Snap.do removal

[xavi1000 0]

Hi there,

 

I have Ad-Aware pro security and it is unable to detect Snap.do - Safe Finder (yahoo).

 

In regard of DDS -> "DDS is not meant to run in Compatibility Mode. This program shall now exit.

 

Any help is welcomed.

Edited September 17, 2014 by xavi1000

[CeciliaB 470]

Hi xavi1000,

 

I guess that you have Windows 8.x and then you need to use FRST instead of DDS:

 

Please, download Farbar Recovery Scan Tool (FRST) and save it on the desktop:

For 64 bits Windows: http://download.bleepingcomputer.com/farbar/FRST64.exe

For 32 bits Windows: http://download.bleepingcomputer.com/farbar/FRST.exe

 

Start the FRST program.

 

Read the disclaimer and click Yes to accept it.

Click Scan button.

When done, FRST will create two log files, called FRST.txt and Addition.txt, on the desktop.

 

Please, attach them to your reply (press More Reply Options button to see how to attach files).

[xavi1000 0]

Hi Cecilia,

 

You are right. I´m using (unfortunately) Windows 8

 

Find enclosed the two files.

 

Looking forward your feedback.

Addition.txt

FRST.txt

[CeciliaB 470]

Hi xavi1000,

 

1. Please, uninstall or update "Java 7 Update 65" since it's an old version with knows vulnerabilities that can be exploited by a web page to infect the computer.

 

2. Please, save AdwCleaner by Xplode on the desktop: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

 

Turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Report button.

A report will be displayed, copy its content and paste into your answer.

If the report isn't displayed, it exist as C:\AdwCleaner[R#].txt, where # is an ordinal number.

[xavi1000 0]

# AdwCleaner v3.310 - Reporte Creado 20/09/2014 en 12:04:59

# Actualizado 12/09/2014 por Xplode

# Sistema Operativo : Windows 8.1 (64 bits)

# Nombre de usuario : Xavi - XAVI

# Ejecutado desde : C:\Users\Xavi\Desktop\adwcleaner_3.310.exe

# Opción : Escanear

***** [ Servicios ] *****

***** [ Archivos / Carpetas ] *****

Archivo Encontrado : C:\END

Archivo Encontrado : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\default-search.xml

Archivo Encontrado : C:\Users\Xavi\AppData\Local\AnyProtectScannerSetup.exe

Archivo Encontrado : C:\Users\Xavi\AppData\Roaming\aps.uninstall.scan.results

Archivo Encontrado : C:\Users\Xavi\AppData\Roaming\Mozilla\Firefox\Profiles\hkvvf9re.default\searchplugins\default-search.xml

Archivo Encontrado : C:\Users\Xavi\AppData\Roaming\Mozilla\Firefox\Profiles\hkvvf9re.default\searchplugins\trovi-search.xml

Archivo Encontrado : C:\Users\Xavi\AppData\Roaming\Mozilla\Firefox\Profiles\hkvvf9re.default\searchplugins\Web Search.xml

Archivo Encontrado : C:\Users\Xavi\AppData\Roaming\Mozilla\Firefox\Profiles\hkvvf9re.default\user.js

Carpeta Encontrado : C:\Program Files (x86)\globalUpdate

Carpeta Encontrado : C:\Program Files (x86)\MyPC Backup

Carpeta Encontrado : C:\Program Files (x86)\predm

Carpeta Encontrado : C:\Program Files (x86)\SupTab

Carpeta Encontrado : C:\Program Files (x86)\Uniblue

Carpeta Encontrado : C:\Program Files (x86)\Uniblue\SpeedUpMyPC

Carpeta Encontrado : C:\Program Files\PCDApp

Carpeta Encontrado : C:\ProgramData\IePluginServices

Carpeta Encontrado : C:\ProgramData\WindowsMangerProtect

Carpeta Encontrado : C:\Users\Xavi\AppData\Local\globalUpdate

Carpeta Encontrado : C:\Users\Xavi\AppData\Local\LPT

Carpeta Encontrado : C:\Users\Xavi\AppData\Local\SearchProtect

Carpeta Encontrado : C:\Users\Xavi\AppData\Local\Smartbar

Carpeta Encontrado : C:\Users\Xavi\AppData\Local\Temp\Smartbar

Carpeta Encontrado : C:\Users\Xavi\AppData\LocalLow\Smartbar

Carpeta Encontrado : C:\Users\Xavi\AppData\Roaming\FirefoxToolbar

Carpeta Encontrado : C:\Users\Xavi\AppData\Roaming\pdfforge

Carpeta Encontrado : C:\Users\Xavi\Documents\Optimizer Pro

***** [ Tareas ] *****

Tarea Encontrado : APSnotifierPP1

Tarea Encontrado : APSnotifierPP2

Tarea Encontrado : APSnotifierPP3

***** [ Accesos directos ] *****

***** [ Registro ] *****

Clave Encontrado : HKCU\Software\AnyProtect

Clave Encontrado : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Clave Encontrado : HKCU\Software\AppDataLow\Software\adawarebp

Clave Encontrado : HKCU\Software\AppDataLow\Software\Crossrider

Clave Encontrado : HKCU\Software\genesis

Clave Encontrado : HKCU\Software\GlobalUpdate

Clave Encontrado : HKCU\Software\InstallCore

Clave Encontrado : HKCU\Software\Linkey

Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Encontrado : HKCU\Software\SmartBar

Clave Encontrado : HKCU\Software\smartbarbackup

Clave Encontrado : HKCU\Software\smartbarlog

Clave Encontrado : HKCU\Software\Softonic

Clave Encontrado : HKCU\Software\TutoTag

Clave Encontrado : [x64] HKCU\Software\AnyProtect

Clave Encontrado : [x64] HKCU\Software\genesis

Clave Encontrado : [x64] HKCU\Software\GlobalUpdate

Clave Encontrado : [x64] HKCU\Software\InstallCore

Clave Encontrado : [x64] HKCU\Software\Linkey

Clave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Encontrado : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

Clave Encontrado : [x64] HKCU\Software\SmartBar

Clave Encontrado : [x64] HKCU\Software\smartbarbackup

Clave Encontrado : [x64] HKCU\Software\smartbarlog

Clave Encontrado : [x64] HKCU\Software\Softonic

Clave Encontrado : [x64] HKCU\Software\TutoTag

Clave Encontrado : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Clave Encontrado : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Clave Encontrado : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.bho

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate

Clave Encontrado : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform

Clave Encontrado : HKLM\SOFTWARE\Classes\speedupmypc

Clave Encontrado : HKLM\SOFTWARE\FrEeSoFtOdAy

Clave Encontrado : HKLM\SOFTWARE\GlobalUpdate

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : HKLM\SOFTWARE\SearchProtect

Clave Encontrado : HKLM\SOFTWARE\SmdmF

Clave Encontrado : HKLM\SOFTWARE\SupDp

Clave Encontrado : HKLM\SOFTWARE\SupTab

Clave Encontrado : HKLM\SOFTWARE\supWindowsMangerProtect

Clave Encontrado : HKLM\SOFTWARE\supWPM

Clave Encontrado : HKLM\SOFTWARE\sweet-pageSoftware

Clave Encontrado : HKLM\SOFTWARE\Tutorials

Clave Encontrado : HKLM\SOFTWARE\Uniblue

Clave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Clave Encontrado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}

Clave Encontrado : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}

Clave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}

Clave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}

Clave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

Clave Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

Valor Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [browser Infrastructure Helper]

Valor Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Valor Encontrado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17278

-\\ Mozilla Firefox v31.0 (x86 es-ES)

[ Archivo : C:\Users\Xavi\AppData\Roaming\Mozilla\Firefox\Profiles\hkvvf9re.default\prefs.js ]

Linea encontrada : user_pref("browser.search.order.1", "default-search.net");

Linea encontrada : user_pref("extensions.crossrider.bic", "143af5e27d13be5fa9666e6b623b97bb");

Linea encontrada : user_pref("extensions.helperbar.DockingPositionDown", false);

Linea encontrada : user_pref("extensions.helperbar.SmartbarDisabled", false);

Linea encontrada : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

Linea encontrada : user_pref("extensions.helperbar.Visibility", false);

Linea encontrada : user_pref("extensions.helperbar.backPageCapacity", 3);

Linea encontrada : user_pref("extensions.helperbar.backPageCounter", 0);

Linea encontrada : user_pref("extensions.helperbar.backPageDay", 5);

Linea encontrada : user_pref("extensions.helperbar.backPageLastEvent", "1404371943350");

Linea encontrada : user_pref("extensions.helperbar.backPageMinInterval", 15);

Linea encontrada : user_pref("extensions.helperbar.barcodeid", "144083");

Linea encontrada : user_pref("extensions.helperbar.countryiso", "be");

Linea encontrada : user_pref("extensions.helperbar.downloadprovider", "snapdott");

Linea encontrada : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...]

Linea encontrada : user_pref("extensions.helperbar.fromautoupdate", "false");

Linea encontrada : user_pref("extensions.helperbar.installationid", "fd408255-140c-753b-3e4a-a3283738f1cf");

Linea encontrada : user_pref("extensions.helperbar.installdate", "05/07/2014");

Linea encontrada : user_pref("extensions.helperbar.keepAliveLastevent", "1404544741");

Linea encontrada : user_pref("extensions.helperbar.lastExternalJsUpdate", "1406469767192");

Linea encontrada : user_pref("extensions.helperbar.publisher", "snapdott");

-\\ Google Chrome v37.0.2062.120

[ Archivo : C:\Users\Xavi\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrado [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

Encontrado [Extension] : bopakagnckmlgajfccecajhnimjiiedh

Encontrado [Extension] : flpcjncodpafbgdpnkljologafpionhb

*************************

AdwCleaner[R0].txt - [13795 octets] - [20/09/2014 12:04:59]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13856 octets] ##########

[CeciliaB 470]

1. Please, turn off all programs, including browsers.

Double-click on AdwCleaner to start the program.

 

Click on the Scan button.

Wait until the search has finished.

 

Click on the Clean button.

 

Click on OK.

Click on OK on any message that pops up.

The computer will be restarted, if it isn't done automatically please do it yourself.

 

A report will be displayed, copy its content and paste into your answer.

If the report isn't displayed, it exist as C:\AdwCleaner[s#].txt, where # is an ordinal number.

 

 

2. Run FRST again and attach the new FRST.txt (no Addition.txt this time), please.

 

 

3. Please, do a full scan with Ad-Aware. Is anything found?

 

 

4. Run an online scan with Eset http://www.eset.com/onlinescan/

To shorten the scanning time disable your antivirus program while scanning.

 

Select "Enable detection of potentially unwanted applications".

 

Click "Advanced Settings"

 

Un-check "Remove found threats"

Check:

"Scan Archives"

"Scan for potentially unsafe applications"

"Enable Anti-Stealth Technology"

 

Click Start

 

When the scan is finished, click on "List of found threats" and then "Export to text file". Copy the content of the text file and paste its content in your answer.

[CeciliaB 470]

Due to lack of feedback, this topic has been closed.

 

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

 

Everyone else please begin a New Topic.

 

Thank You !