Browse to Save or Browse2save Problem

[Ladeyelaine]

1. Tried to uninstall “Browse to Save” program from my control panel but could not find “Browse to Save” program to uninstall
2. Tried to Remove “Browse to Save” extension from my browser (Firefox & Internet Explorer) but could not find the extension or add on.
3. Tried to Remove “Browse to Save” registry keys with AdwCleaner.
4. Ran a scan with Malwarebytes Anti-Malware
5. Double checked my system for any left over infections with HitmanPro


I follwed the steps as directed on
http://malwaretips.com/blogs/browse-to-save-ads/

but I still cannot get rid of BROWSE2SAVE or BROWSE TO SAVE

 

[Fiery]

RE: Get Rid of Browse2save

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Goto Start > Control panel > Uninstall a program. Under the list, see if AOL is there. If so, remove it. Next

Open OTL. Under custom scan/fixes, copy and paste the following:

tl
IE - HKLM\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbrowsing.com/search/?uid=af283da561910f7c3683398b102fc250&o=1&pid=100&v=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbrowsing.com/search/?uid=af283da561910f7c3683398b102fc250&o=1&pid=100&v=1&q={searchTerms}
[2012/12/31 16:15:09 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\tuedag00.default\extensions\50e200b7c587f@50e200b7c58b8.com
CHR - default_search_provider: SearchBrowsing (Enabled)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AEFB89F-09C9-449B-9AC9-ACBE1AF9DD01}: DhcpNameServer = 10.0.0.5


:Files
C:\Windows\System32\roboot.exe
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

<hr>

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[Ladeyelaine]

RE: Get Rid of Browse2save

Hi and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

Before we start:

• Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
• Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
• Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
• Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
• The absence of symptoms does not mean your PC is fully disinfected.
• If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
• Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Goto Start > Control panel > Uninstall a program. Under the list, see if AOL is there. If so, remove it. Next

Open OTL. Under custom scan/fixes, copy and paste the following:

tl
IE - HKLM\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbrowsing.com/search/?uid=af283da561910f7c3683398b102fc250&o=1&pid=100&v=1&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\..\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}: "URL" = http://www.searchbrowsing.com/search/?uid=af283da561910f7c3683398b102fc250&o=1&pid=100&v=1&q={searchTerms}
[2012/12/31 16:15:09 | 000,000,000 | ---D | M] (SaveAs) -- C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\tuedag00.default\extensions\50e200b7c587f@50e200b7c58b8.com
CHR - default_search_provider: SearchBrowsing (Enabled)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AEFB89F-09C9-449B-9AC9-ACBE1AF9DD01}: DhcpNameServer = 10.0.0.5


:Files
C:\Windows\System32\roboot.exe
ipconfig /flushdns /c

:Commands
[EMPTYTEMP]
[RESETHOSTS]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

<hr>

Please download Junkware Removal Tool to your desktop from here

• Turn off your antivirus software now to avoid potential conflicts
• Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
• The tool will open and start scanning your system
• Please be patient as this can take a while to complete depending on your system's specifications
• On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
• Post the contents of JRT.txt into your next reply

 

[Ladeyelaine]

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a085852-6757-4e38-8874-40baece5c3ae}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7a085852-6757-4e38-8874-40baece5c3ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a085852-6757-4e38-8874-40baece5c3ae}\ not found.
Folder C:\Users\LISA\AppData\Roaming\Mozilla\Firefox\Profiles\tuedag00.default\extensio​ns\50e200b7c587f@50e200b7c58b8.com\ not found.
Use Chrome's Settings page to remove the default_search_provider items.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4AEFB89F-09C9-449B-9AC9-ACBE1AF9DD01}\\DhcpNameServer| /E : value set successfully!
========== FILES ==========
C:\Windows\System32\roboot.exe moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\LISA\Downloads\cmd.bat deleted successfully.
C:\Users\LISA\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jeff
->Temp folder emptied: 4879905 bytes
->Temporary Internet Files folder emptied: 981160 bytes
->FireFox cache emptied: 58624041 bytes
->Flash cache emptied: 492 bytes

User: LISA
->Temp folder emptied: 5436323 bytes
->Temporary Internet Files folder emptied: 13395121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 315877496 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5414 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1590217 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 382.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 03152013_113923

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
**********************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.1 (03.12.2013:1)
OS: Windows 7 Professional x86
Ran by LISA on Fri 03/15/2013 at 11:57:41.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\winzip registry optimizer"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\LISA\AppData\Roaming\mozilla\firefox\profiles\tuedag00.default\extensions\50e200b7c587f@50e200b7c58b8.com
Successfully deleted: [Folder] C:\Users\LISA\AppData\Roaming\mozilla\firefox\profiles\tuedag00.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
Successfully deleted the following from C:\Users\LISA\AppData\Roaming\mozilla\firefox\profiles\tuedag00.default\prefs.js

user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_
user_pref("aol_toolbar.curtain.congrats", "curtain");
user_pref("aol_toolbar.default.homepage.check", false);
user_pref("aol_toolbar.default.homepage.protection", false);
user_pref("aol_toolbar.default.homepage.url", "");
user_pref("aol_toolbar.default.search.check", false);
user_pref("aol_toolbar.firsttime.showwindow", false);
user_pref("aol_toolbar.guid", "{ECDD2B09-24AD-9910-828E-E277FB56A3E8}");
user_pref("aol_toolbar.install.distroid", "aol");
user_pref("aol_toolbar.install.homepage.label", "AOL.com");
user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9183");
user_pref("aol_toolbar.install.lid", "hyplognew00000010");
user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
user_pref("aol_toolbar.install.ncid", "");
user_pref("aol_toolbar.metrics.activestampdate", "15");
user_pref("aol_toolbar.metrics.activestampmonth", "2");
user_pref("aol_toolbar.metrics.activestampyear", "2013");
user_pref("aol_toolbar.metrics.log", false);
user_pref("aol_toolbar.metrics.originalDate", "15");
user_pref("aol_toolbar.metrics.originalHours", "5");
user_pref("aol_toolbar.metrics.originalMinutes", "0");
user_pref("aol_toolbar.metrics.originalMonth", "3");
user_pref("aol_toolbar.metrics.originalSeconds", "0");
user_pref("aol_toolbar.metrics.originalYear", "2013");
user_pref("aol_toolbar.relatednews.enabled", false);
user_pref("aol_toolbar.remote.publish.xml", "1363366777763");
user_pref("aol_toolbar.reset.flag", "3");
user_pref("aol_toolbar.reset.style", "A");
user_pref("aol_toolbar.resetprompt.daily.num", "1");
user_pref("aol_toolbar.resetprompt.daily.timestamp", "1363365873523");
user_pref("aol_toolbar.resetprompt.display.limit", "8");
user_pref("aol_toolbar.rtw.active", false);
user_pref("aol_toolbar.search.button", true);
user_pref("aol_toolbar.search.cid", "15-03-2013");
user_pref("aol_toolbar.search.instd", "20121231114916356");
user_pref("aol_toolbar.search.oid", "15-03-2013");
user_pref("aol_toolbar.search.placement", "right");
user_pref("aol_toolbar.search.populateoncomplete", false);
user_pref("aol_toolbar.search.savehistory", false);
user_pref("aol_toolbar.search.searchtype", "web");
user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
user_pref("aol_toolbar.searchengine.label", "AOL Search");
user_pref("aol_toolbar.skin.custom", false);
user_pref("aol_toolbar.surf.date", "19");
user_pref("aol_toolbar.surf.lastDate", "15");
user_pref("aol_toolbar.surf.lastMonth", "2");
user_pref("aol_toolbar.surf.lastYear", "2013");
user_pref("aol_toolbar.surf.month", "19");
user_pref("aol_toolbar.surf.prevMonth", "0");
user_pref("aol_toolbar.surf.total", "19");
user_pref("aol_toolbar.surf.week", "19");
user_pref("aol_toolbar.surf.year", "19");
user_pref("aol_toolbar.ticker.active", false);
user_pref("aol_toolbar.upgrade.showwindow", false);
user_pref("aol_toolbar.weather.degc", "3");
user_pref("aol_toolbar.weather.degf", "37");
user_pref("aol_toolbar.weather.image", "chrome://aoltoolbar/skin/weather/34.png");
user_pref("aol_toolbar.weather.locationid", "USNY0996");
user_pref("aol_toolbar.weather.metric", true);
user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Sunny");
user_pref("aol_toolbar.weather.update", "1363366777812");
user_pref("aol_toolbar.winamp.volume", "");
user_pref("extensions.50e200b7c592a.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
Emptied folder: C:\Users\LISA\AppData\Roaming\mozilla\firefox\profiles\tuedag00.default\minidumps [60 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/15/2013 at 12:02:17.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Fiery]

how's everything now?