Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

snap.do possible infection check


  • Please log in to reply
13 replies to this topic

#1 nabu

nabu

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 14 January 2014 - 09:07 AM

Hi!

 

I just installed right now Win 7 home premium 64 on my notebook, but i discovered that i already caught an infection from snap.do...

I used MBAM to try to fix it but since it piss me off that i already had an infection with the brand new o.s. installed it's maybe better if someone of you help me to check if i'm clean!!

 

I post here the log for MBAM that i did before...

 

After that i choose "remove" and the second scan resulted in zero infection.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2014.01.14.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
IreAle :: NOWHERELAND [amministratore]
 
14/01/2014 13:54:54
MBAM-log-2014-01-14 (13-57-21).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 204527
Tempo impiegato: 1 minuti, 51 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 1
HKCU\SOFTWARE\SMARTBAR (PUP.Optional.SnapDo.A) -> Nessuna azione intrapresa.
 
Valori di registro rilevati: 1
HKCU\Software\Smartbar|publisher (PUP.Optional.SnapDo.A) -> Dati: SnapdoOCYB -> Nessuna azione intrapresa.
 
Voci rilevate nei dati di registro: 4
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Cattivo: (http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=IT&userid=964db139-b0e1-cb05-d348-0e6a677f4a07&searchtype=ds&q={searchTerms}&installDate=14/01/2014) Buono: (http://www.google.com) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Cattivo: (http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=IT&userid=964db139-b0e1-cb05-d348-0e6a677f4a07&searchtype=ds&q={searchTerms}&installDate=14/01/2014) Buono: (http://www.google.com) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Cattivo: (http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=IT&userid=964db139-b0e1-cb05-d348-0e6a677f4a07&searchtype=ds&q={searchTerms}&installDate=14/01/2014) Buono: (http://www.google.com) -> Nessuna azione intrapresa.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Cattivo: (http://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=IT&userid=964db139-b0e1-cb05-d348-0e6a677f4a07&searchtype=ds&q={searchTerms}&installDate=14/01/2014) Buono: (http://www.google.com) -> Nessuna azione intrapresa.
 
Cartelle rilevate: 2
C:\Users\IreAle\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.
C:\Users\IreAle\AppData\Roaming\OpenCandy\539EB00C66C349AC89270EF3808E9856 (PUP.Optional.OpenCandy) -> Nessuna azione intrapresa.
 
File rilevati: 1
C:\Users\IreAle\AppData\Roaming\OpenCandy\539EB00C66C349AC89270EF3808E9856\Installer.exe (PUP.Optional.Linkury.A) -> Nessuna azione intrapresa.
 
(fine)
 


BC AdBot (Login to Remove)

 


#2 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 January 2014 - 09:50 AM

Nessuna azione intrapresa.>>>>>>>>>> No action taken.

 

 

You need to re-run malwarebytes and this time select all items for removal.

 

Post back only  a clean log from malwarebytes.
 

 

Run an online scan with emisoft online scanner use internet explorer.

http://ax.emsisoft.com/default.aspx?scan=1&l=

 

Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please attach the JRT log.


Please download AdwCleanerby Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


#3 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 14 January 2014 - 06:30 PM

MBAM: http://pastebin.com/KP65V85w

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by IreAle on 14/01/2014 at 18:21:46,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.bandobjectattribute
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.dockingpanel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.iesmartbarbandobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbardisplaystate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iesmartbar.smartbarmenuform
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\IreAle\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/01/2014 at 18:25:51,93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
# AdwCleaner v3.017 - Report created 14/01/2014 at 18:45:09
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : IreAle - NOWHERELAND
# Running from : C:\Users\IreAle\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\IreAle\Desktop\Search.lnk
Shortcut Disinfected : C:\Users\IreAle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\Applications\lollipop.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKLM\Software\Headlight
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [3067 octets] - [14/01/2014 18:30:18]
AdwCleaner[S0].txt - [2663 octets] - [14/01/2014 18:45:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2723 octets] ##########
 
 
 
 
 
 
Still coming out snap.do on chrome and as well some snap.do pop ups coming out....


#4 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 14 January 2014 - 10:05 PM

Can you re-run MBAM and update do a quick scan post the log.

 

 

Please download HitmanPro. to your desktop.

  • Launch the program by double clicking on HitmanPro.exe. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).
  • Click on the next button. You must agree with the terms of EULA.
  • Check the box beside "No, I only want to perform a one-time scan to check this computer".
  • Click on the next button.
  • The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.
  • Click on the next button and choose the option activate free license
  • Click on the next button and the infections where will be deleted.
  • Click now on the Save Log option and save this log to your desktop.
  • Click on the next button and restart the computer.
  • Copy the information of HitmanPro_20130116_1239.log in your next reply

 

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Win 7 Vista User's Right Click and run as Admin.
Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.
Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.
Once it has finished select the Report tab.
Select the Detected threats report from the left and press the Save button.
Save it to your Desktop and post the contents in your next reply.



#5 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 15 January 2014 - 10:42 AM

Kasperky didn't find any threats!
Tryied to save the log but that's a log file of 80mb!!!!
I read in the log that many file where password protectect... i don't know why!
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Versione database: v2014.01.15.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
IreAle :: NOWHERELAND [amministratore]
 
15/01/2014 09:43:49
mbam-log-2014-01-15 (09-43-49).txt
 
Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 199211
Tempo impiegato: 1 minuti, 51 secondi
 
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
 
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
 
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
 
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
 
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
 
File rilevati: 0
(non sono stati rilevati elementi nocivi)
 
(fine)
 
 
 
 
HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : NOWHERELAND
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Nowhereland\IreAle
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)
 
   Scan date . . . . . . : 2014-01-15 14:02:10
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 44s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 1
   Traces  . . . . . . . : 28
 
   Objects scanned . . . : 905.491
   Files scanned . . . . : 10.335
   Remnants scanned  . . : 165.468 files / 729.688 keys
 
Malware _____________________________________________________________________
 
   C:\Users\IreAle\AppData\Local\Temp\n2133\LollipopInstaller_14657.exe -> Quarantined
      Size . . . . . . . : 377.856 bytes
      Age  . . . . . . . : 1.1 days (2014-01-14 11:31:50)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 9260C2057F6EEA59A670D0DC304918A3453D9D0890386E109E4DD8BE6B4EBADF
      Version  . . . . . : 1.1.1.5
      Copyright
    > Bitdefender  . . . : Gen:Variant.Zusy.76525
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
         -19.6s C:\Users\IreAle\AppData\Local\Temp\n2133\
          0.0s C:\Users\IreAle\AppData\Local\Temp\n2133\LollipopInstaller_14657.exe
 
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964\ (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467\ (FLV Player)
   HKU\S-1-5-21-221161448-2392543873-3963397863-1000\Software\Microsoft\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4\ (FLV Player)
   HKU\S-1-5-21-221161448-2392543873-3963397863-1000\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration\{AE07101B-46D4-4A98-AF68-0333EA26E113} (FLV Player)
   HKU\S-1-5-21-221161448-2392543873-3963397863-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SnapDo.exe (FLV Player)
 
Cookies _____________________________________________________________________
 
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.bleepingcomputer.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.yahoo.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:chitika.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\IreAle\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
 
 
 
 
 


#6 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 15 January 2014 - 06:48 PM

Any issues remain?



#7 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2014 - 04:06 AM

Snad.do not coming anymore! So i think i'm ok!!

 

 

Thanks so much for your help!



#8 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 16 January 2014 - 04:15 AM

Lets see one more thing please.

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


#9 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2014 - 04:29 AM

Actually i have one more sign of snap.do... on chrome when i right click on a link or a button i have in the list "copy shortened link" with the snap.do icon, and this line is in english, while my set language is Italian...



#10 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2014 - 04:31 AM

 Results of screen317's Security Check version 0.99.79  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Google Chrome 31.0.1650.63  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log`````````````````````` 


#11 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 16 January 2014 - 05:25 AM

Take a look at this.

 

 

 

 

Remove Snap.do from Google Chrome
  1. Remove Snap.do extensions from Google Chrome.
    Click the Chrome menu Chrome-button.png  button on the browser toolbar, select Tools and then click on Extensions.
    In the Extensions tab, remove (by clicking on the Recycle Bin) the Snap.do extension from your Google Chrome.
    snap-do-chrome-extension.jpg
  2. Set Google Chrome default search engine from search.snap.do to google.com .
    Click the Chrome menu Chrome-button.png button, then select Settings and click on Manage search engines in the Search section.
    In the Search Engines dialog that appears, select Google and click the Make Default button that appears in the row.
    Search for Snap.do in the Search Engines list, and click the X button that appears at the end of the row.
    Default-serach-engine-Google.png
  3. Change Google Chrome homepage from search.snap.do to its default.
    The Snap.do has modified your Google settings to open their webpage whenever you start your browser, so we will need to revert this change.
    Click the Chrome menu Chrome-button.png , then select Settings and click on One the New Tab page in the On Startup section.
    on-startup-Chrome-default.jpg

 

 

 

 

 



#12 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2014 - 05:42 AM

Ok no snap.do anymore!

 

Do you think i'm clean?

What's the "possible unwanted programs" on hitmanpro log?

 

Since i just installed now the o.s. do you suggest some improvement or updates for security?



#13 InadequateInfirmity

InadequateInfirmity

    I Gots Me A Certified Edumication


  • Banned
  • 5,180 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:31 PM

Posted 16 January 2014 - 05:46 AM

Potentially unwanted programs.

 

FLV Player

 

 

 

I am sure you are clean.

 

 

Run Ccleaner,

http://www.piriform.com/ccleaner/download/standard

Hit the option's button then settings,put a tick next to Run Ccleaner when the computer starts.Also when in options go to advanced tab and put a tick next to close program after cleaning.This will automate the temporary file removal on your machine and keep it speedy.Just do not use the registry cleaner.


Install the Web of Trust to stay safe on the net.

I also suggest SpywareBlaster to block tracking cookies etc.

I suggest that you keep malwarebytes and update it and do once a week scans with the tool.

Another thing you can do is scan with SuperAntiS pyware Online Scanner once a month.

 

Download DelFix by "Xplode" to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:
 
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore

Now click on "Run" button.
Allow the program to complete its work.
All the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt


#14 nabu

nabu
  • Topic Starter

  • Members
  • 107 posts
  • OFFLINE
  •  
  • Local time:11:31 PM

Posted 16 January 2014 - 01:44 PM

Ok thank you again!!
 
Here is the log...
 
 
# DelFix v10.6 - Logfile created 16/01/2014 at 19:42:42
# Updated 11/11/2013 by Xplode
# Username : IreAle - NOWHERELAND
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\AdwCleaner
Deleted : HKLM\SOFTWARE\AdwCleaner
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #10 [IIF_MSI | 01/13/2014 23:57:34]
Deleted : RP #12 [RAPID | 01/14/2014 09:01:05]
Deleted : RP #14 [RAPID | 01/14/2014 09:03:01]
Deleted : RP #15 [Revo Uninstaller's restore point - DriverTuner 3.1.0.1 | 01/14/2014 10:35:24]
Deleted : RP #16 [Revo Uninstaller's restore point - Lollipop | 01/14/2014 10:35:52]
Deleted : RP #17 [Installato Alcor Micro USB Card Reader | 01/14/2014 11:33:36]
Deleted : RP #18 [Installato Realtek Ethernet Controller Driver | 01/14/2014 11:36:03]
Deleted : RP #19 [Windows Update | 01/14/2014 11:43:04]
Deleted : RP #20 [Windows Update | 01/14/2014 11:52:17]
Deleted : RP #21 [Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 | 01/14/2014 12:27:00]
Deleted : RP #22 [Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 | 01/14/2014 12:27:13]
Deleted : RP #23 [OpenOffice 4.0.1 installato | 01/14/2014 12:27:40]
Deleted : RP #24 [Revo Uninstaller's restore point - Snap.Do | 01/14/2014 12:31:28]
Deleted : RP #25 [Installato IDT Audio | 01/14/2014 12:37:05]
Deleted : RP #26 [MalAware Cleaning | 01/14/2014 17:19:32]
Deleted : RP #27 [Windows Update | 01/16/2014 09:08:09]
Deleted : RP #28 [Revo Uninstaller's restore point - Snap.Do | 01/16/2014 09:15:03]
Deleted : RP #29 [Revo Uninstaller's restore point - Snap.Do Engine | 01/16/2014 09:15:49]
Deleted : RP #30 [Revo Uninstaller's restore point - Malwarebytes Anti-Malware versione 1.75.0.1300 | 01/16/2014 10:58:11]
 
New restore point created !
 
########## - EOF - ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users