Author Topic: mutliple cases of malware, help?  (Read 3302 times)

Offline Ddm5

  • Full Member
  • ***
  • Posts: 135
  • Gender: Male
  • H.Miku
    • Personal Message (Offline)
mutliple cases of malware, help?
« on: January 19, 2013, 04:47:11 PM »
im currently on my friends computer and its acting incredibly dodgy, cannot access the browser, thing takes 30 minutes ro load and it doesn't respond to anything, fyi im typing from his psvita
Intel i5 2500k, 8gb Corsair ram, ASUS Maximus V Formula, Evga Nvidia Gtx660, 240Gb Force 3 SSD, 1Tb WD HDD. Win7 Home.
Avast! Internet Security. MalwareBytes Antimalware, McShield.
FF - Noscript, Request policy, Adblockerplus, Ghostry, Sandboxed by AIS.

Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2163
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #1 on: January 19, 2013, 05:05:09 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline Ddm5

  • Full Member
  • ***
  • Posts: 135
  • Gender: Male
  • H.Miku
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #2 on: January 19, 2013, 05:10:43 PM »
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
Intel i5 2500k, 8gb Corsair ram, ASUS Maximus V Formula, Evga Nvidia Gtx660, 240Gb Force 3 SSD, 1Tb WD HDD. Win7 Home.
Avast! Internet Security. MalwareBytes Antimalware, McShield.
FF - Noscript, Request policy, Adblockerplus, Ghostry, Sandboxed by AIS.

Offline mchain

  • avast! Evangelist
  • Super Poster
  • ***
  • Posts: 2163
  • Gender: Male
  • Spartan Warriors
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #3 on: January 19, 2013, 05:16:22 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
hi Ddm5,

If you wish to get the proper help here, and have the least risk of system damage, run the tools suggested above.  Since you have already run AdwCleaner, please attach that log along with the other three next.

You could have something new, and the malware expert has over 20,000 posts here, and is a teacher at Geeks To Go, so you will be in good hands.  You do not wish to damage your system, so?  Please follow the above advice.
XP Pro SP3 P4 3.2 HT 2GB RAM AIS v 2014.9.0.2011 Secunia PSI version 2.0.0.3003 TREND Micro RUBotted Beta Javacool SpywareBlaster version 5.0 Sandboxie v. 4.09 32-bit WOT (Web Of Trust) Browser reputation-based add-on http://www.mywot.com/   New: avast! listing of vendor uninstall tools:  http://www.avast.com/faq.php?article=AVKB11#artTitle
W7 Home Premium 64-bit SP1, 2.8 Pentium D, 3 GB RAM AIS v 2014.9.0.2016 (running same programs as above) Sandboxie 4.09 64-bit

Offline Jam4life20

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #4 on: January 19, 2013, 05:20:39 PM »
hi Ddm5,

Help will be forthcoming as soon as the logs from the following programs are attached in your next reply:  AdwCleaner, Malwarebytes, OTL, aswMBR.exe

You can get these programs from here:  http://forum.avast.com/index.php?topic=53253.0

Post logs only; repair should only be done under the care of a certified malware specialist.  A malware specialist has been notified for you.
ive tried adwcleaner in safemode, no luck. quick question, do you know the site for the av removal tools
hi Ddm5,

If you wish to get the proper help here, and have the least risk of system damage, run the tools suggested above.  Since you have already run AdwCleaner, please attach that log along with the other three next.

You could have something new, and the malware expert has over 20,000 posts here, and is a teacher at Geeks To Go, so you will be in good hands.  You do not wish to damage your system, so?  Please follow the above advice.

Fyi this is Ddm5, Mchain, I've surfed this forum alot these days, I know what to do, I know what goes on, can we skip the crap and continue, I'm going to install Malwarebytes now, I can't do anything outside of the safemode because of how incredibly slow this laptop is during loading, I'm going to do the rest after this is done now and I'll get back to you.

Offline craigb

  • avast! Überevangelist
  • Serious Graphoman
  • *****
  • Posts: 8056
  • Gender: Male
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #5 on: January 19, 2013, 05:53:43 PM »
Fyi this is Ddm5,
Why have you decided to change names ???
Windows 8.1 Pro X64/ IE 11/ Avast 9.0.2018/ MBAM Premium 2

Offline Jam4life20

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #6 on: January 19, 2013, 06:04:14 PM »
Not really changed, just moreso set an account up for my friend just in case he needs to sort his laptop out again in the future, soo yea..

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #7 on: January 19, 2013, 06:32:40 PM »
When malwarebytes fails to kill it let me know

Offline Jam4life20

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #8 on: January 19, 2013, 06:37:16 PM »
When malwarebytes fails to kill it let me know
Malware bytes only pulled up PUP's on a quick scan, but I do reckon theres more, when we booted the laptop up for the first time it took forever to load, even then it took a good 5 - 10 minutes to load, when that then happened, everything was taking 5 minutes to respond to anything, taking task manager for instance, it took 5 minutes to respond to ending a task, etc. OTL just finish so I'll do Aswmbr and then add the attachments.

Offline Jam4life20

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #9 on: January 19, 2013, 07:02:00 PM »
When malwarebytes fails to kill it let me know

Problems with Aswmbr, When saving the log, it hangs there, computer sorta freezes, then it blue screens. Halp?

Offline Jam4life20

  • Newbie
  • *
  • Posts: 6
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #10 on: January 19, 2013, 07:09:20 PM »
Only ones I could currently do.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #11 on: January 19, 2013, 08:57:16 PM »
There are a plethora of dodgy toolbars on this system, I will clean what I can see but AdwCleaner will need to be run to remove what I can't

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml
[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid
[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk

:Files
C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR
C:\PROGRAM FILES\WEB ASSISTANT
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\IMinent Toolbar
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Search Results Toolbar
C:\Program Files (x86)\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Offline Ddm5

  • Full Member
  • ***
  • Posts: 135
  • Gender: Male
  • H.Miku
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #12 on: January 19, 2013, 09:28:17 PM »
There are a plethora of dodgy toolbars on this system, I will clean what I can see but AdwCleaner will need to be run to remove what I can't

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:OTL
SRV:64bit: - [2012/09/13 13:26:50 | 001,259,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=3246453902914463&o=APN10645&q="
FF - prefs.js..extensions.enabledAddons: %7Bf34c9277-6577-4dff-b2d7-7d58092f272f%7D:1.0.0.12
FF - prefs.js..extensions.enabledAddons: %7B1FD91A9C-410C-4090-BBCC-55D3450EF433%7D:1.0
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/08/21 12:52:04 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2012/08/21 13:50:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013/01/01 18:55:26 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\extensions\{f34c9277-6577-4dff-b2d7-7d58092f272f}
[2013/01/01 18:55:15 | 000,002,687 | ---- | M] () -- C:\Users\Toshiba\AppData\Roaming\Mozilla\Firefox\Profiles\quh1go2v.default\searchplugins\Search_Results.xml
[2013/01/01 18:55:39 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2012/09/18 17:43:13 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension64.dll ()
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll File not found
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {f34c9277-6577-4dff-b2d7-7d58092f272f} - C:\Program Files (x86)\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1556087760-137178642-3745541075-1000\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngrUI.exe (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN64C~1.DLL) - C:\ProgramData\Wincert\win64cert.dll ()
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media Inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~3\Wincert\WIN32C~1.DLL) - C:\ProgramData\Wincert\win32cert.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~2\Datamngr\datamngr.dll) - C:\Program Files (x86)\Search Results Toolbar\Datamngr\datamngr.dll (Bandoo Media Inc)
O20 - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media Inc)
[2013/01/01 21:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013/01/01 18:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/01 18:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Search Results Toolbar
[2013/01/01 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Toshiba\AppData\Local\iLivid
[2013/01/01 18:59:02 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2013/01/01 18:58:59 | 000,001,050 | ---- | M] () -- C:\Users\Toshiba\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/01 18:58:54 | 000,001,048 | ---- | M] () -- C:\Users\Toshiba\Desktop\iLivid.lnk

:Files
C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR
C:\PROGRAM FILES\WEB ASSISTANT
C:\Program Files (x86)\Vid-Saver
C:\Program Files (x86)\IMinent Toolbar
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\Wajam
C:\Program Files (x86)\Search Results Toolbar
C:\Program Files (x86)\Yontoo

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.
 
 
  • Doubleclick on TDSSKiller.exe to run the application


  • Then click on Change parameters.
     

     
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
     
  • Click the Start Scan button.
     
     
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     

     
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

  • Get the report by selecting Reports

 
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.

Thanks Essexboy, I'll do this tomorrow when I go over his house again, then I'll respond.
Intel i5 2500k, 8gb Corsair ram, ASUS Maximus V Formula, Evga Nvidia Gtx660, 240Gb Force 3 SSD, 1Tb WD HDD. Win7 Home.
Avast! Internet Security. MalwareBytes Antimalware, McShield.
FF - Noscript, Request policy, Adblockerplus, Ghostry, Sandboxed by AIS.

Offline essexboy

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 28953
  • Gender: Male
  • Dragons by Sasha
    • Malware fixes
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #13 on: January 19, 2013, 09:29:20 PM »
Not a problem, but I noticed I forgot to add AdwCleaner

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Offline Ddm5

  • Full Member
  • ***
  • Posts: 135
  • Gender: Male
  • H.Miku
    • Personal Message (Offline)
Re: mutliple cases of malware, help?
« Reply #14 on: January 19, 2013, 09:30:50 PM »
Not a problem, but I noticed I forgot to add AdwCleaner

CLEAR THE BAD TOOLBARS

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

Ahh wait, I done the Adwcleaner, had a problem at first, but I removed them all, (The list of incredibly annoying toolbars that I wanted to murder)
« Last Edit: January 19, 2013, 09:32:43 PM by Ddm5 »
Intel i5 2500k, 8gb Corsair ram, ASUS Maximus V Formula, Evga Nvidia Gtx660, 240Gb Force 3 SSD, 1Tb WD HDD. Win7 Home.
Avast! Internet Security. MalwareBytes Antimalware, McShield.
FF - Noscript, Request policy, Adblockerplus, Ghostry, Sandboxed by AIS.

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now