0 Members and 1 Guest are viewing this topic.
hi Ddm5,Help will be forthcoming as soon as the logs from the following programs are attached in your next reply: AdwCleaner, Malwarebytes, OTL, aswMBR.exeYou can get these programs from here: http://forum.avast.com/index.php?topic=53253.0Post logs only; repair should only be done under the care of a certified malware specialist. A malware specialist has been notified for you.
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
Quote from: mchain on January 19, 2013, 07:05:09 PMhi Ddm5,Help will be forthcoming as soon as the logs from the following programs are attached in your next reply: AdwCleaner, Malwarebytes, OTL, aswMBR.exeYou can get these programs from here: http://forum.avast.com/index.php?topic=53253.0Post logs only; repair should only be done under the care of a certified malware specialist. A malware specialist has been notified for you.Quote from: Ddm5 on January 19, 2013, 07:10:43 PMive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal toolshi Ddm5,If you wish to get the proper help here, and have the least risk of system damage, run the tools suggested above. Since you have already run AdwCleaner, please attach that log along with the other three next.You could have something new, and the malware expert has over 20,000 posts here, and is a teacher at Geeks To Go, so you will be in good hands. You do not wish to damage your system, so? Please follow the above advice.
Fyi this is Ddm5,
When malwarebytes fails to kill it let me know
:OTLSRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOXO2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not foundO2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk:FilesC:\PROGRAM FILES (X86)\SEARCHQU TOOLBARC:\PROGRAM FILES\WEB ASSISTANTC:\Program Files (x86)\Vid-SaverC:\Program Files (x86)\IMinent ToolbarC:\Program Files (x86)\Incredibar.comC:\Program Files (x86)\WajamC:\Program Files (x86)\Search Results ToolbarC:\Program Files (x86)\Yontoo:Commands[resethosts][emptytemp][CREATERESTOREPOINT][Reboot]
There are a plethora of dodgy toolbars on this system, I will clean what I can see but AdwCleaner will need to be run to remove what I can'tWarning This fix is only relevant for this system and no other, using on another computer may cause problems Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot Run OTLUnder the Custom Scans/Fixes box at the bottom, paste in the followingCode: [Select]:OTLSRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOXO2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not foundO2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk:FilesC:\PROGRAM FILES (X86)\SEARCHQU TOOLBARC:\PROGRAM FILES\WEB ASSISTANTC:\Program Files (x86)\Vid-SaverC:\Program Files (x86)\IMinent ToolbarC:\Program Files (x86)\Incredibar.comC:\Program Files (x86)\WajamC:\Program Files (x86)\Search Results ToolbarC:\Program Files (x86)\Yontoo:Commands[resethosts][emptytemp][CREATERESTOREPOINT][Reboot]Then click the Run Fix button at the topLet the program run unhindered, reboot the PC when it is doneOpen OTL again and click the Quick Scan button. Post the log it produces in your next reply. THENDownload the latest version of TDSSKiller from here and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the applicationThen click on Change parameters. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK. Click the Start Scan button. If a suspicious object is detected, the default action will be Skip, click on Continue. If malicious objects are found, they will show in the Scan results and offer three (3) options. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process. Get the report by selecting Reports Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.Please copy and paste its contents on your next reply.
Not a problem, but I noticed I forgot to add AdwCleaner CLEAR THE BAD TOOLBARS Download AdwCleaner from here to your desktopRun AdwCleaner and select DeleteOnce done it will ask to reboot, allow thisOn reboot a log will be produced please attach that