[Essexboy]

Could you place the main FRST programme on the desktop along with the fixlist.txt then run FRST and press fix

[Advertisements]

URLSearchHook: HKCU - (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File

BHO: No Name -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> No File

BHO: No Name -> {9359da42-06fb-46f2-9e4a-05c05b98a5ef} -> No File

BHO: No Name -> {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -> No File

Toolbar: HKLM - No Name - {3775afd7-5921-4571-968f-85a631203d1c} - No File

Toolbar: HKLM - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File

Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File

Toolbar: HKCU - No Name - {3775AFD7-5921-4571-968F-85A631203D1C} - No File

FF Plugin: @InboxAce_1g.com/Plugin -> C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File

2014-09-15 20:58 - 2014-09-17 11:10 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job

2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\SparkTrust

2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\DriverCure

2014-09-15 20:52 - 2014-09-17 11:10 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00001117 _____ () C:\Users\JIMS\Desktop\SparkTrust PC Cleaner Plus.lnk

2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\ProgramData\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\Common Files\SparkTrust

2014-09-15 20:51 - 2014-09-15 20:51 - 06764848 _____ (SparkTrust) C:\Users\JIMS\Downloads\SparkTrust PC Cleaner Plus Setup_da1e7de_.exe

2014-09-17 11:10 - 2014-09-15 20:58 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job

2014-09-17 11:10 - 2014-09-15 20:52 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job

2014-09-12 22:11 - 2013-11-19 02:37 - 00000000 ____D () C:\Program Files\InboxAce_1g

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {9D88B2C9-57C2-45EB-B375-6E4FF6D2F3D1} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION

Task: {C6A38807-0D1C-4C2D-B613-39EF2C27FCE0} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION

Task: {D1813E9B-3C54-4F19-8FB8-8CF75424DF4B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION

Task: {D9F32586-21E9-4B05-BE83-439BBE9E8AB8} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION

Task: {EEDB06D4-8D65-45AE-897D-80E8906A9ED2} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

TDL4: custom:26000022 <===== ATTENTION!

EmptyTemp:

CMD: bitsadmin /reset /allusers

 

 

[leahcase]

URLSearchHook: HKCU - (No Name) - {5fdb0cd8-5760-44d1-8d13-a78bf558c3c7} - C:\Program Files\InboxAce_1g\bar\1.bin\1gSrcAs.dll No File

BHO: No Name -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> No File

BHO: No Name -> {9359da42-06fb-46f2-9e4a-05c05b98a5ef} -> No File

BHO: No Name -> {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -> No File

Toolbar: HKLM - No Name - {3775afd7-5921-4571-968f-85a631203d1c} - No File

Toolbar: HKLM - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File

Toolbar: HKCU - No Name - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - No File

Toolbar: HKCU - No Name - {3775AFD7-5921-4571-968F-85A631203D1C} - No File

FF Plugin: @InboxAce_1g.com/Plugin -> C:\Program Files\InboxAce_1g\bar\1.bin\NP1gStub.dll No File

2014-09-15 20:58 - 2014-09-17 11:10 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job

2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\SparkTrust

2014-09-15 20:53 - 2014-09-15 20:53 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\DriverCure

2014-09-15 20:52 - 2014-09-17 11:10 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00001117 _____ () C:\Users\JIMS\Desktop\SparkTrust PC Cleaner Plus.lnk

2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Users\JIMS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\ProgramData\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\SparkTrust

2014-09-15 20:52 - 2014-09-15 20:52 - 00000000 ____D () C:\Program Files\Common Files\SparkTrust

2014-09-15 20:51 - 2014-09-15 20:51 - 06764848 _____ (SparkTrust) C:\Users\JIMS\Downloads\SparkTrust PC Cleaner Plus Setup_da1e7de_.exe

2014-09-17 11:10 - 2014-09-15 20:58 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Registration3.job

2014-09-17 11:10 - 2014-09-15 20:52 - 00000619 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000572 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job

2014-09-15 20:52 - 2014-09-15 20:52 - 00000396 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job

2014-09-12 22:11 - 2013-11-19 02:37 - 00000000 ____D () C:\Program Files\InboxAce_1g

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {9D88B2C9-57C2-45EB-B375-6E4FF6D2F3D1} - System32\Tasks\SparkTrust Update Version3 => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION

Task: {C6A38807-0D1C-4C2D-B613-39EF2C27FCE0} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION

Task: {D1813E9B-3C54-4F19-8FB8-8CF75424DF4B} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION

Task: {D9F32586-21E9-4B05-BE83-439BBE9E8AB8} - System32\Tasks\SparkTrust Update Version3_triggeronce => c:\program files\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION

Task: {EEDB06D4-8D65-45AE-897D-80E8906A9ED2} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_2A40F175-3D44-11E4-88A4-001E903ED46D.job => C:\Program Files\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files\common files\sparktrust\uus3\Update3.exe <==== ATTENTION

TDL4: custom:26000022 <===== ATTENTION!

EmptyTemp:

CMD: bitsadmin /reset /allusers

 

 

[leahcase]

 i tried  to take a screen shot of desktop  to show that I have done everything you have asked of me to do...but i am not able to do so .....

[Essexboy]

OK lets try this

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[leahcase]

# AdwCleaner v3.310 - Report created 24/09/2014 at 16:45:14

# Updated 12/09/2014 by Xplode

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : JIMS - JIM-PC

# Running from : C:\Users\JIMS\Downloads\AdwCleaner (1).exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\PriceGong

Folder Deleted : C:\Program Files\InboxAce_1g

Folder Deleted : C:\Users\JIMS\AppData\Local\InboxAce_1g

Folder Deleted : C:\Users\JIMS\AppData\LocalLow\iac

Folder Deleted : C:\Users\JIMS\AppData\LocalLow\InboxAce_1g

Folder Deleted : C:\Users\JIMS\AppData\Roaming\DriverCure

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler

Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils

Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper

Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook

Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9359DA42-06FB-46F2-9E4A-05C05B98A5EF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3775AFD7-5921-4571-968F-85A631203D1C}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3775AFD7-5921-4571-968F-85A631203D1C}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{5FDB0CD8-5760-44D1-8D13-A78BF558C3C7}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16575

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\JIMS\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5576 octets] - [24/09/2014 16:43:04]

AdwCleaner[S0].txt - [5625 octets] - [24/09/2014 16:45:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5685 octets] ##########

 

i did download ad ware and select clean ..but i still am having popups saying i have issues.....

[leahcase]

# AdwCleaner v3.310 - Report created 24/09/2014 at 17:02:01

# Updated 12/09/2014 by Xplode

# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# Username : JIMS - JIM-PC

# Running from : C:\Users\JIMS\Downloads\AdwCleaner (3).exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Scheduled Tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16575

 

 

-\\ Google Chrome v37.0.2062.120

 

[ File : C:\Users\JIMS\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [5576 octets] - [24/09/2014 16:43:04]

AdwCleaner[R1].txt - [729 octets] - [24/09/2014 17:02:01]

AdwCleaner[S0].txt - [5765 octets] - [24/09/2014 16:45:14]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [848 octets] ##########

[Essexboy]

What are the popups that you are getting ?

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

• Double click on ComboFix.exe & follow the prompts.
• Accept the disclaimer and allow to update if it asks
  
  http://img.photobuck...claimer_ENG.png

• When finished, it shall produce a log for you.
• Please include the C:\ComboFix.txt in your next reply.
• Notes:
  1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.
  
  
  Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

[leahcase]

I went to download link 1..but i get an error saying this web page not available and to reload.... but link 2 works just fine but  it is in Spanish...

[leahcase]

i download link 2 and i am having it translate it..

[leahcase]

ComboFix 14-09-22.01 - JIMS 09/26/2014  17:47:57.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2039.699 [GMT -5:00]

Running from: c:\users\JIMS\Downloads\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\Packet.dll

c:\windows\system32\pthreadVC.dll

c:\windows\system32\WanPacket.dll

c:\windows\system32\wpcap.dll

.

.

(((((((((((((((((((((((((   Files Created from 2014-08-26 to 2014-09-26  )))))))))))))))))))))))))))))))

.

.

2014-09-26 23:05 . 2014-09-26 23:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-09-26 23:05 . 2014-09-26 23:05 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2014-09-26 21:15 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9C0D3839-D51F-45ED-9137-F98689F5EB6C}\mpengine.dll

2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\users\JIMS\AppData\Roaming\MyTurboPC.com

2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\users\JIMS\AppData\Roaming\DriverCure

2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\program files\Common Files\MyTurboPC.com

2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\programdata\MyTurboPC.com

2014-09-24 22:59 . 2014-09-24 22:59 -------- d-----w- c:\program files\MyTurboPC.com

2014-09-24 21:42 . 2014-09-24 22:04 -------- d-----w- C:\AdwCleaner

2014-09-20 09:58 . 2014-09-20 09:58 -------- d-----w- c:\windows\Migration

2014-09-17 16:21 . 2014-09-24 08:18 -------- d-----w- C:\FRST

2014-09-16 01:53 . 2014-09-16 01:53 -------- d-----w- c:\users\JIMS\AppData\Roaming\SparkTrust

2014-09-16 01:52 . 2014-09-24 04:43 -------- d-----w- c:\programdata\SparkTrust

2014-09-13 09:14 . 2014-06-26 22:17 99480 ----a-w- c:\windows\system32\infocardapi.dll

2014-09-13 09:14 . 2014-06-26 22:17 8856 ----a-w- c:\windows\system32\icardres.dll

2014-09-13 09:14 . 2014-06-26 22:17 619664 ----a-w- c:\windows\system32\icardagt.exe

2014-09-13 09:14 . 2014-06-06 04:28 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe

2014-09-13 09:06 . 2014-08-22 23:26 2054656 ----a-w- c:\windows\system32\win32k.sys

2014-09-13 09:06 . 2014-08-23 01:03 297984 ----a-w- c:\windows\system32\gdi32.dll

2014-09-13 03:48 . 2014-09-13 03:48 -------- d-----w- c:\program files\CCleaner

2014-09-13 03:22 . 2014-09-13 03:22 -------- d-----w- c:\programdata\Cisco Systems

2014-09-12 22:55 . 2014-09-24 22:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2014-09-12 22:55 . 2014-09-24 05:23 -------- d-----w- c:\program files\Spybot - Search & Destroy

2014-09-12 22:25 . 2014-09-12 22:25 -------- d-----w- c:\users\JIMS\AppData\Roaming\AVAST Software

2014-09-12 22:19 . 2014-04-26 16:01 502784 ----a-w- c:\windows\system32\usp10.dll

2014-09-12 22:19 . 2014-06-02 10:31 2263552 ----a-w- c:\windows\system32\msi.dll

2014-09-12 22:18 . 2014-06-02 10:30 1993728 ----a-w- c:\windows\system32\authui.dll

2014-09-12 22:18 . 2014-06-02 10:30 33280 ----a-w- c:\windows\system32\appinfo.dll

2014-09-12 22:18 . 2014-06-02 08:56 82432 ----a-w- c:\windows\system32\consent.exe

2014-09-12 22:18 . 2014-06-02 10:31 332800 ----a-w- c:\windows\system32\msihnd.dll

2014-09-12 22:18 . 2014-06-02 10:31 1218048 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2014-09-12 22:18 . 2014-06-02 10:30 937472 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2014-09-12 22:18 . 2014-06-02 10:30 983552 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2014-09-12 22:18 . 2014-06-02 10:30 965120 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2014-09-12 22:17 . 2014-04-05 02:42 905664 ----a-w- c:\windows\system32\drivers\tcpip.sys

2014-09-12 22:17 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll

2014-09-12 22:17 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys

2014-09-12 22:17 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys

2014-09-12 22:16 . 2014-06-07 02:08 1305088 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll

2014-09-12 22:16 . 2014-06-07 02:08 149504 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll

2014-09-12 22:16 . 2014-06-07 02:08 114688 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll

2014-09-12 22:16 . 2014-06-14 00:44 638400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2014-09-12 22:16 . 2014-06-14 00:33 37376 ----a-w- c:\windows\system32\cdd.dll

2014-09-12 22:16 . 2014-06-06 08:59 506880 ----a-w- c:\windows\system32\qedit.dll

2014-09-12 22:15 . 2014-07-08 00:46 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-12 22:13 . 2014-05-30 06:53 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2014-09-12 22:11 . 2014-09-12 22:26 -------- d-----w- c:\users\JIMS\AppData\Local\Google

2014-09-12 22:11 . 2014-09-12 22:15 -------- d-----w- c:\program files\Google

2014-09-12 22:11 . 2014-03-10 01:22 1401344 ----a-w- c:\windows\system32\msxml6.dll

2014-09-12 22:11 . 2014-03-10 01:22 1248768 ----a-w- c:\windows\system32\msxml3.dll

2014-09-12 22:09 . 2014-09-12 22:09 -------- d-----w- c:\program files\AVAST Software

2014-09-12 22:07 . 2014-09-12 22:09 -------- d-----w- c:\programdata\AVAST Software

2014-09-12 21:53 . 2014-01-30 07:46 876032 ----a-w- c:\windows\system32\wer.dll

2014-09-12 21:45 . 2014-09-12 21:45 -------- d-----w- c:\program files\Microsoft.NET

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-24 00:58 . 2013-02-15 23:34 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-09-24 00:57 . 2013-02-15 23:34 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-09-15 14:06 . 2013-02-15 22:50 231568 ------w- c:\windows\system32\MpSigStub.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-09-12 22:09 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-12 4085896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-09-25 04:59 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-15 00:58]

.

2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-12 22:11]

.

2014-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-12 22:11]

.

2014-09-26 c:\windows\Tasks\MyTurboPC Startup.job

- c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-11 02:23]

.

2014-09-26 c:\windows\Tasks\MyTurboPC.com Registration3.job

- c:\program files\Common Files\MyTurboPC.com\UUS3\UUS3.dll [2014-05-11 02:24]

.

2014-09-24 c:\windows\Tasks\MyTurboPC.com Update3.job

- c:\program files\common files\myturbopc.com\uus3\Update3.exe [2014-05-11 02:24]

.

2014-09-24 c:\windows\Tasks\MyTurboPC.com Update3_triggeronce.job

- c:\program files\common files\myturbopc.com\uus3\Update3.exe [2014-05-11 02:24]

.

2014-09-26 c:\windows\Tasks\MyTurboPC_sch_6F74FA2F-443E-11E4-8CCC-001E903ED46D.job

- c:\program files\MyTurboPC.com\MyTurboPC\mtpc.exe [2014-05-11 02:23]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://yahoo.com/

TCP: DhcpNameServer = 208.180.42.68 208.180.42.100

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-ShopAtHomeWatcher - c:\users\JIMS\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe

HKLM-Run-ShopAtHomeUpdater - c:\users\JIMS\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe

HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_ActiveX.exe

SafeBoot-WudfPf

SafeBoot-WudfRd

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2014-09-26 18:05

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...  

.

scanning hidden autostart entries ... 

.

scanning hidden files ...  

.

.

c:\users\JIMS\AppData\Local\Temp\~DF194E.tmp 32768 bytes

c:\users\JIMS\AppData\Local\Temp\~DF1C52.tmp 16384 bytes

c:\users\JIMS\AppData\Local\Temp\~DF96B5.tmp 16384 bytes

c:\users\JIMS\AppData\Local\Temp\~DFAF66.tmp 512 bytes

c:\users\JIMS\AppData\Local\Temp\~DFBCD5.tmp 16384 bytes

c:\users\JIMS\AppData\Local\Temp\~DFD579.tmp 16384 bytes

C:\avast! sandbox

.

scan completed successfully

hidden files: 7

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

Completion time: 2014-09-26  18:11:38

ComboFix-quarantined-files.txt  2014-09-26 23:11

.

Pre-Run: 150,140,203,008 bytes free

Post-Run: 150,065,119,232 bytes free

.

- - End Of File - - 2792222F6BD5E5A11DEEDD4B843017E5

5C616939100B85E558DA92B899A0FC36

[leahcase]

the errors that is poping up is..

 

object: http://26714.tc.adlinker.net

 

Infection : URL: MAL

 

PROCESS:C:\Programs Files\...Avastsuc.exe

 

 

object: http://mc3.adlinker.info/search?id=

 

infection:URL:MAL

 

processC:\\windows\system32\dllhost.exe

[leahcase]

 are you still there...

[Essexboy]

You appear to have downloaded some speed enhancement programmes which are causing the alerts

Download the latest version of adwCleaner

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Scan.
• After the scan is complete click on "Clean"
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.