Hi,
I somehow managed to get the irritating My Start Incredibar donwloaded on my laptop. I downloaded the OTL program and ran it, but dont know how to get Incredibar removed. What is the procedure to use OTL please?
http://forum.avast.com/index.php?topic=53253.0 follow the link ;D
Ok, the first log after scanning with Malwarebytes Anti-Malware:
The two OTL logs:
The aswMBR log:
Hi let me know if I got it all. You will need to reset Chrome search manually
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTLSRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] – C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe – (Application Updater)
IE - HKU\S-1-5-21-999571277-2109888878-28074370-1001..\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=ca1faaae0000000000000024d7d91a3d
IE - HKU\S-1-5-21-999571277-2109888878-28074370-1001..\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredibar.com/mb167/?search={searchTerms}&loc=IB_DS&a=6R8yxCuIpW&i=26
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKLM..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM…\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-999571277-2109888878-28074370-1001…\Run: [VideoDownloadToolbar] C:\Users\John Wilkens\AppData\Roaming\VideoDownloadToolbar\VideoDownloadToolbar.exe (Sakysoft s.r.l. uninominale)
O9 - Extra Button: Download Video - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files (x86)\Minibar\Minibar.dll (Minibar)
[2012/07/10 08:52:28 | 000,000,000 | —D | C] – C:\Program Files (x86)\Perion
[2012/07/10 08:52:17 | 000,000,000 | —D | C] – C:\Program Files (x86)\Incredibar.com
[2012/07/10 08:47:58 | 000,000,000 | —D | C] – C:\Program Files (x86)\Minibar
[2012/07/10 08:47:57 | 000,000,000 | —D | C] – C:\Users\John Wilkens\AppData\Local\Minibar
[2012/07/10 08:47:55 | 000,000,000 | —D | C] – C:\Program Files (x86)\Video Download Button
[2012/07/10 08:45:57 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoDownloadToolbar
[2012/07/10 08:45:56 | 000,000,000 | —D | C] – C:\Users\John Wilkens\AppData\Roaming\VideoDownloadToolbar
[2012/07/10 08:45:56 | 000,000,000 | —D | C] – C:\Program Files (x86)\VideoDownloadToolbar
[2012/07/10 08:44:14 | 000,000,000 | —D | C] – C:\Program Files (x86)\BabylonToolbar
[2012/07/10 08:43:18 | 000,000,000 | —D | C] – C:\Users\John Wilkens\AppData\Local\Babylon
[2012/07/10 08:43:16 | 000,000,000 | —D | C] – C:\Users\John Wilkens\AppData\Roaming\Babylon
[2012/07/10 08:43:16 | 000,000,000 | —D | C] – C:\ProgramData\Babylon
[2012/07/09 13:24:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\YouTube Downloader Toolbar
[2012/07/09 13:24:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\Common Files\Spigot
[2012/07/09 13:24:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\Application Updater
[2012/07/09 13:24:24 | 000,000,000 | —D | C] – C:\ProgramData\YTD Video Downloader
[2012/07/09 13:24:20 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2012/07/09 13:24:19 | 000,000,000 | —D | C] – C:\Program Files (x86)\GreenTree Applications
[2012/07/10 08:45:57 | 000,001,060 | ---- | M] () – C:\Users\John Wilkens\Desktop\VideoDownloadToolbar.lnk
[2012/07/10 07:43:35 | 000,002,243 | ---- | M] () – C:\Users\John Wilkens\Desktop\YTD Video Downloader.lnk:Files
C:\Users\John Wilkens\AppData\Roaming\VideoDownloadToolbar
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\Application Updater
C:\Program Files\Web Assistant
C:\Program Files (x86)\BabylonToolbar
C:\Program Files (x86)\Incredibar.com
C:\Program Files (x86)\YouTube Downloader Toolbar:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
The Quick Scan log via OTL as requested.
Has it gone ?
I gave it some time and it seems to have gone.
Thanks for the help and instruction!
Death to Incredibar.
Question: Will it be sufficient enough to remove Mystart and Incredibar manually from Chrome and IE browsers? Or are there more hidden nasties that have to be removed via OTL also
You should just need to reset Chrome IE should be OK