Snapdo removal assistance needed
- Thread starter alm260
- Start date
- Mar 1, 2014
- 251
hello
Download and register ADWCleaner to your desktop from this direct link : http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Launch it , (For vista / 7 / 8 = > right click " to execute as administrator ") then click on "scan"
when done, click on "clean" and post C:\Adwcleaner[Sx].txt
Download and register ADWCleaner to your desktop from this direct link : http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Launch it , (For vista / 7 / 8 = > right click " to execute as administrator ") then click on "scan"
when done, click on "clean" and post C:\Adwcleaner[Sx].txt
Is that the file you need or do you need the SO on this one as well? Here it's attached if that's the one you need.
- Mar 1, 2014
- 251
Ok
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop, run it and click on "Clean" after it has verified if it's up to date
Attention : It'll close all the programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the log
Download Shortcut_Module from this link :
http://www.telecharger.sosvirus.net/download/shortcut-module/
save it to your desktop, run it and click on "Clean" after it has verified if it's up to date
Attention : It'll close all the programs opened like IE, Firefox, Word etc...
It'll give a report at the end of the scan , in C:\Shortcut_Module_date_hour.txt , after the reboot of the machine.
Attach the log
- Mar 1, 2014
- 251
same thing with this computer :
Download here: http://www.malwarebytes.org/
Click on Download
choose your language
don't modify the installation settings
put it up to date
Do not select the test pro version
Follow these instructions carefully:
Let the program work (and don't do anthing else with the computer during the scan).
At the end, click on "Show Results"
Verifies that all infected objects are checked, then click "delete"
Note: if you need to restart your computer to finish the cleaning, do it!
Post the report saved after deleting infected objects (in "reports / logs" Malwarebytes tab, the latest: mbamlog.xx.xx .. Etc ....)
Download here: http://www.malwarebytes.org/
Click on Download
choose your language
don't modify the installation settings
put it up to date
Do not select the test pro version
Follow these instructions carefully:
- Close all your running applications
- Run Malwarebyte's.
- Do a review "Complete"
Let the program work (and don't do anthing else with the computer during the scan).
At the end, click on "Show Results"
Verifies that all infected objects are checked, then click "delete"
Note: if you need to restart your computer to finish the cleaning, do it!
Post the report saved after deleting infected objects (in "reports / logs" Malwarebytes tab, the latest: mbamlog.xx.xx .. Etc ....)
I already have maleware bytes on both computers (I've used the free version for years). I'll run full scans on both and post the report log once done.
- Mar 1, 2014
- 251
Hello To see if there's no rests of infections :
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this : ("Analyse"="Run Scan" must be pressed at last after pasting the bold text which is under the picture )
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Don't post them in the forum !!!! ( they're too big )
Attach them
Download From this link OTL : http://oldtimer.geekstogo.com/OTL.exe
Save it to your desktop
If you have XP => double-click , else , right-click "Run as administrator" to launch it
configure it like this : ("Analyse"="Run Scan" must be pressed at last after pasting the bold text which is under the picture )
if a 64 bits checkbox appears let it checked.
copy/paste what is below in blue bold under "Personnalization" in OTL :
HKCU\Software
HKLM\Software
HKCU\Software\Microsoft\Command Processor /s
HKLM\Software\Microsoft\Command Processor /s
%Homedrive%\*
%Homedrive%\*.
%Userprofile%\*
%Userprofile%\*.
%Allusersprofile%\*
%Allusersprofile%\*.
%LocalAppData%\*
%LocalAppData%\*.
%Userprofile%\Local Settings\Application Data\*
%Userprofile%\Local Settings\Application Data\*.
%programFiles%\*
%programfiles%\Google\Desktop\Install /s
%programFiles%\*.
%Systemroot%\Installer\*.
%Systemroot%\Temp\*.exe /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\system32\*.in*
%systemroot%\Tasks\*
%systemroot%\Tasks\*.
%systemroot%\system32\Tasks\*
%systemroot%\system32\Tasks\*.
%systemroot%\system32\drivers\*.sy* /lockedfiles
%systemroot%\system32\config\*.exe /s
%Systemroot%\ServiceProfiles\*.exe /s
%systemroot%\system32\*.sys
dir %Homedrive%\* /S /A:L /C
msconfig
activex
/md5start
explorer.exe
winlogon.exe
wininit.exe
volsnap.sys
atapi.sys
ndis.sys
cdrom.sys
i8042prt.sys
iastor.sys
tdx.sys
netbt.sys
afd.sys
/md5stop
netsvcs
safebootminimal
safebootnetwork
CREATERESTOREPOINT
click on "Run scan" and let the tool work
At the end "notepad" will open (OTL.txt & Extras.txt)
you can find them near the OTL executable.
Don't post them in the forum !!!! ( they're too big )
Attach them
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
Uninstall Adobe reader 9 it's not up to date
===========================
Run OTL , paste this bold text under "Personnalization" and click on "Run Fix"
:OTL
FF - user.js - File not found
[2013/09/03 21:40:26 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Lindsey\AppData\Roaming\mozilla\Firefox\Profiles\ky3at393.default\extensions\{c0aa02d9-248c-40fd-8725-45f289c5226a}
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O4 - HKLM\..\Run: [SMessaging] C:\Users\Lindsey\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Lindsey\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 159441ef687747d0bcaad16f64b962ff-9f4e7b8705566ae3b0d7ec8031f95a7588a3cfe2 --CMPID 0913a File not found
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/04/20 20:05:42 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/11/22 08:10:47 | 000,000,000 | ---D | M] -- C:\Firefox
[2013/07/14 23:03:11 | 000,000,000 | ---D | M] -- C:\62eff1b25f5713d5e001a2
[2012/01/20 12:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\381BA
[2014/03/12 17:14:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG January 2013 Campaign
:reg
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78E04969-41AA-495A-8BF1-E0E1A5909549}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12D85DFB-576B-4643-A065-8FBB8B1F2EB1}]
:files
C:\Windows\Temp\*
:commands
[emptytemp]
Atttach the log
===========================
Run OTL , paste this bold text under "Personnalization" and click on "Run Fix"
:OTL
FF - user.js - File not found
[2013/09/03 21:40:26 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\Lindsey\AppData\Roaming\mozilla\Firefox\Profiles\ky3at393.default\extensions\{c0aa02d9-248c-40fd-8725-45f289c5226a}
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O4 - HKLM\..\Run: [SMessaging] C:\Users\Lindsey\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKU\S-1-5-21-2432983922-952953135-2057571521-1000\..\Run: [AVG-Secure-Search-Update_0913a] C:\Users\Lindsey\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid 159441ef687747d0bcaad16f64b962ff-9f4e7b8705566ae3b0d7ec8031f95a7588a3cfe2 --CMPID 0913a File not found
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2012/04/20 20:05:42 | 000,001,492 | ---- | M] () -- C:\user.js
[2012/11/22 08:10:47 | 000,000,000 | ---D | M] -- C:\Firefox
[2013/07/14 23:03:11 | 000,000,000 | ---D | M] -- C:\62eff1b25f5713d5e001a2
[2012/01/20 12:23:56 | 000,000,000 | ---D | M] -- C:\ProgramData\381BA
[2014/03/12 17:14:27 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG January 2013 Campaign
:reg
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{78E04969-41AA-495A-8BF1-E0E1A5909549}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12D85DFB-576B-4643-A065-8FBB8B1F2EB1}]
:files
C:\Windows\Temp\*
:commands
[emptytemp]
Atttach the log
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
- Mar 1, 2014
- 251
Similar threads
