Snap.do and Goodness knows what else

Hi I need some expert to tell me if I am still infected looking at the log attached. How do I get rid off it please.

Thanks

Hi I need some expert to tell me if I am still infected looking at the log attached. How do I get rid off it please.
follow the guide and [b]attach [/b] the logs....not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

when done…be patient as it may take hours before the malware removal experts arrive

Log Files Attached

Last Of the Log files : only thing that stands out is 2 Registry entries …DNS … Controlset 001 & 002 , Thanks

Malware removers are notified…check back later today :wink:

I am not seeing any sign of snapdo… Where are you seeing it ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:OTL
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3563665913-2513293735-2134829780-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
[2012/10/28 18:14:41 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\windows\eSellerateEngine.dll
[2012/10/28 18:14:41 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\windows\eSellerateControl350.dll
[2012/07/03 14:46:42 | 000,217,672 | ---- | M] () Unable to obtain MD5 -- C:\Users\Stephan\AppData\Local\Temp\winlogon.exe
[2012/07/03 14:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Users\Stephan\AppData\Local\Temp\svchost.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hi, Logs attached. I think snap.do and StopZilla1 have been removed.

Thanks

Do you have any other problems ?

Hi, No other problems. Thanks for the help :slight_smile:

Run OTL and press the cleanup button to remove it ;D