I have been trying to keep my computer clean using different software like Advance System Care, Spybot S&D, Disc Clean Up, CCleaner. I however have a reaccuring hacker so to speak continue to reappear after the clean. It always showes up when I do the Spybot scan. I did a scan this morning, fixed it and did it again not to long ago and there it was again. this is what it says:
Search result list ---
IncrediBar: [SBI $43928D57] Program directory
C:\Documents and Settings\Authorized User\Local Settings\Temp\ImInstaller\
I saved a full .txt file of the S&R scan. I also have the DDS and the AswMBR.txt saved which I am attaching for you to review. I did not see anything like what I got from the S&R scan in the DDS or ASWMBR, but maybe I don't know what to be looking for.
I have downloaded ERUNT I have Windows XP Professional 32-bit SP3, Firefox vs 19.02 and IE8
I don't know how to keep the Incredibar ImInstaller from coming back. I have done much of what was suggested on this site but shy away from the registry. I did not find the word MyStart connected to the incredibar directory that S&R picked up.
thanks for your kind concideration.
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-06 16:11:47
-----------------------------
16:11:47.796 OS Version: Windows 5.1.2600 Service Pack 3
16:11:47.796 Number of processors: 2 586 0xF06
16:11:47.796 ComputerName: AUTHORIZ-28629F UserName: Authorized User
16:11:48.468 Initialize success
16:12:21.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-12
16:12:21.234 Disk 0 Vendor: WDC_WD2500JS-00MHB0 02.01C03 Size: 238475MB BusType: 3
16:12:21.390 Disk 0 MBR read successfully
16:12:21.390 Disk 0 MBR scan
16:12:21.390 Disk 0 Windows XP default MBR code
16:12:21.406 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63
16:12:21.406 Disk 0 scanning sectors +488376000
16:12:21.484 Disk 0 scanning C:\WINDOWS\system32\drivers
16:12:30.968 Service scanning
16:12:33.718 Service GMSIPCI D:\INSTALL\GMSIPCI.SYS **LOCKED** 21
16:12:35.750 Service MpKsle761535a c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EBE9935-4D22-4EDB-958C-DEF884A4DA44}\MpKsle761535a.sys **LOCKED** 32
16:12:35.921 Service MSICPL D:\install4\MSICPL.sys **LOCKED** 21
16:12:36.859 Service NTACCESS D:\NTACCESS.sys **LOCKED** 21
16:12:39.031 Service SetupNTGLM7X D:\NTGLM7X.sys **LOCKED** 21
16:12:42.296 Modules scanning
16:12:47.984 Disk 0 trace - called modules:
16:12:48.000 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
16:12:48.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f38ab8]
16:12:48.031 3 CLASSPNP.SYS[f75cefd7] -> nt!IofCallDriver -> \Device\0000006b[0x86f0d9e8]
16:12:48.031 5 ACPI.sys[f7445620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-12[0x86f3cb00]
16:12:48.046 Scan finished successfully
16:14:46.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Authorized User\Desktop\MBR.dat"
16:14:46.562 The log file has been saved successfully to "C:\Documents and Settings\Authorized User\Desktop\aswMBR.txt"