f5125669 ... 4511621150
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.1\\npsitesafety.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-15] (Oracle Corporation)
FF user.js: detected! => C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\user.js [2014-12-30]
FF SearchPlugin: C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\searchplugins\avg-secure-search.xml [2016-05-24]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2016-05-24]
FF Extension: AVG Web TuneUp - C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\avg@toolbar.xpi [2016-05-24]
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\iobitascsurfingprotection@iobit.com [2016-01-01] [not signed]
R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-11-04] (IObit)
R2 SMService; C:\program files (x86)\iobit\Classic Start\SMService.exe [1056544 2015-11-06] (IObit)
R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-05-16] (AVG Secure Search)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [972872 2016-05-24] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2015-03-25] (IObit.com)
2016-06-18 09:34 - 2016-06-18 09:34 - 00003010 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Kerrie)
2016-06-16 18:53 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-06-16 14:48 - 2016-06-16 14:48 - 00001452 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-06-16 14:48 - 2016-06-16 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-06-16 14:47 - 2016-06-19 09:31 - 00002261 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-06-16 14:47 - 2016-06-16 23:32 - 00000252 _____ C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job
2016-06-16 14:47 - 2016-06-16 15:02 - 00002248 _____ C:\Users\Public\Desktop\Driver Booster 3.lnk
2016-06-16 14:47 - 2016-06-16 14:47 - 00003364 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2016-06-16 14:47 - 2016-06-16 14:47 - 00003300 _____ C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor
2016-06-16 14:47 - 2016-06-16 14:47 - 00003212 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2016-06-16 14:47 - 2016-06-16 14:47 - 00003208 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2016-06-16 14:47 - 2016-06-16 14:47 - 00002428 _____ C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Kerrie
2016-06-16 14:47 - 2016-06-16 14:47 - 00001250 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\WINDOWS\IObit
2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2016-06-16 14:47 - 2016-06-16 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-06-14 21:33 - 2016-06-16 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles
2016-06-14 21:33 - 2016-06-14 21:33 - 00000000 ____D C:\Users\Kerrie\AppData\Roaming\SpringFiles
2016-06-19 09:17 - 2014-12-26 19:18 - 00000000 ____D C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
2016-06-16 15:04 - 2014-12-30 01:12 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-16 14:47 - 2016-01-01 13:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
2016-06-16 14:47 - 2014-12-30 01:13 - 00000000 ____D C:\Users\Kerrie\AppData\LocalLow\IObit
2016-06-16 14:47 - 2014-12-30 01:12 - 00000000 ____D C:\Users\Kerrie\AppData\Roaming\IObit
C:\Users\Kerrie\AppData\Local\Temp\K3GYwEuk91.exe
C:\Users\Kerrie\AppData\Local\Temp\paKTTavOGu.exe
Task: {0703B387-979A-4D47-9F87-C51AE2CB7D0D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0E0F4513-5E96-4A7C-A2B4-0C75B25BCDF8} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {1BB3DD25-B526-45DA-806D-DBBE5DFBC12F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1D16FF08-9C66-4B9A-AD2F-06699C6BBC6F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3652D8A1-D33B-4070-A85D-91D3669BDE76} - System32\Tasks\ASC9_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-05-06] (IObit)
Task: {3709EA69-3A45-4763-BD46-89DF7D432896} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3CD1D6D6-54F6-46B2-BEB3-18FC916C673C} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2016-05-18] (IObit)
Task: {3D70AA8F-C39B-470F-9BC3-186039055AE3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3F9F39EE-7484-43CD-A041-4F3B70795295} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5A5ECC60-FD89-4610-A0FE-261CBB3FB00A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {5DF80346-D81F-4F55-9B42-A6FED89D2093} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {66121A92-721F-4EB7-AFB8-9790A28ECAF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6933E6F7-0A72-475A-BE9C-68DFB624D0C4} - System32\Tasks\Uninstaller_SkipUac_Kerrie => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-05-12] (IObit)
Task: {7F5BDAFF-AFDC-4D99-AB52-CC3ECAE454A1} - System32\Tasks\SweetLabs App Platform => C:\Users\Kerrie\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2016-04-14] (Pokki)
Task: {85C554CE-4D3E-4F1D-8E43-BB2CB7A884E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8F0A6D7F-16D1-4B07-A054-9902F35E0B53} - System32\Tasks\ASC9_SkipUac_Kerrie => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-05-16] (IObit)
Task: {CBF9C9A1-C111-4AC8-9823-B6EC00F4549F} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D0F20F99-12A7-484A-A313-F5D760018D4C} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-04-29] (IObit)
Task: {D9AB11F9-56D2-4DC4-95E1-A8764A109A46} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DD786E67-2782-487E-8EA3-1056676B203E} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-04-18] (IObit)
Task: {E5C8C921-F227-4806-9210-700DAC362F16} - System32\Tasks\Driver Booster SkipUAC (Kerrie) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2016-05-23] (IObit)
Task: {F3BD4867-DB96-435A-9B89-497AA3B04922} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kerrie.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
ShortcutWithArgument: C:\Users\Kerrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
ShortcutWithArgument: C:\Users\Kerrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> "hxxp://safebrowsing.biz/?ssid=1465936355&a=1024132&src=sh&uuid=c9838056-fc75-4219-b83c-37f86b3eaf21"
FirewallRules: [{F426FBE5-DD1D-42CF-B184-0EB863942D94}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{A2CE0339-0D4B-4131-80B8-206EE759790E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{36ACD960-528E-44A7-82A2-E5E50BF5BEDC}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{42637095-8BD6-46F8-8FC9-D28ED09A4A45}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{CDFE346C-ADEF-4E5E-A808-B36140918F2C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{4FB3DAE1-6574-40C9-91AC-C0FF9FF0BD5C}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION

C:\Program Files (x86)\AVG Web TuneUp
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Users\Kerrie\AppData\Local\SweetLabs App Platform
C:\Program Files\AVG Web TuneUp
C:\Program Files (x86)\Java

Folder: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
Folder: C:\ProgramData\eab878a7-2875-1
Folder: C:\ProgramData\eab878a7-1a01-0

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter => value not found.
HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 9 => value not found.
"C:\PROGRA~2\LENOVO~2\LENOVO~1\bin\SPVC64~1.DLL" => Value data not found.
HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKU\S-1-5-21-2310641378-1333773240-3601253655-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.60.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.60.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll => not found.
C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\user.js => not found.
"C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\searchplugins\avg-secure-search.xml" => not found.
"C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml" => not found.
C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\avg@toolbar.xpi => not found.
C:\Users\Kerrie\AppData\Roaming\Mozilla\Firefox\Profiles\iugt7fne.default\Extensions\iobitascsurfingprotection@iobit.com => not found.
AdvancedSystemCareService9 => service not found.
IMFservice => service not found.
SMService => service not found.
vToolbarUpdater40.3.1 => service not found.
WtuSystemSupport => service not found.
UrlFilter => service not found.
"C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Kerrie)" => not found.
"C:\WINDOWS\system32\IObitSmartDefragExtension.dll" => not found.
"C:\Users\Public\Desktop\IObit Uninstaller.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller" => not found.
"C:\Users\Public\Desktop\Advanced SystemCare 9.lnk" => not found.
"C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job" => not found.
"C:\Users\Public\Desktop\Driver Booster 3.lnk" => not found.
"C:\WINDOWS\System32\Tasks\Driver Booster Scheduler" => not found.
"C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor" => not found.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Startup" => not found.
"C:\WINDOWS\System32\Tasks\SmartDefrag_Update" => not found.
"C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Kerrie" => not found.
"C:\Users\Public\Desktop\Smart Defrag 5.lnk" => not found.
C:\WINDOWS\IObit => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\SrpnFiles" => not found.
"C:\Users\Kerrie\AppData\Roaming\SpringFiles" => not found.
"C:\Users\Kerrie\AppData\Local\SweetLabs App Platform" => not found.
C:\Program Files (x86)\IObit => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3" => not found.
C:\Users\Kerrie\AppData\LocalLow\IObit => moved successfully
C:\Users\Kerrie\AppData\Roaming\IObit => moved successfully
C:\Users\Kerrie\AppData\Local\Temp\K3GYwEuk91.exe => moved successfully
C:\Users\Kerrie\AppData\Local\Temp\paKTTavOGu.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0703B387-979A-4D47-9F87-C51AE2CB7D0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0703B387-979A-4D47-9F87-C51AE2CB7D0D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E0F4513-5E96-4A7C-A2B4-0C75B25BCDF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E0F4513-5E96-4A7C-A2B4-0C75B25BCDF8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1BB3DD25-B526-45DA-806D-DBBE5DFBC12F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BB3DD25-B526-45DA-806D-DBBE5DFBC12F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D16FF08-9C66-4B9A-AD2F-06699C6BBC6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D16FF08-9C66-4B9A-AD2F-06699C6BBC6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3652D8A1-D33B-4070-A85D-91D3669BDE76} => key not found.
C:\WINDOWS\System32\Tasks\ASC9_PerformanceMonitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_PerformanceMonitor => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3709EA69-3A45-4763-BD46-89DF7D432896}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3709EA69-3A45-4763-BD46-89DF7D432896}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD1D6D6-54F6-46B2-BEB3-18FC916C673C} => key not found.
C:\WINDOWS\System32\Tasks\Driver Booster Scheduler => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D70AA8F-C39B-470F-9BC3-186039055AE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D70AA8F-C39B-470F-9BC3-186039055AE3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F9F39EE-7484-43CD-A041-4F3B70795295}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F9F39EE-7484-43CD-A041-4F3B70795295}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5A5ECC60-FD89-4610-A0FE-261CBB3FB00A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A5ECC60-FD89-4610-A0FE-261CBB3FB00A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DF80346-D81F-4F55-9B42-A6FED89D2093}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DF80346-D81F-4F55-9B42-A6FED89D2093}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66121A92-721F-4EB7-AFB8-9790A28ECAF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66121A92-721F-4EB7-AFB8-9790A28ECAF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6933E6F7-0A72-475A-BE9C-68DFB624D0C4} => key not found.
C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Kerrie => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Kerrie => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F5BDAFF-AFDC-4D99-AB52-CC3ECAE454A1} => key not found.
C:\WINDOWS\System32\Tasks\SweetLabs App Platform => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SweetLabs App Platform => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85C554CE-4D3E-4F1D-8E43-BB2CB7A884E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C554CE-4D3E-4F1D-8E43-BB2CB7A884E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F0A6D7F-16D1-4B07-A054-9902F35E0B53} => key not found.
C:\WINDOWS\System32\Tasks\ASC9_SkipUac_Kerrie => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC9_SkipUac_Kerrie => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBF9C9A1-C111-4AC8-9823-B6EC00F4549F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBF9C9A1-C111-4AC8-9823-B6EC00F4549F}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0F20F99-12A7-484A-A313-F5D760018D4C} => key not found.
C:\WINDOWS\System32\Tasks\SmartDefrag_Startup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Startup => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D9AB11F9-56D2-4DC4-95E1-A8764A109A46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9AB11F9-56D2-4DC4-95E1-A8764A109A46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD786E67-2782-487E-8EA3-1056676B203E} => key not found.
C:\WINDOWS\System32\Tasks\SmartDefrag_Update => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartDefrag_Update => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5C8C921-F227-4806-9210-700DAC362F16} => key not found.
C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Kerrie) => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Kerrie) => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3BD4867-DB96-435A-9B89-497AA3B04922}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3BD4867-DB96-435A-9B89-497AA3B04922}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\WINDOWS\Tasks\ASC9_SkipUac_Kerrie.job => not found.
C:\WINDOWS\Tasks\Uninstaller_SkipUac_Kerrie.job => not found.
C:\Users\Kerrie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Kerrie\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F426FBE5-DD1D-42CF-B184-0EB863942D94} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A2CE0339-0D4B-4131-80B8-206EE759790E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{36ACD960-528E-44A7-82A2-E5E50BF5BEDC} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{42637095-8BD6-46F8-8FC9-D28ED09A4A45} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CDFE346C-ADEF-4E5E-A808-B36140918F2C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4FB3DAE1-6574-40C9-91AC-C0FF9FF0BD5C} => value removed successfully
Lenovo Browser Guard (HKLM-x32\...\LenovoBrowserGuard) (Version: 2.14.0.129 - ClientConnect LTD) <==== ATTENTION => Error: No automatic fix found for this entry.
"C:\Program Files (x86)\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => not found.
"C:\Users\Kerrie\AppData\Local\SweetLabs App Platform" => not found.
"C:\Program Files\AVG Web TuneUp" => not found.
"C:\Program Files (x86)\Java" => not found.

========================= Folder: C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98} ========================


====== End of Folder: ======


========================= Folder: C:\ProgramData\eab878a7-2875-1 ========================

not found.

====== End of Folder: ======


========================= Folder: C:\ProgramData\eab878a7-1a01-0 ========================

not found.

====== End of Folder: ======

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 42737 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 18529944 B
Java, Flash, Steam htmlcache => 33805 B
Windows/system/drivers => 65203403 B
Edge => 22967253 B
Chrome => 451289677 B
Firefox => 4791248 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 84720 B
NetworkService => 5794 B
Kerrie => 49707025 B

RecycleBin => 12383614 B
EmptyTemp: => 596.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:41:51 ====


Everything looking so much better now

Going to browser home page reliably
Not randomly routing to other pages
Extra search bar not appearing

i am hoping perhaps this is fixed.........
Kerriemj
Active Member
 
Posts: 14
Joined: June 19th, 2016, 4:44 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware