# DLL For Dummies Problem



## Methos' Morals (Nov 1, 2012)

I'd be the dummy. I don't really understand dll's, registering, unregistering. Anyway, I'm trying to get rid of this thing I was told was bogus called Snap Do. 
	

	
	
		
		

		
			
		
		
	


	




I found instructions to do it thoroughly. I stopped the process, like it told me to. I uninstalled it. It's still showing on my IE. It said to unregister the dll's. I didn't know anything about that so I found this page: windows7themes.net/how-to-unregister-dll-in-windows-7.htmlWindows\system32\ Snap.do.dll

I don't really understand what I'm supposed to put in the command prompt and was hoping somebody could walk me through it. Like, do I put "regsvr32 /u shell32.dll" in the command prompt or "Windows\system32\ Snap.do.dll" or am I not understanding any of it at all?


----------



## johnb35 (Nov 1, 2012)

Please do the following.

Please download *Malwarebytes' Anti-Malware *from *here* or *here* and save it to your desktop.

Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
*Update Malwarebytes' Anti-Malware*
and *Launch Malwarebytes' Anti-Malware*
 
then click *Finish*.
If an update is found, it will download and install the latest version.  *Please keep updating until it says you have the latest version.*
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
A log will be saved automatically which you can access by clicking on the *Logs* tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run *Rkill.scr*,  *Rkill.exe*, or *Rkill.com*.  If you are still having issues running rkill then try downloading these renamed versions of the same program.

*EXPLORER.EXE*
*IEXPLORE.EXE*
*USERINIT.EXE*
*WINLOGON.EXE*

But *DO NOT *reboot the system and then try installing or running Malwarebytes.  If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it.  Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the *HijackThis* installer from *here*.  
Run the installer and choose *Install*, indicating that you accept the licence agreement.  The installer will place a shortcut on your desktop and launch HijackThis.

*Vista and Windows 7 users must right click on the hijackthis icon and click on run as.  If the run as option doesn't appear then press and hold the shift key while right clicking on the icon to get it to appear.* 


Click *Do a system scan and save a logfile*

_Most of what HijackThis lists will be harmless or even essential, don't fix anything yet._

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy.  Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log


----------



## Methos' Morals (Nov 1, 2012)

Uh oh. This is the same advice I got before I lost a computer a few years back, John. You're scaring me, buddy.  

Before I download, does any of this conflict with McAfee?


----------



## johnb35 (Nov 1, 2012)

Nope.  Not at all.


----------



## Methos' Morals (Nov 2, 2012)

Okay, done with Malwarebytes:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.02.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [administrator]

10/31/2012 11:13:50 PM
mbam-log-2012-10-31 (23-13-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197040
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


All clear there. This is a pretty new system. I'll do Hijack this in a sec.


----------



## Methos' Morals (Nov 2, 2012)

Delete, duplicate post went through.


----------



## Methos' Morals (Nov 2, 2012)

Okay, here it is, full of almost exclusively things that I don't understand  :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:45:49 PM, on 10/31/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120928064238.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13066 bytes


----------



## johnb35 (Nov 2, 2012)

Ok, now I need you to use hijackthis to post a special log from it.  Open hijackthis, click on open misc tools section, click on open uninstall manager, click on save list and save it somewhere.  Then copy and paste the contents back here.


----------



## Methos' Morals (Nov 2, 2012)

Okay, got it and thanks for hanging with me on this one:

18 Wheels of Steel - American Long Haul
Acer Backup Manager
Acer Crystal Eye Webcam
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2 MUI
Agatha Christie - Death on the Nile
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Backup Manager V3
Bejeweled 2 Deluxe
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Chuzzle Deluxe
clear.fi
clear.fi
clear.fi
clear.fi Client
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
eSobi v2
FATE
HiJackThis
Identity Card
Java 7 Update 9
Jewel Quest - Heritage
Jewel Quest Solitaire 2
John Deere Drive Green
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Internet Security Suite
MediaEspresso
Mesh Runtime
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MyWinLocker 4
MyWinLocker Suite
MyWinLocker Suite
NOOK for PC
Norton Online Backup
NTI Media Maker 9
Penguins!
PhotoScape
Plants vs. Zombies
Polar Bowler
Polar Golfer
Realtek USB 2.0 Card Reader
Revo Uninstaller 1.94
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shredder
Times Reader
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Virtual Villagers 4 - The Tree of Life
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge


----------



## johnb35 (Nov 2, 2012)

Since snap do is not an entry in your add-remove list lets run this tool.

Please download *Junkware Removal Tool *to your desktop.

•Shutdown your antivirus to avoid any conflicts.

•Very important that you run the tool in this manner:
Right-mouse click JRT.exe and select Run as administrator
Do NOT just double-click it.

•The tool will open and start scanning your system.

•Please be patient as this can take a while to complete.

•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

•Post the contents of JRT.txt in your next message.


----------



## Methos' Morals (Nov 3, 2012)

Okay. It shut down my Firefox while I was working on it and said it removed a bunch of my preferences. But they're still there when I start to type them in the browser, and most of them are sites I recognize that aren't junk sites but mainstream, good reputation sites.  

Junkware Removal Tool (JRT) by Thisisu 
Version: 2.5.3 (11.02.2012) 
OS: Windows 7 Home Premium x64 
Ran by *** on Thu 11/01/2012 at 20:22:51.34 
Blog: http://thisisudax.blogspot.com 
************************************************************** 




*** Services: 0 Detections 



*** Registry Values: 0 Detections 



*** Registry Keys: 

Successfully deleted: [KEY] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} 
Successfully deleted: [KEY] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} 



*** Files: 0 Detections 



*** Folders: 

Successfully deleted: [FOLDER] "C:\ProgramData\boost_interprocess" 



*** FireFox detected and repaired 

Removed the following from [prefs.js] : 

user_pref("capability.policy.maonoscript.sites", "addons.mozilla.org adobe.com adobetag.com afx.ms akamaihd.net appssavvy.net arte.tv axf8.net babylon.com blogger.com blogspot.com boxingscene.com cinemovies.fr classicgamesarcade.com cnet.com comedycentral.com computerforum.com corbisimages.com craveonline.com dailymotion.com davesgarden.com disqus.com distancebetweencities.net dmcdn.net dtvce.com facebook.com facebook.net fastclick.net fbcdn.net filehippo.com firstdata.com firstdata.lv flashgamesite.com flashgot.net flickr.com foodnetwork.com forbes.com gfx.ms google.com googleapis.com gstatic.com hotmail.com imdb.com imgur.com informaction.com italygen.com live.com longtailvideo.com maone.net media-imdb.com mediaite.com merriam-webster.com mozilla.net mozilla.org msn.com mtv.com mywot.com netflix.com nflxext.com noscript.net npr.org online-image-editor.com pandora.com pantherproxy.com passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org photobucket.com playdom.com quantserve.com reactiongifs.com rubiconproject.com scorecardresearch.com securecode.com securesuite.net sheppardsoftware.com siteadvisor.com sosoboxing.com stumbleupon.com technologytell.com thedailyshow.com thefrisky.com therichest.org thesweetscience.com timeout.com tineye.com tinypic.com tomshardware.com tp-cdn.com tumblr.com twitter.com vimeo.com vimeocdn.com wikimedia.org wikipedia.org wlxrs.com wordpress.com wp.com yahoo.com yahooapis.com yimg.com youtube-mp3.org youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:home about:memory about:neterror aboutlugins aboutrivatebrowsing about:sessionrestore about:support blob: chrome: http://adobe.com http://adobetag.com http://afx.ms http://akamaihd.net http://appssavvy.net http://arte.tv http://axf8.net http://babylon.com http://blogger.com http://blogspot.com http://boxingscene.com http://celebritynetworth.com http://cinemovies.fr http://classicgamesarcade.com http://cnet.com http://comedycentral.com http://computerforum.com http://corbisimages.com http://craveonline.com http://dailymotion.com http://davesgarden.com http://directv.com http://disqus.com http://distancebetweencities.net http://dmcdn.net http://dtvce.com http://facebook.com http://facebook.net http://fastclick.net http://fbcdn.net http://fightsrec.com http://filehippo.com http://firstdata.com http://firstdata.lv http://flashgamesite.com http://flashgot.net http://flickr.com http://foodnetwork.com http://forbes.com http://gfx.ms http://google.com http://googleapis.com http://gstatic.com http://hotmail.com http://imdb.com http://imgur.com http://informaction.com http://italygen.com http://live.com http://longtailvideo.com http://maone.net http://media-imdb.com http://mediaite.com http://merriam-webster.com http://mozilla.net http://mozilla.org http://msn.com http://mtv.com http://mywot.com http://nascar.com http://netflix.com http://nflxext.com http://noscript.net http://npr.org http://online-image-editor.com http://pandora.com http://pantherproxy.com http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://photobucket.com http://playdom.com http://quantserve.com http://reactiongifs.com http://rubiconproject.com http://scorecardresearch.com http://securecode.com http://securesuite.net http://sheppardsoftware.com http://siteadvisor.com http://sosoboxing.com http://stumbleupon.com http://technologytell.com http://thedailyshow.com http://thefrisky.com http://therichest.org http://thesweetscience.com http://timeout.com http://tineye.com http://tinypic.com http://tomshardware.com http://tp-cdn.com http://tumblr.com http://twitter.com http://vimeo.com http://vimeocdn.com http://wikimedia.org http://wikipedia.org http://wlxrs.com http://wordpress.com http://wp.com http://yahoo.com http://yahooapis.com http://yimg.com http://youtube-mp3.org http://youtube.com http://ytimg.com https://adobe.com https://adobetag.com https://afx.ms https://akamaihd.net https://appssavvy.net https://arte.tv https://axf8.net https://babylon.com https://blogger.com https://blogspot.com https://boxingscene.com https://celebritynetworth.com https://cinemovies.fr https://classicgamesarcade.com https://cnet.com https://comedycentral.com https://computerforum.com https://corbisimages.com https://craveonline.com https://dailymotion.com https://davesgarden.com https://directv.com https://disqus.com https://distancebetweencities.net https://dmcdn.net https://dtvce.com https://facebook.com https://facebook.net https://fastclick.net https://fbcdn.net https://fightsrec.com https://filehippo.com https://firstdata.com https://firstdata.lv https://flashgamesite.com https://flashgot.net https://flickr.com https://foodnetwork.com https://forbes.com https://getnetworth.com https://gfx.ms https://google.com https://googleapis.com https://gstatic.com https://hotmail.com https://imdb.com https://imgur.com https://informaction.com https://italygen.com https://live.com https://longtailvideo.com https://maone.net https://media-imdb.com https://mediaite.com https://merriam-webster.com https://mozilla.net https://mozilla.org https://msn.com https://mtv.com https://mywot.com https://nascar.com https://netflix.com https://nflxext.com https://noscript.net https://npr.org https://online-image-editor.com https://pandora.com https://pantherproxy.com https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://photobucket.com https://playdom.com https://quantserve.com https://reactiongifs.com https://rubiconproject.com https://scorecardresearch.com https://securecode.com https://securesuite.net https://sheppardsoftware.com https://siteadvisor.com https://sosoboxing.com https://stumbleupon.com https://technologytell.com https://thedailyshow.com https://thefrisky.com https://therichest.org https://thesweetscience.com https://timeout.com https://tineye.com https://tinypic.com https://tomshardware.com https://tp-cdn.com https://tumblr.com https://twitter.com https://vimeo.com https://vimeocdn.com https://wikimedia.org https://wikipedia.org https://wlxrs.com https://wordpress.com https://wp.com https://yahoo.com https://yahooapis.com https://yimg.com https://youtube-mp3.org https://youtube.com https://ytimg.com resource:");


*** Event Viewer Logs - Cleared 





************************************************************** 
Scan was completed on Thu 11/01/2012 at 21:39:14.28 
End of Report


----------



## Methos' Morals (Nov 3, 2012)

I have literally no idea what just happened there.


----------



## Methos' Morals (Nov 4, 2012)

Okay, apparently that was a spam comment and that got deleted.


----------



## johnb35 (Nov 4, 2012)

Methos' Morals said:


> Okay, apparently that was a spam comment and that got deleted.



Yes it was, I deleted it.

Sorry about that program deleting most of your favorites.  So the only browser you use is IE?  Go to the tools menu, click on manage addons, Click on the toolbars and search providers on the left and then look for the snapdo program and remove it if found.  Snap do must have been installed as a combo while installing another program.


----------



## Methos' Morals (Nov 4, 2012)

johnb35 said:


> Yes it was, I deleted it.
> 
> Sorry about that program deleting most of your favorites.  So the only browser you use is IE?  Go to the tools menu, click on manage addons, Click on the toolbars and search providers on the left and then look for the snapdo program and remove it if found.  Snap do must have been installed as a combo while installing another program.



Nah, no problem about that. Actually, since that comment I think what it did was not delete my browser faves but what I think is it got rid of what I'd white-listed on my no-script add-on, on Firefox. I didn't understand until I started noticing I had to white-list stuff for pages I normally go to, to load properly. I think that's all it was. 

I actually don't use IE as much as Firefox, but Snap Do doesn't show up on the Firefox, only IE. I was only concerned because I read it was a bad program. It is, right? 

Yeah, I don't know a lot about what was installed on this thing. I had someone working on it recently, and he reinstalled Windows 7 after it went haywire (I've only just gotten this computer this year) and there are a lot of programs that I never had now like clear fi and ebay stuff. Maybe he downloaded it somewhere.

Okay, I tried IE and Snap Do is not showing up there, so that's cool. Should I still be trying the original thing with unregistering the dlls or did the junkware program take care of it? Should I fix anything on the hijack this program?


----------



## johnb35 (Nov 4, 2012)

You can rerun hijackthis and place checks next to the following entries if they still appear.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b 58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b 58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b 58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=b9b 58b41-2f18-42d3-a010-91da597bcde8&searchtype=ds&q={searchTerms}
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Then click on fix checked at the bottom.


----------



## Methos' Morals (Nov 4, 2012)

I don't see Snap Do showing up anymore. Cool. Thank you. Is that Junkware Removal Tool something I should run periodically or only for something specific when suggested?


----------



## johnb35 (Nov 4, 2012)

It may help to run it once a month maybe.  I'm not sure what you download.  If you are in a habit of downloading anything and everything, it would help.  I've seen lots of computers with tons of toolbars installed.  Then they wonder why browsing is so slow or has issues.  

Generally running Malwarebytes every so often should keep you cleaned up.


----------



## Methos' Morals (Nov 4, 2012)

I almost never download anything that isn't an update or a youtube video or gif, but I do the latter very frequently. I don't download games anymore and the only programs I do are recommended to me from folks like you. I'm a little paranoid about it, actually. Like the first thing I did when you replied was look and see how long you've been on this forum. And I went ''Ah, okay, moderator, 2005, 20K plus man. We're good." 
	

	
	
		
		

		
		
	


	




 Ever since I stopped downloading willy-nilly and pre-checking sites' reps before going to them and running No Script, I pretty much never get anything bad that I'm educated enough to spot. But I destroyed a few computers before I realized people are out to get us. And just because something is free doesn't mean my computer won't turn into a giant paper weight because of it.


----------

