"invisible ads" playing in the background with no windows open

Heres the RAR

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

• Save it to your desktop.
• Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
• Double click the setup file to run it.
• Click Next to continue.
• Accept the License agreement and click on next.
• It will, by default, install it to your desktop folder. Click Next.
• It will then open a box There will be a tab that says Automatic scan.
• Under Automatic scan make sure these are checked.

• Hidden Startup Objects
• System Memory
• Disk Boot Sectors.
• My Computer.
• Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.

• Then click on Scan at the to right hand Corner.
• It will automatically Neutralize any objects found.
• If some objects are left un-neutralized then click the button that says Neutralize all
• If it says it cannot be neutralized then choose the delete option when prompted.
• After that is done click on the reports button at the bottom and save it to file name it Kas.
• Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.
  
  Note: This tool will self uninstall when you close it so please save the log before closing it.

All i got from that scan was this,

Autoscan: completed 24 minutes ago (events: 2, objects: 1236058, time: 06:05:52)
4/18/2011 11:39:35 AM Task started
4/18/2011 5:45:27 PM Task completed

I tried putting the Detected part on the kas file, but it showed "unknown" in the txt.

And still the invisible ads?

Yes, and now there is also google redirect.

https://imgur.com/xqDF3
that is a picture of this error that pops up, and when that pops up the ads stop if i leave it there.

Does this happen on any other computers in your household (if you have them)?

No, this is on a laptop, someone said to do a DNS flush or something of the likes for the redirecting links of search engines.

Let's take a look at your DNS anyway with my tool...

Please download RenewMyDNS by DragonMaster Jay.

• Save it to your Desktop.
  
• Double-click RenewMyDNS.exe to start the program.
  
• Follow the prompts, and when finished it will launch a log.
  
• Post that log in your next reply.
  
• After posting the log, delete RenewMyDNS.exe

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.3.2

Microsoft Windows [Version 6.0.6002]


``````````Network and DNS Information``````````



Windows IP Configuration

Host Name . . . . . . . . . . . . : Unggoy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel(R) Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-1F-3B-44-BA-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5e5:c7c7:7260:1bc2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, April 21, 2011 12:24:36 PM
Lease Expires . . . . . . . . . . : Friday, April 22, 2011 12:24:34 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 268443451
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-55-BB-4D-00-1E-EC-34-45-38
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-34-1E-18-A4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.16.233.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Thursday, April 21, 2011 12:24:26 PM
Lease Expires . . . . . . . . . . : Friday, April 20, 2012 12:26:32 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{CDCD3827-53AD-49A3-A373-28131790A26E}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 6TO4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:510:e965::510:e965(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4f:1dd2:3f57:fe99(Preferred)
Link-local IPv6 Address . . . . . : fe80::4f:1dd2:3f57:fe99%12(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : isatap.gateway.2wire.net
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.


``````````Speed-test - Ping``````````


Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=63ms TTL=55

Reply from 209.191.122.70: bytes=32 time=62ms TTL=55

Reply from 209.191.122.70: bytes=32 time=63ms TTL=55

Reply from 209.191.122.70: bytes=32 time=65ms TTL=55



Ping statistics for 209.191.122.70:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 62ms, Maximum = 65ms, Average = 63ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:

Reply from 64.202.189.170: bytes=32 time=28ms TTL=117

Reply from 64.202.189.170: bytes=32 time=25ms TTL=117

Reply from 64.202.189.170: bytes=32 time=25ms TTL=117

Reply from 64.202.189.170: bytes=32 time=27ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 25ms, Maximum = 28ms, Average = 26ms



Pinging facebook.com [69.63.181.12] with 32 bytes of data:

Reply from 69.63.181.12: bytes=32 time=35ms TTL=245

Reply from 69.63.181.12: bytes=32 time=27ms TTL=245

Reply from 69.63.181.12: bytes=32 time=27ms TTL=245

Reply from 69.63.181.12: bytes=32 time=29ms TTL=245



Ping statistics for 69.63.181.12:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 35ms, Average = 29ms



Pinging google.com [74.125.224.211] with 32 bytes of data:

Reply from 74.125.224.211: bytes=32 time=18ms TTL=56

Reply from 74.125.224.211: bytes=32 time=17ms TTL=56

Reply from 74.125.224.211: bytes=32 time=17ms TTL=56

Reply from 74.125.224.211: bytes=32 time=19ms TTL=56



Ping statistics for 74.125.224.211:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 17ms, Maximum = 19ms, Average = 17ms


********************
EOF

Go to Start > Run, type in cmd and hit OK.

Copy and paste this phrase in to the Command Prompt line:

cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt


If you have troubles pasting it, right click on the Command Prompt window and click Paste. Then, hit Enter.

Post the log that launches.

nothing appeared in the log. Just blank.

Please download the latest version of Kaspersky GetSystemInfo (GSI) from Kaspersky and save it to your Desktop.

Note: please close all other applications running on your system.

Double click GetSystemInfo.exe to open it. It will display an agreement. Click on I Agree to continue.

Click the Settings button.



Set the slider to Maximum.



IMPORTANT! Then, click Customize - choose Driver / Ports tab and uncheck Scan Ports.




On the General tab, make sure all of the boxes are checked.




On the Misc tab, make sure all the checkboxes are checked.

Then, click OK on the windows that you launched.



Click Create Report to run it.


It will begin scanning.

It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop.

It should automatically upload it to http://www.getsysteminfo.com. If it does not, then please submit it manually by going to the site and doing the upload process.

It will redirect to a page, where it will provide a sharing URL for specialists. Copy and paste the url of the GSI Parser report in your next reply.

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

ComboFix 11-04-29.04 - Unggoy 04/30/2011 11:29:18.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2271 [GMT -7:00]
Running from: c:\users\Unggoy\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Uninstall Windows Fix Disk.lnk
c:\users\Unggoy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Windows Fix Disk.lnk
D:\install.exe
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2011-03-28 to 2011-04-30 )))))))))))))))))))))))))))))))
.
.
2011-04-29 08:22 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D1F3018-1167-4CB4-8F29-285C5802604F}\mpengine.dll
2011-04-27 23:19 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 23:19 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 23:18 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-24 00:28 . 2011-04-24 00:28 51488 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\RandomMap.dll
2011-04-24 00:28 . 2011-04-24 00:28 13600 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\RandomMapBinder.dll
2011-04-24 00:28 . 2011-04-24 00:28 19232 ----a-w- c:\program files\Microsoft Games\Project S\rmdll\Final\CLRBinder.dll
2011-04-24 00:04 . 2011-04-24 00:04 15648 ----a-w- c:\program files\Microsoft Games\Project S\XLiveDLC.dll
2011-04-24 00:04 . 2011-04-24 00:04 11756320 ----a-w- c:\program files\Microsoft Games\Project S\Spartan.exe
2011-04-24 00:04 . 2011-04-24 00:04 81998 ----a-w- c:\program files\Microsoft Games\Project S\RockallDLL.dll
2011-04-24 00:04 . 2011-04-24 00:04 746496 ----a-w- c:\program files\Microsoft Games\Project S\granny2.dll
2011-04-24 00:04 . 2011-04-24 00:04 73728 ----a-w- c:\program files\Microsoft Games\Project S\eulax.dll
2011-04-24 00:04 . 2011-04-24 00:04 153376 ----a-w- c:\program files\Microsoft Games\Project S\AOEOnlineReplace.exe
2011-04-24 00:04 . 2011-04-24 00:04 4160288 ----a-w- c:\program files\Microsoft Games\Project S\AOEOnline.exe
2011-04-24 00:03 . 2011-04-24 00:03 173408 ----a-w- c:\program files\Microsoft Games\Project S\pw32b.dll
2011-04-24 00:01 . 2008-10-15 13:22 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2011-04-24 00:01 . 2008-10-15 13:22 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-04-24 00:01 . 2008-10-15 13:22 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2011-04-17 05:15 . 2011-04-18 18:37 -------- d-----w- c:\programdata\Kaspersky Lab
2011-04-14 21:28 . 2011-04-14 21:28 -------- d-----w- c:\program files\ESET
2011-04-14 17:13 . 2011-04-14 17:13 -------- d-----w- c:\users\Unggoy\AppData\Roaming\Malwarebytes
2011-04-14 17:12 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-14 17:12 . 2011-04-14 17:12 -------- d-----w- c:\programdata\Malwarebytes
2011-04-14 17:12 . 2011-04-14 17:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 21:19 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-03 15:40 . 2011-04-27 23:19 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 23:19 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 23:19 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 23:19 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 00:29 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 00:29 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 00:29 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-03 01:11 . 2009-10-03 02:37 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:43 . 2011-02-02 07:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-29 14:49 . 2011-03-22 08:00 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\users\Unggoy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-27 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"TP CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 820872]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2006-11-06 81920]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-01 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-01 92704]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-03-28 1910152]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ------w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 20:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 09:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 02:03 1242448 ----a-w- c:\program files\Steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 212280]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 utm4ntg4;AVZ Kernel Driver;c:\windows\system32\Drivers\utm4ntg4.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-03-28 1242504]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-11-04 6656]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Unggoy\AppData\Roaming\Mozilla\Firefox\Profiles\m14p16vd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2096)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-04-30 11:48:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-30 18:48
.
Pre-Run: 9,878,630,400 bytes free
Post-Run: 9,698,398,208 bytes free
.
- - End Of File - - B6FF068FBAEDF207A6B3E826F3AAC6F2

That should have taken care of the issue with the invisible ads. What about any other problems?

Combofix has taken care of the invisible ads and the redirecting. I thank you for all your time and dedication in aiding me with this very annoying invisible ads and redirecting. All the help is very much appreciated! My laptop is now running normally.

If there are no more issues, then we shall clean up!

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
  
• Select System
  
• On the left select Advance System Settings and accept the warning if you get one
  
• Select System Protection Tab
  
• Select Create at the bottom
  
• Type in a name i.e. Clean
  
• Select Create

Now we can purge the infected ones

• Go back to the System and Maintenance page
  
• Select Performance Information and Tools
  
• On the left select Open Disk Cleanup
  
• Select Files from all users and accept the warning if you get one
  
• In the drop down box select your main drive i.e. C
  
• For a few moments the system will make some calculations
  
• Select the More Options tab
  
• In the System Restore and Shadow Backups select Clean up
  
• Select Delete on the pop up
  
• Select OK
  
• Select Delete

Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Please download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start
  button to begin the process. Depending on how often you clean temp
  files, execution time should be anywhere from a few seconds to a minute
  or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Tell me in your next reply, if you have completed these tasks:

• Cleaned System Restore
  
• Ran OTC
  
• Ran TFC
  
• Ran Security Check

Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.

I have completed the stated tasks above.
-----------------------------------------------------



Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java DB 10.5.3.0
Java(TM) 6 Update 23
Java(TM) SE Development Kit 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.2.159.1
Adobe Reader 8.1.0
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Java Update!

Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

---

See this page for more info about malware and prevention.

K i have update both of them.

Excellent.