1clickdownloader

Hello I have recently discovered that a program called 1clickdownloader has been downloaded onto my laptop. I did some research into this and discovered that it is a serious piece of malware. I have already tried to use its uninstall program to uninstall it but this yielded a warning stating that the uninstall program itself is infected and should not be run. I have seen that essexboy has offered some advice on a similar topic but given a warning about other systems. Please could you help me!
Ewan

follow this guide and attach the logs…not copy and paste http://forum.avast.com/index.php?topic=53253.0

AdwCleaner
Malwarebytes
OTL
aswMBR

Monitoring

_

Can’t see them… :wink:

The first log:

The second:

The third:

The OTL.txt file is too big and is being blocked from being submitted, what should I do?

Copy it here http://www.pastebucket.com/ and post the link.

OTL.txt:
http://www.pastebucket.com/3965

The fifth:

Let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL
SRV:64bit: - [2012/09/13 14:26:50 | 001,259,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (WebOptimizer)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Lawrie\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (Bandoo Media, inc)
[2012/09/28 18:30:38 | 000,035,328 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll
[2012/09/28 18:30:38 | 001,259,888 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe

:Files
C:\PROGRAM FILES\WEB ASSISTANT
C:\Users\Lawrie\AppData\Roaming\DefaultTab
C:\Program Files (x86)\SearchCore for Browsers
ipconfig /flushdns /c
netsh int ip reset c:\resetlog.txt  /c
ipconfig /release /c
ipconfig /renew /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.