Sorry, HJT file now *attached*

Sorry, HJT file now attached as a .txt file

Please check if it's clean.... Thanks!

Where did attach it to?

Still no HJT log!!

Go HERE and follow the instructions exactly.

Once you have done that, go HERE for instructions on how to post your Hijackthis log as an attatchment.

Regards Howard

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
fash.exe <<== IBIS toolbar/Hijacker
nnkjrj.exe
PowerReg Scheduler.exe

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [fash] C:\WINDOWS\fash.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\nnkjrj.exe reg_run
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: Add to White List - C:\Program Files\Advanced Searchbar\addtolist.js
O8 - Extra context menu item: Delete from White List - C:\Program Files\Advanced Searchbar\delfromlist.js
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O20 - Winlogon Notify: SharedDLLs - C:\WINDOWS\system32\wncsvc.dll
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.

Thanks - the popups have ceased, but I'm still having a problem with unwanted downloads onto my desktop. Also, there are some files that I can't delete from TEMP because access is denied - even in safe mode. Lastly, I don't understand what you mean by "from between the dotted lines, delete the highlighted bold files." After I run a scan and fix the selected items, my HJT screen is blank. I've attached my new HJT file - thanks again for your help.

Where the hell do you think those dotted lines are? Starts with m, ends with oron.

Boot in Safe Mode.
Switch System restore OFF, see how here.
In Windows Explorer, turn on "show all files and folders, including hidden and system". See how here.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
casclient.exe

Next, try to UNinstall anything to do with (not delete yet!):
C:\Program Files\Cas\Client\casclient.exe

Next, run a HJT scan and place a tick-mark in the little square before (if still there):
...................................................................................................
C:\Program Files\Cas\Client\casclient.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Internet Settings - C:\WINDOWS\system32\wncsvc.dll
...................................................................................................
Now click on the Fix Checked button in HJT.

When done, from between the above dotted lines, delete the highlighted bold files.
When a \directory-name\ is bold, delete everything in it, including that directory itself.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
Delete all files and directories from: C:\WINDOWS\Temp (except files dated from TODAY).
Boot normal. When all OK, switch System Restore back on.

When I copy and paste your instructions to MS Word so I can read them in safe mode, green squiggly lines cover up the dotted lines - and nothing is bolded. Maybe it's my old 97 version of MS Office that does that, but I don't need your ridicule. We can't all be computer dorks like yourself. Starts with "A" ends with "sshole"

Don't blame us for your non-functional software.
And it's amazing how quickly you can end up on someone's hitlist. You just made it...