Inactive Need help removing Incredibar

Cloudnine · Feb 12, 2012

Hi,
Need assistance to remove "Incredibar" please.

Logs:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.11.03

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: IBM-4E642AA635C [administrator]

2/11/2012 10:55:47 PM
mbam-log-2012-02-11 (22-55-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186124
Time elapsed: 11 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Administrator\Desktop\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-13 15:30:32
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS548040M9AT00 rev.MG2OA5BA
Running: 2drordz9.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uwxiikob.sys

---- System - GMER 1.0.15 ----

SSDT F8BB9114 ZwClose
SSDT F8BB90CE ZwCreateKey
SSDT F8BB911E ZwCreateSection
SSDT F8BB90C4 ZwCreateThread
SSDT F8BB90D3 ZwDeleteKey
SSDT F8BB90DD ZwDeleteValueKey
SSDT F8BB910F ZwDuplicateObject
SSDT F8BB90E2 ZwLoadKey
SSDT F8BB90B0 ZwOpenProcess
SSDT F8BB90B5 ZwOpenThread
SSDT F8BB90EC ZwReplaceKey
SSDT F8BB90E7 ZwRestoreKey
SSDT F8BB9123 ZwSetContextThread
SSDT F8BB90D8 ZwSetValueKey
SSDT F8BB90BF ZwTerminateProcess

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [00408A00] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [00408A00] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00407760] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenUserClassesRoot] [004086A0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [00408D70] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [00408BF0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegCloseKey] [00408900] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [00408F20] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00407960] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [004078D0] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)
IAT C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe[472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00407980] C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero MediaHome/Nero AG)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 15:36:23 on 2012-02-13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.147 [GMT 11:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: BFlix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" -NoStart
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ACUMon] "c:\program files\cisco systems\aironet client monitor\ACUMon.Exe" -a
mRun: [BMMGAG] RunDll32 c:\progra~1\thinkpad\utilit~1\pwrmonit.dll,StartPwrMonitor
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [BLOG] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\FirstStart.exe" /OM
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\documents and settings\administrator\desktop\PartyPoker.lnk
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299310973505
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{4365D515-1E78-4F11-ABA8-11120F730D3F} : DhcpNameServer = 192.168.2.1
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-17 11608]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2008-8-21 16384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-17 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-17 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-17 66616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-6-1 367456]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2006-11-30 46108]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-12-6 18432]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2006-12-8 119296]
.
=============== Created Last 30 ================
.
2012-02-11 11:53:19 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-11 11:52:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-11 11:52:14 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 11:52:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-10 10:20:41 -------- d-----w- c:\documents and settings\administrator\application data\Incredibar.com
2012-02-10 10:19:58 -------- d-----w- c:\program files\BFlix
2012-02-10 10:19:23 -------- d-----w- c:\program files\Incredibar.com
2012-02-10 10:17:04 -------- d-----w- c:\documents and settings\all users\application data\100
2012-02-10 10:17:02 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2012-02-05 09:18:15 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Nero
2012-02-05 09:13:06 -------- d-----w- c:\program files\Nero
2012-02-05 09:12:46 -------- d-----w- c:\documents and settings\all users\application data\Nero
2012-01-19 06:24:17 -------- d-----w- C:\a6cf2f781aae66c5528c7397822a18
2012-01-19 06:00:22 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-19 05:58:50 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-19 05:58:18 14048 ------w- c:\windows\system32\spmsg2.dll
2012-01-19 05:55:37 -------- d-----w- c:\program files\Navman
.
==================== Find3M ====================
.
.
============= FINISH: 15:37:35.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/30/2006 10:15:25 AM
System Uptime: 2/13/2012 1:10:50 PM (2 hours ago)
.
Motherboard: IBM | | 23747FM
Processor: Intel(R) Pentium(R) M processor 1600MHz | None | 1594/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 37 GiB total, 8.674 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP66: 11/23/2011 2:29:39 PM - System Checkpoint
RP67: 11/28/2011 6:14:33 PM - System Checkpoint
RP68: 12/1/2011 4:57:57 PM - System Checkpoint
RP69: 12/2/2011 7:58:46 PM - System Checkpoint
RP70: 12/4/2011 2:08:44 PM - System Checkpoint
RP71: 12/5/2011 5:06:14 PM - System Checkpoint
RP72: 12/6/2011 5:21:50 PM - Removed Apple Application Support
RP73: 12/6/2011 5:23:57 PM - Removed Apple Mobile Device Support
RP74: 12/10/2011 10:49:41 AM - System Checkpoint
RP75: 12/13/2011 9:29:45 AM - System Checkpoint
RP76: 12/14/2011 6:59:51 PM - System Checkpoint
RP77: 12/15/2011 11:22:09 AM - Software Distribution Service 3.0
RP78: 12/16/2011 11:33:56 AM - System Checkpoint
RP79: 12/17/2011 4:28:15 PM - Installed Windows XP Wdf01009.
RP80: 12/18/2011 4:03:45 PM - Software Distribution Service 3.0
RP81: 12/21/2011 2:03:18 PM - System Checkpoint
RP82: 12/28/2011 10:38:22 AM - Installed Java(TM) 6 Update 30
RP83: 12/29/2011 7:48:52 PM - System Checkpoint
RP84: 1/5/2012 3:36:48 PM - System Checkpoint
RP85: 1/8/2012 8:09:14 AM - System Checkpoint
RP86: 1/10/2012 10:48:36 AM - System Checkpoint
RP87: 1/13/2012 3:15:22 PM - System Checkpoint
RP88: 1/13/2012 8:51:50 PM - Removed Adobe Reader 9.4.7.
RP89: 1/17/2012 9:47:17 PM - System Checkpoint
RP90: 1/19/2012 4:53:55 PM - Installed NavDesk 2009
RP91: 1/19/2012 4:55:57 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
RP92: 1/19/2012 4:57:38 PM - Installed Windows XP WIC.
RP93: 1/19/2012 4:58:18 PM - Installed %1 %2.
RP94: 1/19/2012 4:58:30 PM - Printer Driver Microsoft XPS Document Writer Installed
RP95: 1/19/2012 5:26:09 PM - Installed Windows KB954550-v5.
RP96: 1/19/2012 5:28:21 PM - Printer Driver Microsoft XPS Document Writer Installed
RP97: 1/26/2012 8:40:37 AM - Printer Driver Microsoft XPS Document Writer Installed
RP98: 1/31/2012 12:11:14 PM - System Checkpoint
RP99: 2/5/2012 8:11:02 PM - Installed Nero MediaHome 4 Essentials 4.4.8.1
RP100: 2/10/2012 7:17:11 PM - System Checkpoint
RP101: 2/12/2012 9:17:50 AM - System Checkpoint
RP102: 2/13/2012 3:26:25 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.5.0
Advertising Center
Agere Systems AC'97 Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
BFlix
Bonjour
Cisco Aironet Installation Wizard
DivX Setup
e-tax 2011
FrostWire 4.21.7
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB981793)
IBM ThinkPad Battery MaxiMiser and Power Management Features
Incredibar Toolbar on IE and Chrome
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Intel(R) Sebring API
iPod To Computer Transfer 6.6
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Nero ControlCenter
Nero Installer
Nero MediaHome 4
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help
Nero Online Upgrade
OLYMPUS Master 2
PartyPoker
PMB
PowerDVD
QuickTime
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Spybot - Search & Destroy
ThinkPad Power Management Driver
ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
Ultimate Mahjongg 5
Unwired
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB898461)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/9/2012 11:40:20 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
2/13/2012 2:38:10 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/11/2012 9:47:17 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Nero MediaHome 4 Service service to connect.
2/11/2012 9:47:17 PM, error: Service Control Manager [7000] - The Nero MediaHome 4 Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/11/2012 11:12:06 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
2/11/2012 10:28:44 PM, error: PSched [14103] - QoS [Adapter {4365D515-1E78-4F11-ABA8-11120F730D3F}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
.
==== End Of File ===========================

Bobbye · Feb 13, 2012

DO you notice the following?

What are Common Signs of MyStart by IncrediBar Infection?

Slow Computer Performance

Annoying Pop-Ups

Taskbar Warnings

Strange new icons and desktop backgrounds

Internet Browsing Re-directs and Hijacks

System Crashes

High Pressure Marketing Tactics to "Purchase Full Version" of software

You will receive phony alerts such as "Spyware Alert! Your computer is infected with spyware. It could damage your critical files or expose your private data on the Internet. Click here to register your copy of MyStart by IncrediBar and remove spyware threats from your PC."

Start with this: How to stop MyStart by IncrediBar processes:

Click the Start menu, select Run.
Type taskmgr.exe into the the Run command box, and click “OK.” You can also launch the Task Manager by pressing keys CTRL + Shift + ESC.
Click Processes tab, and find MyStart by IncrediBar processes.
Once you’ve found the MyStart by IncrediBar processes, right-click them and select “End Process” to kill MyStart by IncrediBar .

=========================================
You have other entries that need to be removed:
Uninstall or disable the file sharing Frostwire while I am helping you.

To find other entries:
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Expect these- they are normal:
1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
2. Before you run the Combofix scan, please disable any security software you have running.
3. Combofix may need to reboot your computer more than once to do its job this is normal.

Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe

& follow the prompts.
If prompted for Recovery Console, please allow.
Once installed, you should see a blue screen prompt that says:
- The Recovery Console was successfully installed.[/b]
- Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
- Note: No query will be made if the Recovery Console is already on the system.
.Close/disable all anti virus and anti malware programs
(If you need help with this, please see HERE)
.Close any open browsers.
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==============================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:

Open the ESETOnlineScan
Skip to #4 to "Continue with the directions"

If you are using a browser other than Internet Explorer
Open Eset Smart Installer
[o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
[o] Double click on the desktop icon to run.
[o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
Continue with the directions.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Leave remaining settings as is.
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button, then Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
===================================
Download CKScanner and save to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
When the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

=====================================
My Guidelines: please read and follow:

Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
File sharing programs should be uninstalled or disabled during the cleaning process..
Observe these:
[o] Don't follow directions given to someone else
[o] Don't use any other cleaning programs or scans while I'm helping you.
[o] Don't use a Registry cleaner or make any changes in the Registry.
[o] Don't download and install new programs- except those I give you.

If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
Threads are closed after 5 days if there is no reply.

Please leave all logs in your next post.

Cloudnine · Feb 15, 2012

The Incredibar toolbar has now disappeared from Internet Explorer after I followed your steps above.

Note that even before I commenced the steps above, there was no MyStart by Incredibar running in Processes in Task Manager.

ESET found nothing.

ComboFix 12-02-13.01 - Administrator 02/15/2012 11:12:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.275 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\100
C:\Install.exe
c:\program files\Incredibar.com
c:\program files\Incredibar.com\incredibar\1.5.3.27\bh\inCRedibar.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\windows\system32\cswGina.dll
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-01-15 to 2012-02-15 )))))))))))))))))))))))))))))))
.
.
2012-02-11 11:53 . 2012-02-11 11:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-11 11:52 . 2012-02-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-11 11:52 . 2012-02-11 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 11:52 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 10:20 . 2012-02-10 10:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Incredibar.com
2012-02-10 10:19 . 2012-02-10 10:19 -------- d-----w- c:\program files\BFlix
2012-02-10 10:19 . 2012-02-10 10:19 -------- d-----w- c:\program files\Windows Sidebar
2012-02-10 10:19 . 2012-02-10 10:19 449 ----a-w- C:\user.js
2012-02-10 10:17 . 2012-02-10 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-05 09:18 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2012-02-05 09:18 . 2012-02-11 11:19 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4
2012-02-05 09:18 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nero
2012-02-05 09:13 . 2012-02-05 09:14 -------- d-----w- c:\program files\Nero
2012-02-05 09:12 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-02-05 09:12 . 2012-02-05 09:15 -------- d-----w- c:\program files\Common Files\Nero
2012-01-19 06:24 . 2012-01-19 06:30 -------- d-----w- C:\a6cf2f781aae66c5528c7397822a18
2012-01-19 06:04 . 2012-01-19 06:04 -------- d-----w- c:\program files\MSBuild
2012-01-19 06:00 . 2012-01-19 06:33 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-19 05:59 . 2012-01-19 05:59 -------- d-----w- c:\program files\Reference Assemblies
2012-01-19 05:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-19 05:58 . 2006-06-29 02:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-01-19 05:55 . 2012-01-19 05:55 -------- d-----w- c:\program files\Navman
2012-01-19 05:51 . 2012-01-19 05:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
2011-12-30 19:33 167936 ----a-w- c:\program files\BFlix\Bflix.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 03:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-22 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-26 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 73728]
"ACUMon"="c:\program files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" [2004-02-23 217088]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-19 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-19 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-19 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-19 208896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-05-31 600928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Unwired\\UwWiz.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
.
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8/21/2008 9:11 AM 16384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2011 9:24 PM 136360]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 4:01 AM 367456]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [11/30/2006 10:23 AM 46108]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/6/2011 5:23 PM 18432]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [12/8/2006 11:29 AM 119296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57]
.
2008-08-20 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-08-20 15:38]
.
2012-02-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 03:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-incredibar - c:\program files\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 11:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2052111302-1060284298-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,16,2d,59,2a,48,96,43,b5,1f,02,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,86,41,62,3f,5f,85,f0,4d,ba,e2,73,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ed,16,2d,59,2a,48,96,43,b5,1f,02,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\windows\system32\RegSrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\AGRSMMSG.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RunDll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-02-15 11:33:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-15 00:33
.
Pre-Run: 9,645,862,912 bytes free
Post-Run: 9,673,322,496 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1633F28BF553C533572541FFC55F582B

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
scanner sequence 3.AA.11.BRAPGJ
----- EOF -----

Cloudnine · Feb 16, 2012

Further to above, Incredibar has disappeared from Toolbars but I'm still having Google redirect issues.

Bobbye · Feb 17, 2012

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

Code:

File::
Folder::
c:\documents and settings\Administrator\Application Data\Incredibar.com
c:\program files\BFlix
C:\a6cf2f781aae66c5528c7397822a18
DDS::
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: BFlix Class: {0c9f4179-6ce2-4c6a-a3e5-67ff3592a12e} - c:\program files\bflix\BFlix.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - c:\program files\incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - c:\program files\incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=- 
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C9F4179-6CE2-4c6a-A3E5-67FF3592A12E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
RegLock::
[HKEY_USERS\S-1-5-21-2052111302-1060284298-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Delete this task: Update for Ask Toolbar

Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
To delete the task> right-click Update for Ask Toolbar> click Delete.
======================================
Go to Add/Remove Programs and uninstall any Ask entries.
Then use Windows Explorer to access Computer> Local Drive (C)> Programs> find folder for Ask and do a right click> Delete
==================================
Check all download screen for pre-checked items like toolbars or browser helper objects. Uncheck any before you download.
=================================
First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
Extract it to the directory on your hard drive you created C:\HijackThis.
Then navigate to that directory and double-click on the hijackthis.exe file.
When started click on the Scan button and then the Save Log button to create a log of your information.
The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Cloudnine · Feb 19, 2012

ComboFix 12-02-13.01 - Administrator 02/18/2012 14:38:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.279 [GMT 11:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\a6cf2f781aae66c5528c7397822a18
c:\a6cf2f781aae66c5528c7397822a18\amd64\filterpipelineprintproc.dll
c:\a6cf2f781aae66c5528c7397822a18\amd64\msxpsdrv.cat
c:\a6cf2f781aae66c5528c7397822a18\amd64\msxpsdrv.inf
c:\a6cf2f781aae66c5528c7397822a18\amd64\msxpsinc.gpd
c:\a6cf2f781aae66c5528c7397822a18\amd64\msxpsinc.ppd
c:\a6cf2f781aae66c5528c7397822a18\amd64\mxdwdrv.dll
c:\a6cf2f781aae66c5528c7397822a18\amd64\xpssvcs.dll
c:\a6cf2f781aae66c5528c7397822a18\i386\filterpipelineprintproc.dll
c:\a6cf2f781aae66c5528c7397822a18\i386\msxpsdrv.cat
c:\a6cf2f781aae66c5528c7397822a18\i386\msxpsdrv.inf
c:\a6cf2f781aae66c5528c7397822a18\i386\msxpsinc.gpd
c:\a6cf2f781aae66c5528c7397822a18\i386\msxpsinc.ppd
c:\a6cf2f781aae66c5528c7397822a18\i386\mxdwdrv.dll
c:\a6cf2f781aae66c5528c7397822a18\i386\xpssvcs.dll
c:\documents and settings\Administrator\Application Data\Incredibar.com
c:\program files\BFlix
c:\program files\BFlix\bflix.crx
c:\program files\BFlix\Bflix.dll
c:\program files\BFlix\onload.js
c:\program files\BFlix\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-18 to 2012-02-18 )))))))))))))))))))))))))))))))
.
.
2012-02-15 00:40 . 2012-02-15 00:40 -------- d-----w- c:\program files\ESET
2012-02-11 11:53 . 2012-02-11 11:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-11 11:52 . 2012-02-11 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-11 11:52 . 2012-02-11 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-11 11:52 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 10:19 . 2012-02-10 10:19 -------- d-----w- c:\program files\Windows Sidebar
2012-02-10 10:19 . 2012-02-10 10:19 449 ----a-w- C:\user.js
2012-02-10 10:17 . 2012-02-10 10:20 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-05 09:18 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2012-02-05 09:18 . 2012-02-11 11:19 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4
2012-02-05 09:18 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nero
2012-02-05 09:13 . 2012-02-05 09:14 -------- d-----w- c:\program files\Nero
2012-02-05 09:12 . 2012-02-05 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2012-02-05 09:12 . 2012-02-05 09:15 -------- d-----w- c:\program files\Common Files\Nero
2012-01-19 06:04 . 2012-01-19 06:04 -------- d-----w- c:\program files\MSBuild
2012-01-19 06:00 . 2012-01-19 06:33 -------- d-----w- c:\windows\system32\XPSViewer
2012-01-19 05:59 . 2012-01-19 05:59 -------- d-----w- c:\program files\Reference Assemblies
2012-01-19 05:58 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-01-19 05:58 . 2006-06-29 02:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-01-19 05:55 . 2012-01-19 05:55 -------- d-----w- c:\program files\Navman
2012-01-19 05:51 . 2012-01-19 05:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-04-17 95536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-10-22 86016]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 344064]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-26 88363]
"SoundMan"="SOUNDMAN.EXE" [2004-10-27 73728]
"ACUMon"="c:\program files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" [2004-02-23 217088]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2005-04-19 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2005-04-19 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2005-04-19 396288]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2005-04-19 208896]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2009-04-17 54576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-05-31 600928]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-26 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Unwired\\UwWiz.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"=
.
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [8/21/2008 9:11 AM 16384]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2011 9:24 PM 136360]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [6/1/2010 4:01 AM 367456]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [11/30/2006 10:23 AM 46108]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [12/6/2011 5:23 PM 18432]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [12/8/2006 11:29 AM 119296]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 06:57]
.
2008-08-20 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2008-08-20 15:38]
.
2012-02-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 03:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-BFlix - c:\program files\BFlix\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 14:48
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-02-18 14:51:18
ComboFix-quarantined-files.txt 2012-02-18 03:51
ComboFix2.txt 2012-02-15 00:33
.
Pre-Run: 9,360,187,392 bytes free
Post-Run: 9,475,780,608 bytes free
.
- - End Of File - - 1FF8D3B84E065CE15C2FE880F8179DC2

When removing Ask Toolbar through Add or Remove Programs, following message received:

Error 1905.Module C:\Program Files\Ask.com\GenericAsk Toolbar.dll failed
to unregister. HRESULT -2147220472. Contact your support personnel.

---------------------------------------------------------------

Couldn't find any Ask folder in C:\Program Files

---------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:31:20 AM, on 2/20/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Avira\AntiVir Desktop\avnotify.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACUMon] "C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe" -a
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [BLOG] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrator\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Administrator\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fujifilmimagine.com/imagine/ax/ImageUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1299310973505
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

--
End of file - 8575 bytes

Bobbye · Feb 20, 2012

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

Code:

File::
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Unwired\\UwWiz.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-
Clearjavacache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
2012-02-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-05-17 03:29]
This is probably the reason for the errors when trying to remove the AskBar. There is a Scheduled Tasks for it which must be deleted:
Opening scheduled tasks to modify or delete them:
Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

To change the settings for a task: right-click the Task> click Properties> do the following:
[*] To delete a task> right-click the task> click Delete.
c:\windows\Tasks\Scheduled Update for Ask Toolbar

======================================
Regarding HijackThis: you did not set up the Directory for HJT per the instructions:
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

That means there there is no backup in the temp file where you have it. That means if something is removed in HJT in error, there is no backup to recover it. Please uninstall the HJT program and log you have now. Then follow the instructions to create the directory:

First, set up a Directory for HijackThis as follows:
Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
-----------------------------------------
Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.

Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'

Extract it to the directory on your hard drive you created C:\HijackThis.

Then navigate to that directory and double-click on the hijackthis.exe file.

When started click on the Scan button and then the Save Log button to create a log of your information.

The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad

Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

Bobbye · Feb 25, 2012

Are you going to finish?

Inactive Need help removing Incredibar

Cloudnine

Posts: 17 +0

Bobbye

Posts: 16,313 +36

Cloudnine

Posts: 17 +0

Cloudnine

Posts: 17 +0

Bobbye

Posts: 16,313 +36

Cloudnine

Posts: 17 +0

Bobbye

Posts: 16,313 +36

Bobbye

Posts: 16,313 +36

Similar threads

Latest posts