annoying ads

[ivanoe]

Morning Dave Yes  the ADS are still there but not half as bad, I think we are winning, is there some thing else I can do,   PLEASE KEEP IT SIMPLE. ( ONLY KIDDING) Sorry to take up so much of your time. But if your still willing to help I do appreciate it.

[ivanoe]

Morning Dave yes the ADS are still there but not half as bad. I think we are winning is there anything else I can do .I am Sorry to take up so much of your time ,but if you are still willing to carry on I appreciate it.

[SuperDave]

Download Combofix from any of the links below, and save it to your DESKTOP. 
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[ivanoe]

Once again Dave up and at um.(that's' Lancashire)anyhow done  the Combofix.hopefully. here it is.

[ivanoe]

combofix

ComboFix 13-09-08.02 - Frank 09/09/2013   9:54.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3839.1966 [GMT 1:00]
Running from: c:\users\Frank\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJWETG00\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Frank\AppData\Roaming\.#
c:\users\Frank\AppData\Roaming\Microsoft\Windows\Recent\User Manual.url
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-09 to 2013-09-09  )))))))))))))))))))))))))))))))
.
.
2013-09-09 09:05 . 2013-09-09 09:05   --------   d-----w-   c:\users\UpdatusUser\AppData\Local\temp
2013-09-09 09:05 . 2013-09-09 09:05   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-08 14:31 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2072AA98-8C39-4D29-8B12-40B818D3F6A0}\mpengine.dll
2013-09-07 14:01 . 2013-08-06 08:58   9515512   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-06 11:24 . 2013-09-06 11:23   965008   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{57ACA441-F9B1-4449-B46B-9F7C3A950167}\gapaengine.dll
2013-08-31 10:36 . 2013-08-31 15:37   --------   d-----w-   c:\users\Frank\AppData\Roaming\Fighters
2013-08-31 10:36 . 2013-08-31 15:37   --------   d-----w-   c:\programdata\Fighters
2013-08-30 08:49 . 2013-08-30 08:49   --------   d-----w-   c:\program files (x86)\7-Zip
2013-08-30 08:42 . 2013-08-30 08:44   --------   d-----w-   c:\program files (x86)\BearShare Applications
2013-08-30 08:17 . 2013-09-05 10:38   --------   dc----w-   C:\AdwCleaner
2013-08-27 10:19 . 2013-08-31 09:09   --------   d-----w-   c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-27 10:19 . 2013-04-04 13:50   25928   ----a-w-   c:\windows\system32\drivers\mbam.sys
2013-08-25 11:27 . 2013-08-25 11:27   --------   d-----w-   c:\program files\Defraggler
2013-08-25 10:18 . 2013-08-25 10:18   --------   d-----w-   c:\users\Frank\AppData\Roaming\Thunderbird
2013-08-25 10:18 . 2013-08-25 10:18   --------   d-----w-   c:\users\Frank\AppData\Local\Thunderbird
2013-08-25 10:18 . 2013-08-25 10:28   --------   d-----w-   c:\program files (x86)\Mozilla Thunderbird
2013-08-22 17:12 . 2013-08-22 17:12   --------   d-----w-   c:\program files (x86)\Common Files\Java
2013-08-22 17:12 . 2013-08-22 17:12   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-08-22 17:12 . 2013-08-22 17:12   --------   d-----w-   c:\program files (x86)\Java
2013-08-21 10:02 . 2013-08-21 10:02   --------   d-----w-   c:\windows\CD95F661A5C444F5A6AAECDD91C240DA.TMP
2013-08-20 09:11 . 2013-08-20 09:11   --------   d-----w-   c:\users\Frank\AppData\Local\avgchrome
2013-08-15 06:02 . 2013-08-15 06:04   --------   d-----w-   c:\windows\system32\MRT
2013-08-11 10:03 . 2012-05-11 14:47   32768   ----a-w-   c:\windows\SysWow64\CMDLGFR.DLL
2013-08-11 10:03 . 2012-05-11 14:47   152848   ----a-w-   c:\windows\SysWow64\COMDLG32.OCX
2013-08-11 10:03 . 2012-05-11 14:47   141312   ----a-w-   c:\windows\SysWow64\MSCMCFR.DLL
2013-08-11 10:03 . 2012-05-11 14:47   119568   ----a-w-   c:\windows\SysWow64\VB6FR.DLL
2013-08-11 10:03 . 2012-05-11 14:47   1081616   ----a-w-   c:\windows\SysWow64\mscomctl.ocx
2013-08-11 10:03 . 2012-05-11 14:47   101888   ----a-w-   c:\windows\SysWow64\VB6STKIT.DLL
2013-08-11 10:03 . 2013-08-11 10:03   --------   d-----w-   c:\users\Frank\AppData\Roaming\TFP
2013-08-11 10:02 . 2013-08-11 10:02   --------   d-----w-   c:\users\Frank\AppData\Local\Fuze Zip
2013-08-11 10:02 . 2013-08-11 10:06   --------   d-----w-   c:\users\Frank\AppData\Local\FuzeZip
2013-08-11 10:00 . 2013-08-12 04:44   --------   d-----w-   c:\program files (x86)\FuzeZip
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-23 14:50 . 2012-06-13 06:10   941720   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-22 17:12 . 2013-05-17 10:49   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-08-22 17:12 . 2013-05-17 10:49   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-08-22 10:45 . 2013-02-24 15:37   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-22 10:45 . 2013-02-24 15:37   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 06:02 . 2012-05-18 06:29   78161360   ----a-w-   c:\windows\system32\MRT.exe
2013-08-15 05:57 . 2013-05-04 08:30   45856   ----a-w-   c:\windows\system32\drivers\avgtpx64.sys
2013-07-21 13:44 . 2013-07-21 10:29   829264   ----a-w-   c:\windows\system32\msvcr100.dll
2013-07-21 13:44 . 2013-07-21 10:29   608080   ----a-w-   c:\windows\system32\msvcp100.dll
2013-07-09 04:45 . 2013-08-14 06:37   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-06-21 00:07 . 2013-07-31 10:56   203672   ----a-w-   c:\windows\system32\drivers\ssudobex.sys
2013-06-21 00:07 . 2013-07-31 10:56   203672   ----a-w-   c:\windows\system32\drivers\ssudmdm.sys
2013-06-21 00:07 . 2013-07-31 10:56   103448   ----a-w-   c:\windows\system32\drivers\ssudbus.sys
2013-06-18 20:50 . 2013-06-18 20:50   247216   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-06-18 20:50 . 2012-03-20 19:44   139616   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02   233288   ----a-w-   c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9359da42-06fb-46f2-9e4a-05c05b98a5ef}]
2013-04-29 08:57   62864   ----a-w-   c:\program files (x86)\InboxAce_1g\bar\1.bin\1gSrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{3775afd7-5921-4571-968f-85a631203d1c}"= "c:\program files (x86)\InboxAce_1g\bar\1.bin\1gbar.dll" [2013-04-29 708168]
.
[HKEY_CLASSES_ROOT\clsid\{3775afd7-5921-4571-968f-85a631203d1c}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 11:28   222808   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 11:28   222808   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 11:28   222808   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="c:\program files (x86)\IE New Window Maximizer\iemaximizer.exe" [2003-01-24 348160]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-08-18 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe;c:\program files (x86)\Expat Shield\bin\openvpnas.exe

R2 InboxAce_1gService;InboxAceService;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe;c:\progra~2\INBOXA~2\bar\1.bin\1gbarsvc.exe

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe

R2 Update BrowseFox;Update BrowseFox;c:\program files (x86)\BrowseFox\updateBrowseFox.exe;c:\program files (x86)\BrowseFox\updateBrowseFox.exe

R2 UtilityChest_49Service;Utility ChestService;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe;c:\progra~2\UTILIT~2\bar\1.bin\49barsvc.exe

R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys

R3 LVUVC64;Logitech QuickCam 3000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE

S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe;c:\windows\SYSNATIVE\dgdersvc.exe

S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe

S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe;c:\program files (x86)\Expat Shield\bin\hsswd.exe

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

S2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe;d:\malwarebytes' anti-malware\mbamscheduler.exe

S2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe;d:\malwarebytes' anti-malware\mbamservice.exe

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys;c:\windows\SYSNATIVE\DRIVERS\LVPr2M64.sys

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys

.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 10:45]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-14 05:39]
.
2013-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-14 05:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02   287048   ----a-w-   c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-03-19 11:28   261704   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-03-19 11:28   261704   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-03-19 11:28   261704   ----a-w-   c:\users\Frank\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.0.1
DPF: {34DC66DB-E913-40A1-A2DD-53A1B9E90CAC} - hxxps://col0-sec.mail.live.com/mail/resources/MailMigrationTool.cab
DPF: {55A2C0CD-3DE8-4264-9637-A0B40B05714E} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=131641694
DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=2070962686
FF - ProfilePath - c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\
FF - ExtSQL: 2013-07-29 16:03; [email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Extensions\[email protected]
FF - ExtSQL: 2013-08-16 10:11; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-20 09:54; [email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\[email protected]
FF - ExtSQL: 2013-08-23 03:04; [email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\[email protected]
FF - ExtSQL: 2013-08-30 21:37; [email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\[email protected]
FF - ExtSQL: 2013-08-31 07:48; {d3d26710-52fd-44f2-8166-04aa85b93dc2}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{d3d26710-52fd-44f2-8166-04aa85b93dc2}
FF - ExtSQL: 2013-08-31 11:35; {1122b43d-30ee-403f-9bfa-3cc99b0caddd}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{1122b43d-30ee-403f-9bfa-3cc99b0caddd}
FF - ExtSQL: 2013-09-03 10:50; {c9388641-af41-9113-10c5-54eb2becb636}; c:\users\Frank\AppData\Roaming\Mozilla\Firefox\Profiles\f1fzkzex.default\extensions\{c9388641-af41-9113-10c5-54eb2becb636}
FF - ExtSQL: !HIDDEN! 2013-07-29 16:03; [email protected]; c:\users\Frank\AppData\Roaming\Mozilla\Extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{1122b43d-30ee-403f-9bfa-3cc99b0caddd} - (no file)
BHO-{6ec74131-08b2-4f67-a9bc-5914ef1edb97} - (no file)
BHO-{d5a1d22b-9e17-454f-8ecd-83c578fb3983} - c:\progra~2\INBOXA~2\bar\1.bin\1gbar.dll
Toolbar-10 - (no file)
Toolbar-{cf67755f-9265-449c-87cf-b945519e073b} - c:\program files (x86)\UtilityChest_49\bar\1.bin\49bar.dll
Toolbar-{1122b43d-30ee-403f-9bfa-3cc99b0caddd} - (no file)
BHO-{31ad400d-1b06-4e33-a59a-90c2c140cba0} - (no file)
BHO-{DEDAF650-12B8-48f5-A843-BBA100716106} - c:\program files\Updater By Sweetpacks\Extension64.dll
Toolbar-10 - (no file)
WebBrowser-{B81767E1-672D-4DA1-B5CC-D277185815A6} - (no file)
WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
WebBrowser-{9427041A-A8DC-4D06-9A68-93873486E957} - (no file)
WebBrowser-{B2BF7B3F-BF0B-4C48-AEC6-F92C51BE63E1} - (no file)
WebBrowser-{6EC74131-08B2-4F67-A9BC-5914EF1EDB97} - (no file)
AddRemove-Installl_Converter Toolbar - c:\program files (x86)\Installl_Converter\uninstall.exe
AddRemove-MixiDJ_V30 Toolbar - c:\program files (x86)\MixiDJ_V30\uninstall.exe
AddRemove-{6CEFA465-C891-A778-BC5F-58A9FA79F674} - c:\progra~3\INSTAL~1\{0DC28~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1381260898-2479351544-750526317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-1381260898-2479351544-750526317-1001)
@Denied: (2) (LocalSystem)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-1381260898-2479351544-750526317-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-09  10:18:50
ComboFix-quarantined-files.txt  2013-09-09 09:18
.
Pre-Run: 45,021,790,208 bytes free
Post-Run: 44,557,447,168 bytes free
.
- - End Of File - - 95038531F9F680253EC0EB82C0C915C9
A36C5E4F47E84449FF07ED3517B43A31


[recovering disk space, attachment deleted by admin]

[SuperDave]

• Download RogueKiller on the desktop
  
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  
• Otherwise just double-click on RogueKiller.exe
  
• Pre-scan will start. Let it finish.
• Click on SCAN button.
  
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
  

[ivanoe]

Hi Dave not sure what im' doing here ran Rogue killer exe got this ,dont' know what it is hope you do.


 V8.6.10 _x64_ [Sep  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Frank [Admin rights]
Mode : Remove -- Date : 09/10/2013 11:53:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\Windows\TEMP\{0A298535-91A5-441D-A0A3-31E9ABD8849C}.exe - --uninstall=1

• -> DELETED
[V2]

[ROGUE ST] 4679 : wscript.exe - C:\Users\Frank\AppData\Local\Temp\launchie.vbs //B -> DELETED
[V2][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv : C:\Windows\TEMP\{0A298535-91A5-441D-A0A3-31E9ABD8849C}.exe - --uninstall=1

• -> DELETED
[V2]

[SUSP PATH] Test TimeTrigger : C:\Users\Frank\AppData\Local\Temp\Runner.exe - C:\Users\Frank\AppData\Local\Temp\DNS.exe

• -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST350041 8AS SCSI Disk Device +++++
--- User ---
[MBR] 327feecaefcca62ed4d7bef8437dce36
[BSP] 977398f066ce2496230036e50b1c4e16 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 133689 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 273795795 | Size: 343248 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive1: ST350041 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: ST350041 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: ST350041 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: ST350041 8AS SCSI Disk Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_D_09102013_115349.txt >>
RKreport[0]_S_09102013_114703.txt



   not sure what im' doing here.

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[ivanoe]

Dave Hello again .sorry but its' beat me this time .I downloaded eset,followed your instructions ,then looked all over for the logs ,the only mention of eset was in c/drive when clicked on to open it was empty. I cant' find anything else. And it was scanning for about 1/12 hours.
so where it' gone beats me. Sorry.

[SuperDave]

So, how's your computer running now?

[ivanoe]

I would have to say it is running better. not perfect but the ads are not anywhere near as bad. I suppose we're always going to get some ads,
to put up with, but I think you have done a great job Dave. and I thank you .it's been a good  experience talking to you and I think I have learned some things.so once again cheers mate.

[SuperDave]

I suppose we're always going to get some ads,

Could you please post a screenshot of those ads?
How to post screenshots or images

[ivanoe]

Thanks for your support Evil. Fantasy  But I don't have clue what I  am 'doing I have been trying this all morning and I haven't got a photo of anything yet. , am I supposed to get a AD up on screen then do this PRTSCN. I am lost.
SORRY.

[SuperDave]

Thanks for your support Evil. Fantasy  But I don't have clue what I  am 'doing I have been trying this all morning and I haven't got a photo of anything yet. , am I supposed to get a AD up on screen then do this PRTSCN. I am lost.
SORRY.

Yes, wait until an ad pops up on the screen and then hit the "printscreen" button and then follow the instructions I've provided.

[ivanoe]

NO STILL CAN'T GET IT.been trying for a hour with this prtsc.don't' know how it works. I have paint on my PC. so I skipped the first part of your instructions and went straight to paint. You then ask me to click on edit/paste. but there is no edit on my paint.  then save as type NOT THERE. choose jpeg save to desktop ,HOW. sent you a snap of my paint, also snaps of the ADS  that come up on the bottom of the page  every web paint I visit .