http://clickered.com

I keep getting the following message and Avast does not clean it up and I am getting tired of the pop ups. Tired of the long ways to get rid of it. If Avast can’t clean it than I am going to find a virus that will.

hxxp://clickered.com/cen?ag=894140d49461fae5c6c3f26ace6ffd5e-18-0&g=ZZZ&t=aa2a773

Just tired of the constant pop ups and not being able to watch movies or videos without being disturbed. I just want to get rid of it, once and for all.

https://forum.avast.com/index.php?topic=53253.0

ps:
Don’t blame malware removal software for not detecting/removing it.
Blame yourself for getting the infection.
Always use a restricted account for daily use.

That’s easily done, but at the moment no antivirus will detect or remove this. Any other antivirus would probably not alert you that you have it

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach both logs generated.

attach log … not copy and paste

Sorry

there should be one more. called addition.txt … if you ticked the same selections as on the pic above

if not, wait for essexboy … he may not need it

sorry missed it rescanning.

Here you go, both on re-scan

OK the FRST fix will cure the alerts and AdwCleaner will clear the remainder of the rubbish

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

URLSearchHook: HKCU - (No Name) - {b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} - No File SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2866295 SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2516} URL = http://www.default-search.net/search?sid=516&aid=104&itype=n&ver=12791&tm=429&src=ds&p={searchTerms} BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {B9D63C58-90CC-428B-8D3B-CBB88EB07E7E} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File FF SearchEngineOrder.1: default-search.net CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION 2014-08-29 10:25 - 2014-08-30 18:00 - 00000480 _____ () C:\Windows\Tasks\SparkTrust Registration3.job 2014-08-29 10:25 - 2014-08-29 10:25 - 00003160 _____ () C:\Windows\System32\Tasks\SparkTrust Registration3 2014-08-29 10:25 - 2014-08-29 10:25 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\SparkTrust 2014-08-29 10:25 - 2014-08-29 10:25 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\DriverCure 2014-08-29 10:24 - 2014-08-31 07:33 - 00000614 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job 2014-08-29 10:24 - 2014-08-29 11:41 - 00000661 _____ () C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26.job 2014-08-29 10:24 - 2014-08-29 11:41 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job 2014-08-29 10:24 - 2014-08-29 11:41 - 00000438 _____ () C:\Windows\Tasks\SparkTrust Update Version3.job 2014-08-29 10:24 - 2014-08-29 10:24 - 00004118 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26 2014-08-29 10:24 - 2014-08-29 10:24 - 00003264 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3 2014-08-29 10:24 - 2014-08-29 10:24 - 00002932 _____ () C:\Windows\System32\Tasks\SparkTrust Update Version3_triggeronce 2014-08-29 10:24 - 2014-08-29 10:24 - 00002730 _____ () C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus Startup 2014-08-29 10:24 - 2014-08-29 10:24 - 00001355 _____ () C:\Users\Jeff and Judi\Desktop\SparkTrust PC Cleaner Plus.lnk 2014-08-29 10:24 - 2014-08-29 10:24 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust 2014-08-29 10:23 - 2014-08-29 10:24 - 00000000 ____D () C:\ProgramData\SparkTrust 2014-08-29 10:23 - 2014-08-29 10:23 - 00000000 ____D () C:\Program Files (x86)\SparkTrust 2014-08-29 10:22 - 2014-08-29 10:23 - 06764848 _____ (SparkTrust) C:\Users\Jeff and Judi\Downloads\SparkTrust PC Cleaner Plus Setup_d6cd7a3_.exe 2014-08-24 17:46 - 2014-08-24 17:47 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\Idle~_~Crawler 2014-08-24 17:46 - 2014-08-24 17:47 - 00000000 ____D () C:\Users\Public\855AD098B0984915BF04B0B24D958F74 2014-08-24 17:46 - 2014-08-24 17:46 - 00004610 _____ () C:\Windows\System32\Tasks\Idle~_~Crawler Runner 2014-08-19 06:00 - 2014-08-19 06:01 - 00000000 ____D () C:\Users\Public\072D24E7516A4FFC9EEE0C0812DDA4BB 2014-08-09 05:04 - 2014-08-09 05:04 - 00000000 ____D () C:\Users\Public\A0E17C4EB8E4411FA4D15F6C348CA964 2014-08-08 09:43 - 2014-08-08 09:43 - 00000000 ____D () C:\Users\Public\14CACBBDA95D478EA536ECC623C528C4 2014-08-03 20:41 - 2014-08-03 20:41 - 00000000 ____D () C:\Program Files (x86)\predm 2014-08-03 20:36 - 2014-08-03 20:41 - 00000000 ____D () C:\Program Files (x86)\Linkey 2014-08-03 20:36 - 2014-08-03 20:36 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\com 2014-08-03 20:34 - 2014-08-26 09:54 - 00000000 ____D () C:\Program Files\005 2014-08-03 20:34 - 2014-07-30 15:45 - 04816384 _____ () C:\Windows\score.exe 2014-08-28 20:03 - 2013-12-16 19:11 - 00000000 ____D () C:\Users\Jeff and Judi\AppData\Roaming\Systweak 2014-08-28 20:03 - 2013-09-12 15:09 - 00000000 ___DC () C:\Users\Jeff and Judi\AppData\Local\SevereWeatherAlerts 2014-08-28 20:03 - 2013-09-12 15:08 - 00000000 ____D () C:\ProgramData\Conduit Task: {1ECFE87D-27B2-43FF-936B-F385C9AC01D0} - System32\Tasks\Idle~_~Crawler Runner => %LOCALAPPDATA%\Idle~_~Crawler\Idle~_~Crawler.exe Task: {23B93BEF-727B-4971-B5A0-E3C57E75234A} - System32\Tasks\SparkTrust Update Version3 => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe [2014-07-31] (SparkTrust Systems) <==== ATTENTION Task: {3104CA43-7E53-4409-884B-6A7C10C4FF94} - System32\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26 => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION Task: {9076CD79-E9C6-49BC-BD13-5289A08AA69B} - System32\Tasks\SparkTrust Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll" RunUns <==== ATTENTION Task: {EE5AE8D9-129E-48E5-AB21-6C2C29838F19} - System32\Tasks\SparkTrust PC Cleaner Plus Startup => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2014-07-31] (SparkTrust) <==== ATTENTION Task: {F4D5253B-334E-436D-9AC3-85E8EA6CD512} - \Real Player online update program No Task File <==== ATTENTION Task: {FF3F6227-863D-4166-A293-8C4DB6E2F6AB} - System32\Tasks\IHSelfDeleteTASK => CMD Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus Startup.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus_sch_20F2E8D6-2F88-11E4-8B97-485B394E5D26.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe <==== ATTENTION Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll <==== ATTENTION Task: C:\Windows\Tasks\SparkTrust Update Version3.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION Task: C:\Windows\Tasks\SparkTrust Update Version3_triggeronce.job => c:\program files (x86)\common files\sparktrust\uus3\Update3.exe <==== ATTENTION C:\Users\Jeff and Judi\AppData\Local\Idle~_~Crawler\ EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S1].txt as well.

Thank you very much. I was going crazy. I know that Avast was probably the best. Just climbing the wall… :o

I can understand that, but as far as I am aware at the moment other AV’s would have allowed idle crawler to access the net

How is the computer now ?

I am having same problem, can you help me. I have never been on site before and do not know how this works.

@packeyes if you could run FRST and then create your own thread I will pick you up there