a hijacker keeps reappearing with each S&D scan

[ken545]

I need to look over your new log very carefully to make sure nothing was missed, I wont be back online until noon, in the meantime run this program


Please download Malwarebytes from Here or Here

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
  
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected .
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the report please


If nothing was found than no need for the log but post it if it did find threats, also let me know how your system is behaving now ??

[outpouring]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.13.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Authorized User :: AUTHORIZ-28629F [administrator]

4/13/2013 5:12:11 PM
mbam-log-2013-04-13 (17-12-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 258323
Time elapsed: 9 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.IBryte) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Authorized User\My Documents\Downloads\Setup.exe (PUP.IBryte) -> Quarantined and deleted successfully.

(end)

Seems like everything is running fine. Just curious why a PUP.lBryte just showed up after downloading Malwarebytes

[ken545]

Hi,

Looks like some of the other scanners likr DDS and OTL did not pick it up, Malwarebytes is a reputable program so not to worry


ESET Scanner Grahpics

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   
   1. Click on to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the icon on your desktop.
   
   
4. Check
5. Click the button.
6. Accept any security warnings from your browser.
7. Check
8. Make sure that the option "Remove found threats" is Unchecked
9. Push the Start button.
10. ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
11. When the scan completes, push
12. Push , and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
13. Push the button.
14. Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

[ken545]

Still with me ?

[outpouring]

sorry it took me so long. I hope your still there.

[ken545]

Good Morning,

All ESET found was that bad file but it was in the Recovery folder in Spybot. Open Spybot and go to Recovery tab, open it and delete everything inside but not the folder itself. Let me know if you where able to do this.

[ken545]

Still with me, how are things running now ?

[outpouring]

Hi Ken
sorry it took so long to get back to you but my mother board died. Luckily my tech guy had a spare one that worked great for my computer. Just had to update some drivers. Don't know what happened. I guess it was just too old. Anyway, I went into Spybot and clicked on Recovery then selected everything in there and deleted all the selected items. I will run Spybot later to see how everything is. I have an appointment soon and it takes quite a while to do the scan. I'll let you know how it turns out soon ok.

[outpouring]

Ok I ran the spybot scan and again it showed the incredimail HijackersC: IncrediBar: [SBI $43928D57] Program directory (Directory, nothing done)
C:\Documents and Settings\Authorized User\Local Settings\Temp\ImInstaller\

I even tried to delete the file from the ImInstaller folder, but it still comes back.

[ken545]

Sorry you had problems, just like cars computers start getting old and things start failing, you never know.

Is incredibar showing up for you to use, your just showing a file in a temp folder.


Boot to Safemode and open the temp folder and delete everything inside but not the folder itself.
C:\Documents and Settings\Authorized User\Local Settings\Temp

Still in safemode run this cleaner

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean