Jump to content


Photo

snap.do malware program will not uninstall


  • This topic is locked This topic is locked
13 replies to this topic

#1 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 01:30 AM

Hi

 

My computer seems a bit slow and i havent been using malware. Avira and keeping windows 7 upto date most of the time seemed ok. Couple of people borrowed the computer and I noticed chrome had snap.do as the home page. Haven't tried to get it off chrome yet as i then noticed it is an installed program that I can uninstall.

 

So I imagine my computer is in average health and needs general tuning up I definately need help to get rid of snap.do.

 

(I just noticed that the java and adobe reader are out of date so i get that fixed now)

 

Here are the logs. There are 2 mbam logs as the computer crashed from over heating during the restart first run. they are in order

 

MBAM 1

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.26.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Si :: NOBLET [administrator]

Protection: Enabled

26/03/2013 12:31:42
mbam-log-2013-03-26 (12-31-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231307
Time elapsed: 9 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> No action taken.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> No action taken.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> No action taken.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> No action taken.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> No action taken.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> No action taken.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> No action taken.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> No action taken.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> No action taken.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> No action taken.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> No action taken.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: ; C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 -> No action taken.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> No action taken.

Files Detected: 19
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> No action taken.
C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> No action taken.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> No action taken.
C:\Windows\System32\Hindu Gods Coolbuddy.scr (Trojan.Bifrost) -> Quarantined and deleted successfully.

(end)
 

MBAM 2

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.26.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Si :: NOBLET [administrator]

Protection: Enabled

26/03/2013 13:13:30
mbam-log-2013-03-26 (13-13-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230954
Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 12
HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Quarantined and deleted successfully.
HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Quarantined and deleted successfully.

Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: ; C:\Program Files\BrowserCompanion\BCHelper.exe /T=3 -> Quarantined and deleted successfully.
HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.
HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Data: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Program Files\BrowserCompanion (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Quarantined and deleted successfully.

Files Detected: 18
C:\Program Files\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\blabbers-ff-full.xpi (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\jsloader.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\logo.ico (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\sqlite3.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\toolbar.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\uninstall.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\updater.ini (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Program Files\BrowserCompanion\widgetserv.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Si\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Quarantined and deleted successfully.

(end)
 

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470  BrowserJavaVersion: 10.11.2
Run by Si at 14:18:06 on 2013-03-26
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.44.1033.18.3247.2065 [GMT 8:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\System32\alg.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Monitor Off Utility\monoff.exe
C:\Users\Si\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Users\Si\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 10\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\netsh.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-225ba1a693b6&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-225ba1a693b6&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-225ba1a693b6&searchtype=ds&q={searchTerms}
mStart Page = about:blank
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-225ba1a693b6&searchtype=ds&q={searchTerms}
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Snap.DoEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - <orphaned>
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [AdobeBridge] ;
uRun: [Dekisoft Monitor Off Utility] c:\program files\monitor off utility\monoff.exe
uRun: [Google Update] "c:\users\si\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [cdloader] "c:\users\si\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] ; "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Facebook Update] ; "c:\users\si\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [PLFSetL] c:\windows\\PLFSetL.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AdobeCS4ServiceManager] ; "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] ; "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] ; "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [DivXUpdate] ; "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] ; "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\si\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\users\si\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Bejeweled%203/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Plants%20vs.%20Zombies%20-%20Game%20of%20the%20Year%20Edition/Images/armhelper.ocx
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{3EE626B3-EE76-4364-9426-11EB736C7C23} : DHCPNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{3EE626B3-EE76-4364-9426-11EB736C7C23}\0525F4C496E4B4F58453030313E4F52316334693 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{3EE626B3-EE76-4364-9426-11EB736C7C23}\35162696E61635579647563733274664C6F6F627 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{3EE626B3-EE76-4364-9426-11EB736C7C23}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3EE626B3-EE76-4364-9426-11EB736C7C23}\D61636361647471636B6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C815741E-8677-41E1-9B0D-8CA78D78C679} : DHCPNameServer = 203.144.207.49 203.144.207.29
TCP: Interfaces\{C815741E-8677-41E1-9B0D-8CA78D78C679}\45F445F57596D26496 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{C815741E-8677-41E1-9B0D-8CA78D78C679}\C457163757B67596D26496 : DHCPNameServer = 192.168.2.254
TCP: Interfaces\{C815741E-8677-41E1-9B0D-8CA78D78C679}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\si\appdata\roaming\mozilla\firefox\profiles\6d7to448.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=mkg030&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.http - 203.177.42.214
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\si\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\si\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\si\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-3 36552]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-2-6 26248]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-11-3 86752]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-11-3 110816]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-3 83944]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2013-2-6 68464]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2010-3-2 32256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-26 21104]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-3-4 14216]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-3-4 8456]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2013-2-6 204288]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2013-2-6 101504]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-1-24 14848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-1-24 49664]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-26 05:46:40    768000    ----a-w-    c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-03-26 04:29:01    --------    d-----w-    c:\users\si\appdata\roaming\Malwarebytes
2013-03-26 04:28:45    --------    d-----w-    c:\programdata\Malwarebytes
2013-03-26 04:28:43    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-03-26 04:28:43    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-03-26 00:17:06    --------    d-----w-    c:\program files\Mozilla Firefox 4.0 Beta 10
2013-03-25 23:57:05    17280    ----a-w-    c:\windows\system32\roboot.exe
2013-03-25 23:57:03    --------    d-----w-    c:\users\si\appdata\roaming\systweak
2013-03-25 23:56:54    81920    ----a-w-    c:\windows\eSellerateControl350.dll
2013-03-25 23:56:54    356352    ----a-w-    c:\windows\eSellerateEngine.dll
2013-03-25 23:56:54    274432    ----a-w-    c:\windows\system32\ssleay32.dll
2013-03-25 23:56:54    1122304    ----a-w-    c:\windows\system32\libeay32.dll
2013-03-25 23:56:53    --------    d-----w-    c:\program files\Snap Toolbar Removal Tool
2013-03-25 22:52:46    169984    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-25 22:52:26    187752    ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-25 22:52:26    1293672    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-03-25 22:52:23    3967848    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-25 22:52:23    3913064    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-25 22:52:20    2347008    ----a-w-    c:\windows\system32\win32k.sys
.
==================== Find3M  ====================
.
2013-03-25 23:58:27    73432    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-25 23:58:27    693976    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-12 04:48:31    474112    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26    2176512    ----a-w-    c:\windows\apppatch\AcGenral.dll
2013-02-09 23:08:57    42295    ----a-w-    c:\windows\system32\uninstall.exe
2013-02-05 21:09:08    74703    ----a-w-    c:\windows\system32\mfc45.dat
2013-02-02 03:38:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-02-02 03:30:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-02-02 03:30:21    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-02-02 03:26:47    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-02-02 03:26:21    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-02-02 03:23:28    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-01-11 19:30:20    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 14:19:26.49 ===============
 

Security Check

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java™ 6 Update 35  
 Java 7 Update 11  
 Java version out of Date!
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 10.1.5 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2)
 Google Chrome 23.0.1271.64  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#2 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 01:32 AM

One other thing...windows update is failing with a few of the selected items to install... 8 items on last update failed



#3 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 26 March 2013 - 11:51 AM

Hello simon255.

Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

After that:
Delete folder 'c:\program files\Snap Toolbar Removal Tool' if it is still present.
 

 

Then please scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • Let me know if any problems remain.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#4 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 06:47 PM

Thank you for that... I will do that now

 

I updated java and adobe acrobat reader. here is log. But although adobe confirm it is up to date the log shows it isnt

 

 Results of screen317's Security Check version 0.99.61  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java 7 Update 17  
 Adobe Flash Player     11.6.602.180  
 Adobe Reader 10.1.6 Adobe Reader out of Date!  
 Mozilla Firefox (19.0.2)
 Google Chrome 23.0.1271.64  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Avira Antivir avgnt.exe
 Avira Antivir avguard.exe
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 iolo Common Lib ioloServiceManager.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#5 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 06:48 PM

sorry..... also the previous java has been uninstalled



#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 26 March 2013 - 07:24 PM

Can I see the AdwCleaner log, please? Also the ESET log if it found anything.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 08:59 PM

Hi Mother Lion

 

Snap.do and snap.do engine still remain in the program list in control panel, i didnt attempt unistall yet. also i didnt change any browser setting yet. firefox and ie seem ok, chrome settings have been hijacked.

 

Here is first log for ADW - the ESET taking a while... post that in a bit

 

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 07:52:25
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : Si - NOBLET
# Boot Mode : Normal
# Running from : C:\Users\Si\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Si\AppData\Roaming\Mozilla\Firefox\Profiles\6d7to448.default\searchplugins

\Messenger Plus Smartbar Search.xml
File Deleted : C:\Windows\system32\Uninstall.exe
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Si\AppData\Local\Google\Chrome\User Data\Default\Extensions

\amfclgbdpgndipgoegfpkkgobahigbcl
Folder Deleted : C:\Users\Si\AppData\Local\Smartbar
Folder Deleted : C:\Users\Si\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\Si\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Si\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Si\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Si\AppData\LocalLow\Smartbar
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-

4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-

A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-

90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-

0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-

7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-

90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-

0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-

466F52E918B0}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BrowserCompanion
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-

4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-

A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-

9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-

892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes

\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components

\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products

\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-

96357B70F4FE}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-

A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-

0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-

4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-

225ba1a693b6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-

225ba1a693b6&searchtype=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-

225ba1a693b6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] =

hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-

225ba1a693b6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] =

hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-3306-416b-bc95-

225ba1a693b6&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-GB)

File : C:\Users\Si\AppData\Roaming\Mozilla\Firefox\Profiles\59qjoak9.default\prefs.js

[OK] File is clean.

File : C:\Users\Si\AppData\Roaming\Mozilla\Firefox\Profiles\6d7to448.default\prefs.js

C:\Users\Si\AppData\Roaming\Mozilla\Firefox\Profiles\6d7to448.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultthis.engineName", "uTorrentControl2 Customized Web

Search");

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Si\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.14] : homepage = "hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6[...]
Deleted [l.18] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeY[...]
Deleted [l.58] : icon_url = "hxxp://www.snap.do/favicon.ico",
Deleted [l.61] : keyword = "search.snap.do",
Deleted [l.64] : search_url = "hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0[...]
Deleted [l.1843] : homepage = "hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&co=US&userid=20f6a0e6-33[...]
Deleted [l.2217] : urls_to_restore_on_startup = [ "hxxp://feed.snap.do/?

publisher=TightropeYB&dpid=TightropeYB&c[...]

*************************

AdwCleaner[R1].txt - [12441 octets] - [27/03/2013 07:51:36]
AdwCleaner[S1].txt - [12348 octets] - [27/03/2013 07:52:25]

########## EOF - C:\AdwCleaner[S1].txt - [12409 octets] ##########
 



#8 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 09:01 PM

so far 2 threats found on ESET
.. both the same

 

a variant of win32/bundled.toolbar.ask application



#9 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 26 March 2013 - 09:12 PM

Your Chrome home page should be normal now?  A lot of snap.do has been removed.

 

When ESET finishes please totally uninstall snap.do, using the Revo Uninstaller.
Download and run the free version of Revo Uninstaller.
Set it to 'Advanced'.

Select snap.do and click Uninstall.
Revo will do this:
Step 1. Create restore point.
Step 2. Run the official snap uninstaller.

Step 3. When uninstaller finishes, click Next in Revo and it will search for remnants. Delete everything found.

You should then reboot.


If that doesn't also remove the snap.do engine, then run Revo again to uninstall that.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#10 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 26 March 2013 - 10:46 PM

Success - Thank you so much

 

The windows updates that failed I assume the system will figure that out and pick them up in the future?

 

Also Flash is unstable on here if you got any tips. Crashes every few hours.



#11 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 27 March 2013 - 12:00 AM

My Flash crashes every few days also (I use Chrome).  This page explains and the procedure helps, but only temporarily.  Still, all you have to do is refresh the page.  A nuisance but I still love my Chrome.

 

See if Revo can uninstall Snap Toolbar Removal Tool.  If not, please just delete c:\program files\Snap Toolbar Removal Tool.

 

​Windows UpdateClick the Start button, click All Programs, and then click Windows Update.  It should show the updates you don't have.  If the updates still won't install, please tell me the message you get, including any error codes.  You can try Download and install the latest Windows Update Agent


Or more complicated Service re-register. Read more: http://www.pbcomp.co...l#ixzz2OiDpup00 by Peter Bowey.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#12 simon255

simon255

    Member

  • Full Member
  • Pip
  • 46 posts

Posted 27 March 2013 - 12:30 AM

Thanks so much

 

All is fine now

 

Have a great Easter



#13 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 27 March 2013 - 12:44 AM

That's great. You have a happy Easter too.
 
 
Please clean up our tools:
Delete the DDS files and Security Check folder from your Desktop.
Run OTL and click Cleanup.
Run AdwCleaner and click Uninstall.

Advice for malware prevention:

Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.  Keep Revo.

The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.systemloo...p?type=filename

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.

For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#14 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,259 posts

Posted 31 March 2013 - 05:01 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


    Google Mobile (1)
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button