So I'm getting some virus updates from Avast!... HELP!

Other > Viruses and worms

<< < (2/3) > >>

Waldoctg:
Thanks!

Actually, I did follow the instructions and cleaned everything up. I deleted OTL off of my computer, in fact. Should I just re install it and then run it again?

On a side note... my browsers keep trying to change their default search browser to search.snap.do.com... I've never used this, so I am confused... it even installed a add-on to Mozilla Firefox. Is it correlated?

Thanks!
Connor

essexboy:
Lets clear the bad boy called snapdo

Download OTL to your Desktop
Secondary link
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

[*]Select All Users
[*]Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

[*]Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs[/list][/list]

Waldoctg:
Here is the test.

NOTE: There was no "Extra.Txt" file.

essexboy:
You will need to reset Chrome manually

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

[/list]
--- Code: ---:OTL
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=hp
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-3121085536-567810485-1202720719-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=ds&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=667ef997-2074-40db-9731-9d0770d78bf7&searchtype=hp"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom15.xpi
[2012/10/01 17:41:38 | 000,000,000 | ---D | M] (ASPCA App By We-Care.com) -- C:\Users\Mastah C\AppData\Roaming\Mozilla\Firefox\Profiles\rgit5epd.default\extensions\wecarereminder@bryan
[2012/05/08 18:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastah C\AppData\Roaming\Mozilla\Firefox\Profiles\rgit5epd.default\jetpack\FantapperExtension@brandaffinity.net
[2012/05/08 18:21:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mastah C\AppData\Roaming\Mozilla\Firefox\Profiles\rgit5epd.default\jetpack\FantapperExtension@brandaffinity.net\simple-storage
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O4 - HKU\S-1-5-21-3121085536-567810485-1202720719-1000..\Run: [Browser Infrastructure Helper] C:\Users\Mastah C\AppData\Local\Smartbar\Application\SnapDo.exe startup File not found

:Files
C:\Users\Mastah C\AppData\Local\Smartbar
C:\ProgramData\WeCareReminder

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
--- End code ---
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply. [/list]

Waldoctg:
Awesome. Thanks so much. Snap.do.com seems to be gone so far... :) Here's the new log.

Navigation

 Message Index

Go to full version