Hi,

I somehow managed to get the irritating My Start Incredibar donwloaded on my laptop. I downloaded the OTL program and ran it, but dont know how to get Incredibar removed. What is the procedure to use OTL please?

Hi StrongManBR,

Could you also run and attach the logs for Malwarebytes, aswMBR.exe? You can find these programs here: http://forum.avast.com/index.php?topic=53253.0 and also a guide on how to proceed. There is a possibility there is more to it than Incredibar on your system.

OTL can be like a sledgehammer to kill a gnat; and worse still, it can damage your system, if run in the wrong hands. A malware specialist will be along soon to look at your logs.

This should kill it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://mystart.incredibar.com/mb167?a=6OyHeoKjqa&i=26 IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\..\SearchScopes,Backup.Old.DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\..\SearchScopes\{2C3EDA03-637F-2333-42C5-4986C6D8E1EB}: "URL" = http://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6OyHeoKjqa&i=26 IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1QzuyDyEtDyE0AyC0DzytAyEzy0E0D0ByB0BtN0D0Tzu0StBtBtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=63096674 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb167/?loc=IB_DS&a=6OyHeoKjqa&&i=26&search=" [2012/07/07 12:08:53 | 000,002,203 | ---- | M] () -- C:\Users\wandrey\AppData\Roaming\Mozilla\Firefox\Profiles\k9rm65cf.default\searchplugins\MyStart Search.xml [2012/08/10 22:08:24 | 000,002,335 | ---- | M] () -- C:\Users\wandrey\AppData\Roaming\Mozilla\Firefox\Profiles\k9rm65cf.default\searchplugins\Search.xml [2012/08/10 22:06:08 | 000,384,844 | ---- | C] () -- C:\Users\wandrey\AppData\Local\funmoods-speeddial.crx

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Thanks for helping me.
Dont work at all yet.
See attachments

Dont work, nothing is catched.

Could you confirm it is just Firefox

Also there should be a user.js file on the root c drive

Could you copy that
Change the extension to .txt and attach that

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL FF - prefs.js..browser.search.defaultenginename: "v9" FF - prefs.js..browser.search.order.1: "v9" FF - prefs.js..browser.search.selectedEngine: "v9" [2012/08/11 00:40:49 | 000,000,402 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Confirmed, only firefox.
user.js attached.
Tks a lot.
I will run otl again with new params.

After first run, only firefox problem, after second firefox continue with incredibar, see attachments please.
Thks again, it almost fixing.

Delete that user.js it is full of incredibar then retry firefox

Deleted user.js file on c:. Dont work yet. Incredibar continue on firefox, see attachments.
Tks for try help me. The fight continue

Are you able to change the start page in FF ?

Could you run a fresh OTL quick scan please

Ok, start page is set to inicial mozila firefox page.
New OTL run attached.

Could you confirm that it is now fixed ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.v9.com/?utm_source=b&utm_medium=ism&from=ism&uid=12078201000006890A84_CorsairForceGT&ts=1344656448 IE - HKU\S-1-5-21-493578736-2699321852-2876254052-1000\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.v9.com/web/?q={searchTerms}

Do i restart after this third run?

On mozila firefox start ok, but after one new tab, incredibar persist.
Start firefox with page blank, new tab incredibar continue boring.
Please, see attachments e new olt fresh run.

OK there is an extension or addon hiding in Firefox that I cannot see… By the way this is why I never use firefox

Start firefox in safe mode please and change the start page
http://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-using-safe-mode

Enable addons and extensions one at a time unitl the problem re-occurs then let me know which one it was

Tks, only remove incredibar on safe mode, otherwise, persist incredibar.
Please, see new attachments.

firefox extensions

firefox plugins.

OK I have been introduced to a new programme which does a more thorough job than I can … Lets give it a whirl

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

https://dl.dropbox.com/u/73555776/AdwCleaner.GIF

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that

This works fine.
See attachments please.