Results 1 to 3 of 3

Thread: Can't remove Incredibar in Windows 7

  1. #1
    Junior Member
    Join Date
    Oct 2011
    Posts
    24

    Exclamation Can't remove Incredibar in Windows 7

    I am running Windows 7. Spybot S&D found Incredibar. I have run Incredibar with an without Malwarebytes. I ran Spybot in Safe Mode and it removed Incredibar, but when I rebooted the computer and re-ran Spybot, it was back again.

    I have also removed 2 folders - HKEY_LOCAL_MACHINE/SOFTWARE/IBUpdater & HKEY_LOCAL_MACHINE/SOFTWARE/WebAssistant

    My computer tech advised installing and running CCleaner and REVOUninstaller, but neither has seemed to correct the problem.

    I now have removed the checkmark next to TeaTimer, attached the attach.txt zip file, included the Spybot log, the DDS log and the aswMBR log.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16464
    Run by Kyle at 13:50:24 on 2013-03-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2737 [GMT -4:00]
    .
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Kyle\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ebay.com/
    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
    mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: EpicPlay Games: {56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - C:\Program Files (x86)\EpicPlay\epicPlayGames.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
    uRun: [Google Update] "C:\Users\Kyle\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    StartupFolder: C:\Users\Kyle\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4D08D5EF-61D7-4381-9D88-9771B4EF835F} : DHCPNameServer = 209.18.47.61 209.18.47.62
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
    x64-mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=et1352g&r=17360411n103p0464v125r47i1t22q
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\hy0voqcp.default\
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Kyle\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: 2013-01-24 09:38; {336D0C35-8A85-403a-B9D2-65C292C39087}; C:\Program Files\Web Assistant\Firefox
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-4-29 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-6-10 243232]
    R3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2011-12-8 1847296]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-3-9 31800]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-2 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-03-11 17:19:16 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-09 17:59:33 -------- d-----w- C:\Users\Kyle\AppData\Local\VS Revo Group
    2013-03-09 17:59:29 -------- d-----w- C:\ProgramData\VS Revo Group
    2013-03-09 17:59:28 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
    2013-03-09 17:59:26 -------- d-----w- C:\Program Files\VS Revo Group
    2013-03-09 17:47:03 -------- d-----w- C:\Program Files\CCleaner
    2013-03-06 02:23:57 -------- d-----w- C:\Users\Kyle\AppData\Local\Mozilla
    2013-02-20 03:32:42 25256736 ----a-w- C:\Windows\System32\nvcompiler.dll
    2013-02-17 14:59:09 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-17 14:59:09 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-17 14:56:52 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2013-02-17 14:56:51 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-17 14:56:50 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2013-02-17 14:56:49 3153408 ----a-w- C:\Windows\System32\win32k.sys
    2013-02-17 14:56:47 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2013-02-17 14:56:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2013-02-17 14:56:46 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2013-02-17 14:56:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2013-02-17 14:56:46 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2013-02-17 14:56:46 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2013-02-17 14:56:25 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-02-17 14:56:24 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ==================== Find3M ====================
    .
    2013-01-31 09:25:24 6207776 ----a-w- C:\Windows\System32\nvcpl.dll
    2013-01-31 09:25:24 3300640 ----a-w- C:\Windows\System32\nvsvc64.dll
    2013-01-31 09:24:59 878368 ----a-w- C:\Windows\System32\nvvsvc.exe
    2013-01-31 09:24:58 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2013-01-31 09:24:58 2558240 ----a-w- C:\Windows\System32\nvsvcr.dll
    2013-01-31 09:24:58 118560 ----a-w- C:\Windows\System32\nvmctray.dll
    2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
    2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-12-26 15:18:45 0 ----a-w- C:\Windows\SysWow64\sho2E66.tmp
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    .
    ============= FINISH: 13:50:43.33 ===============
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-03-12 14:10:27
    -----------------------------
    14:10:27.996 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:10:27.997 Number of processors: 2 586 0x603
    14:10:27.998 ComputerName: KYLE-PC UserName: Kyle
    14:10:30.026 Initialize success
    14:11:33.809 AVAST engine defs: 13031200
    14:16:03.712 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000058
    14:16:03.718 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3
    14:16:03.733 Disk 0 MBR read successfully
    14:16:03.739 Disk 0 MBR scan
    14:16:03.748 Disk 0 Windows 7 default MBR code
    14:16:03.760 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
    14:16:03.777 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
    14:16:03.785 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 593994 MB offset 33761280
    14:16:03.807 Disk 0 scanning C:\Windows\system32\drivers
    14:16:12.154 Service scanning
    14:16:30.713 Modules scanning
    14:16:30.732 Disk 0 trace - called modules:
    14:16:30.749 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
    14:16:30.756 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80045de060]
    14:16:30.763 3 CLASSPNP.SYS[fffff8800195843f] -> nt!IofCallDriver -> [0xfffffa80041b9040]
    14:16:30.770 5 ACPI.sys[fffff88000f407a1] -> nt!IofCallDriver -> \Device\00000058[0xfffffa80041ba1e0]
    14:16:32.337 AVAST engine scan C:\Windows
    14:16:35.312 AVAST engine scan C:\Windows\system32
    14:19:07.335 AVAST engine scan C:\Windows\system32\drivers
    14:19:18.443 AVAST engine scan C:\Users\Kyle
    14:20:16.448 File: C:\Users\Kyle\AppData\Roaming\Adobe\Adobe\ezbdzgg.dll **INFECTED** Win32:Crypt-MKC [Trj]
    14:20:42.067 AVAST engine scan C:\ProgramData
    14:21:36.571 Scan finished successfully
    14:22:14.322 Disk 0 MBR has been saved successfully to "C:\Users\Kyle\Desktop\MBR.dat"
    14:22:14.327 The log file has been saved successfully to "C:\Users\Kyle\Desktop\aswMBR.txt"




    IncrediBar: [SBI $43928D57] Program directory (Directory, nothing done)
    C:\Users\Kyle\Local Settings\Temp\ImInstaller\


    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2012-03-12 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2012-12-18 Includes\Adware.sbi (*)
    2013-03-05 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2012-11-14 Includes\Dialer.sbi (*)
    2012-11-14 Includes\DialerC.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2012-11-14 Includes\Hijackers.sbi (*)
    2012-11-14 Includes\HijackersC.sbi (*)
    2012-11-14 Includes\iPhone.sbi (*)
    2012-11-14 Includes\Keyloggers.sbi (*)
    2012-12-18 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2012-11-21 Includes\Malware.sbi (*)
    2013-03-05 Includes\MalwareC.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2013-02-05 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-11-14 Includes\Security.sbi (*)
    2012-11-14 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-11-14 Includes\Spyware.sbi (*)
    2012-11-14 Includes\SpywareC.sbi (*)
    2012-11-19 Includes\Tracks.uti
    2013-01-16 Includes\Trojans.sbi (*)
    2013-02-25 Includes\TrojansC-02.sbi (*)
    2013-03-05 Includes\TrojansC-03.sbi (*)
    2013-03-04 Includes\TrojansC-04.sbi (*)
    2013-02-28 Includes\TrojansC-05.sbi (*)
    2013-03-01 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •