Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is full of virus and I am not able to removed them and hav


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you place the main FRST programme on the desktop along with the fixlist.txt then run FRST and press fix

Capture.JPG
  • 0

Advertisements


#17
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
URLSearchHook: HKCU - (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File
BHO: No Name -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> No File
BHO: No Name -> {9359da42-06fb-46f2-9e4a-05c05b98a5ef} -> No File
BHO: No Name -> {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -> No File
Toolbar: HKLM - No Name - {3775afd7-5921-4571-968f-85a631203d1c} - No File
Toolbar: HKLM - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File
Toolbar: HKCU - No Name - {3775AFD7-5921-4571-968F-85A631203D1C} - No File
FF Plugin: @InboxAce_1g.com/Plugin -> C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File
2014-09-15 20:58 - 2014-09-17 11:10 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\SparkTrust
2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\DriverCure
2014-09-15 20:52 - 2014-09-17 11:10 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00001117 _____ () C:\Users\JIMS\Desktop\SparkTrust PC Cleaner Plus.lnk
2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\ProgramData\SparkTrust
2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\SparkTrust
2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\Common Files\SparkTrust
2014-09-15 20:51 - 2014-09-15 20:51 - 06764848 _____ (SparkTrust) C:\Users\JIMS\Downloads\SparkTrust PC Cleaner Plus Setup_da1e7de_.exe
2014-09-17 11:10 - 2014-09-15 20:58 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job
2014-09-17 11:10 - 2014-09-15 20:52 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job
2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job
2014-09-12 22:11 - 2013-11-19 02:37 - 00000000 ____D () C:\Program Files\InboxAce_1g
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9D88B2C9-57C2-45EB-B375-6E4FF6D2F3D1} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {C6A38807-0D1C-4C2D-B613-39EF2C27FCE0} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION
Task: {D1813E9B-3C54-4F19-8FB8-8CF75424DF4B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION
Task: {D9F32586-21E9-4B05-BE83-439BBE9E8AB8} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION
Task: {EEDB06D4-8D65-45AE-897D-80E8906A9ED2} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION
TDL4: custom:26000022 <===== ATTENTION!
EmptyTemp:
CMD: bitsadmin /reset /allusers
 

 


  • 0

#18
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

 i tried  to take a screen shot of desktop  to show that I have done everything you have asked of me to do...but i am not able to do so .....


  • 0

#19
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try this

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#20
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
# AdwCleaner v3.310 - Report created 24/09/2014 at 16:45:14
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : JIMS - JIM-PC
# Running from : C:\Users\JIMS\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\PriceGong
Folder Deleted : C:\Program Files\InboxAce_1g
Folder Deleted : C:\Users\JIMS\AppData\Local\InboxAce_1g
Folder Deleted : C:\Users\JIMS\AppData\LocalLow\iac
Folder Deleted : C:\Users\JIMS\AppData\LocalLow\InboxAce_1g
Folder Deleted : C:\Users\JIMS\AppData\Roaming\DriverCure
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3775AFD7-5921-4571-968F-85A631203D1C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3775AFD7-5921-4571-968F-85A631203D1C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\JIMS\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5576 octets] - [24/09/2014 16:43:04]
AdwCleaner[S0].txt - [5625 octets] - [24/09/2014 16:45:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5685 octets] ##########
 
i did download ad ware and select clean ..but i still am having popups saying i have issues.....

  • 0

#21
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
# AdwCleaner v3.310 - Report created 24/09/2014 at 17:02:01
# Updated 12/09/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : JIMS - JIM-PC
# Running from : C:\Users\JIMS\Downloads\AdwCleaner (3).exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16575
 
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\JIMS\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5576 octets] - [24/09/2014 16:43:04]
AdwCleaner[R1].txt - [729 octets] - [24/09/2014 17:02:01]
AdwCleaner[S0].txt - [5765 octets] - [24/09/2014 16:45:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [848 octets] ##########

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What are the popups that you are getting ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#23
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

I went to download link 1..but i get an error saying this web page not available and to reload.... but link 2 works just fine but  it is in Spanish...


  • 0

#24
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

i download link 2 and i am having it translate it..


  • 0

#25
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts
ComboFix 14-09-22.01 - JIMS 09/26/2014  17:47:57.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2039.699 [GMT -5:00]
Running from: c:\users\JIMS\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-26 to 2014-09-26  )))))))))))))))))))))))))))))))
.
.
2014-09-26 23:05 . 2014-09-26 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-26 23:05 . 2014-09-26 23:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-09-26 21:15 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C0D3839-D51F-45ED-9137-F98689F5EB6C}\mpengine.dll
2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\users\JIMS\AppData\Roaming\MyTurboPC.com
2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\users\JIMS\AppData\Roaming\DriverCure
2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\program files\Common Files\MyTurboPC.com
2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\programdata\MyTurboPC.com
2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\program files\MyTurboPC.com
2014-09-24 21:42 . 2014-09-24 22:04 -------- d-----w- C:\AdwCleaner
2014-09-20 09:58 . 2014-09-20 09:58 -------- d-----w- c:\windows\Migration
2014-09-17 16:21 . 2014-09-24 08:18 -------- d-----w- C:\FRST
2014-09-16 01:53 . 2014-09-16 01:53 -------- d-----w- c:\users\JIMS\AppData\Roaming\SparkTrust
2014-09-16 01:52 . 2014-09-24 04:43 -------- d-----w- c:\programdata\SparkTrust
2014-09-13 09:14 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-13 09:14 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-13 09:14 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe
2014-09-13 09:14 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-13 09:06 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-09-13 09:06 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-09-13 03:48 . 2014-09-13 03:48 -------- d-----w- c:\program files\CCleaner
2014-09-13 03:22 . 2014-09-13 03:22 -------- d-----w- c:\programdata\Cisco Systems
2014-09-12 22:55 . 2014-09-24 22:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-12 22:55 . 2014-09-24 05:23 -------- d-----w- c:\program files\Spybot - Search & Destroy
2014-09-12 22:25 . 2014-09-12 22:25 -------- d-----w- c:\users\JIMS\AppData\Roaming\AVAST Software
2014-09-12 22:19 . 2014-04-26 16:01 502784 ----a-w- c:\windows\system32\usp10.dll
2014-09-12 22:19 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll
2014-09-12 22:18 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll
2014-09-12 22:18 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll
2014-09-12 22:18 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe
2014-09-12 22:18 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll
2014-09-12 22:18 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-09-12 22:18 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-09-12 22:18 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-09-12 22:18 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-09-12 22:17 . 2014-04-05 02:42 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-09-12 22:17 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2014-09-12 22:17 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-09-12 22:17 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2014-09-12 22:16 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-09-12 22:16 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-09-12 22:16 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-09-12 22:16 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-09-12 22:16 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll
2014-09-12 22:16 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll
2014-09-12 22:15 . 2014-07-08 00:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-12 22:13 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2014-09-12 22:11 . 2014-09-12 22:26 -------- d-----w- c:\users\JIMS\AppData\Local\Google
2014-09-12 22:11 . 2014-09-12 22:15 -------- d-----w- c:\program files\Google
2014-09-12 22:11 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll
2014-09-12 22:11 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-09-12 22:09 . 2014-09-12 22:09 -------- d-----w- c:\program files\AVAST Software
2014-09-12 22:07 . 2014-09-12 22:09 -------- d-----w- c:\programdata\AVAST Software
2014-09-12 21:53 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll
2014-09-12 21:45 . 2014-09-12 21:45 -------- d-----w- c:\program files\Microsoft.NET
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-24 00:58 . 2013-02-15 23:34 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 00:57 . 2013-02-15 23:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 14:06 . 2013-02-15 22:50 231568 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-12 22:09 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-12 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 04:59 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 00:58]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-12 22:11]
.
2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-12 22:11]
.
2014-09-26 c:\windows\Tasks\MyTurboPC Startup.job
- c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-11 02:23]
.
2014-09-26 c:\windows\Tasks\MyTurboPC.com Registration3.job
- c:\program files\Common Files\MyTurboPC.com\UUS3\UUS3.dll [2014-05-11 02:24]
.
2014-09-24 c:\windows\Tasks\MyTurboPC.com Update3.job
- c:\program files\common files\myturbopc.com\uus3\Update3.exe [2014-05-11 02:24]
.
2014-09-24 c:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job
- c:\program files\common files\myturbopc.com\uus3\Update3.exe [2014-05-11 02:24]
.
2014-09-26 c:\windows\Tasks\MyTurboPC_sch_6F74FA2F-443E-11E4-8CCC-001E903ED46D.job
- c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-11 02:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ShopAtHomeWatcher - c:\users\JIMS\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
HKLM-Run-ShopAtHomeUpdater - c:\users\JIMS\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-09-26 18:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
.
c:\users\JIMS\AppData\Local\Temp\~DF194E.tmp 32768 bytes
c:\users\JIMS\AppData\Local\Temp\~DF1C52.tmp 16384 bytes
c:\users\JIMS\AppData\Local\Temp\~DF96B5.tmp 16384 bytes
c:\users\JIMS\AppData\Local\Temp\~DFAF66.tmp 512 bytes
c:\users\JIMS\AppData\Local\Temp\~DFBCD5.tmp 16384 bytes
c:\users\JIMS\AppData\Local\Temp\~DFD579.tmp 16384 bytes
C:\avast! sandbox
.
scan completed successfully
hidden files: 7
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2014-09-26  18:11:38
ComboFix-quarantined-files.txt  2014-09-26 23:11
.
Pre-Run: 150,140,203,008 bytes free
Post-Run: 150,065,119,232 bytes free
.
- - End Of File - - 2792222F6BD5E5A11DEEDD4B843017E5
5C616939100B85E558DA92B899A0FC36

  • 0

Advertisements


#26
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

the errors that is poping up is..

 

object: http://26714.tc.adlinker.net

 

Infection : URL: MAL

 

PROCESS:C:\Programs Files\...Avastsuc.exe

 

 

object: http://mc3.adlinker.info/search?id=

 

infection:URL:MAL

 

processC:\\windows\system32\dllhost.exe


  • 0

#27
leahcase

leahcase

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 229 posts

 are you still there...


  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to have downloaded some speed enhancement programmes which are causing the alerts

Download the latest version of adwCleaner

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP