Author Topic: mutliple cases of malware, help?  (Read 11780 times)

0 Members and 1 Guest are viewing this topic.

Ddm5

  • Guest
mutliple cases of malware, help?
« on: January 19, 2013, 06:47:11 PM »
im currently on my friends computer and its acting incredibly dodgy, cannot access the browser, thing takes 30 minutes ro load and it doesn't respond to anything, fyi im typing from his psvita

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: mutliple cases of malware, help?
« Reply #1 on: January 19, 2013, 07:05:09 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Ddm5

  • Guest
Re: mutliple cases of malware, help?
« Reply #2 on: January 19, 2013, 07:10:43 PM »
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5564
  • Spartan Warrior
Re: mutliple cases of malware, help?
« Reply #3 on: January 19, 2013, 07:16:22 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
hi Ddm5,

If you wish to get the proper help here, and have the least risk of system damage, run the tools suggested above.  Since you have already run AdwCleaner, please attach that log along with the other three next.

You could have something new, and the malware expert has over 20,000 posts here, and is a teacher at Geeks To Go, so you will be in good hands.  You do not wish to damage your system, so?  Please follow the above advice.
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Jam4life20

  • Guest
Re: mutliple cases of malware, help?
« Reply #4 on: January 19, 2013, 07:20:39 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
hi Ddm5,

If you wish to get the proper help here, and have the least risk of system damage, run the tools suggested above.  Since you have already run AdwCleaner, please attach that log along with the other three next.

You could have something new, and the malware expert has over 20,000 posts here, and is a teacher at Geeks To Go, so you will be in good hands.  You do not wish to damage your system, so?  Please follow the above advice.

Fyi this is Ddm5, Mchain, I've surfed this forum alot these days, I know what to do, I know what goes on, can we skip the crap and continue, I'm going to install Malwarebytes now, I can't do anything outside of the safemode because of how incredibly slow this laptop is during loading, I'm going to do the rest after this is done now and I'll get back to you.

Online CraigB

  • Avast Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 11239
  • No support PM's thanks
Re: mutliple cases of malware, help?
« Reply #5 on: January 19, 2013, 07:53:43 PM »
Fyi this is Ddm5,
Why have you decided to change names ???

Jam4life20

  • Guest
Re: mutliple cases of malware, help?
« Reply #6 on: January 19, 2013, 08:04:14 PM »
Not really changed, just moreso set an account up for my friend just in case he needs to sort his laptop out again in the future, soo yea..

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mutliple cases of malware, help?
« Reply #7 on: January 19, 2013, 08:32:40 PM »
When malwarebytes fails to kill it let me know

Jam4life20

  • Guest
Re: mutliple cases of malware, help?
« Reply #8 on: January 19, 2013, 08:37:16 PM »
When malwarebytes fails to kill it let me know
Malware bytes only pulled up PUP's on a quick scan, but I do reckon theres more, when we booted the laptop up for the first time it took forever to load, even then it took a good 5 - 10 minutes to load, when that then happened, everything was taking 5 minutes to respond to anything, taking task manager for instance, it took 5 minutes to respond to ending a task, etc. OTL just finish so I'll do Aswmbr and then add the attachments.

Jam4life20

  • Guest
Re: mutliple cases of malware, help?
« Reply #9 on: January 19, 2013, 09:02:00 PM »
When malwarebytes fails to kill it let me know

Problems with Aswmbr, When saving the log, it hangs there, computer sorta freezes, then it blue screens. Halp?

Jam4life20

  • Guest
Re: mutliple cases of malware, help?
« Reply #10 on: January 19, 2013, 09:09:20 PM »
Only ones I could currently do.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mutliple cases of malware, help?
« Reply #11 on: January 19, 2013, 10:57:16 PM »
There are a plethora of dodgy toolbars on this system, I will clean what I can see but AdwCleaner will need to be run to remove what I can't

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml
[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid
[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk

:Files
C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR
C:\PROGRAM FILES\WEB ASSISTANT
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\IMinent Toolbar
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Search Results Toolbar
C:\Program Files (x86)\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Ddm5

  • Guest
Re: mutliple cases of malware, help?
« Reply #12 on: January 19, 2013, 11:28:17 PM »
There are a plethora of dodgy toolbars on this system, I will clean what I can see but AdwCleaner will need to be run to remove what I can't

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml
[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid
[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk

:Files
C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR
C:\PROGRAM FILES\WEB ASSISTANT
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\IMinent Toolbar
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Search Results Toolbar
C:\Program Files (x86)\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Thanks Essexboy, I'll do this tomorrow when I go over his house again, then I'll respond.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: mutliple cases of malware, help?
« Reply #13 on: January 19, 2013, 11:29:20 PM »
Not a problem, but I noticed I forgot to add AdwCleaner

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Ddm5

  • Guest
Re: mutliple cases of malware, help?
« Reply #14 on: January 19, 2013, 11:30:50 PM »
Not a problem, but I noticed I forgot to add AdwCleaner

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Ahh wait, I done the Adwcleaner, had a problem at first, but I removed them all, (The list of incredibly annoying toolbars that I wanted to murder)
« Last Edit: January 19, 2013, 11:32:43 PM by Ddm5 »