This may need a few runs to kill properly
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint:
HKLM\...\Run: [ApnUpdater] => C:\Program Files\Ask.com\Updater\Updater.exe [1573584 2012-08-23] (Ask)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\auditusr.lnk [2015-06-18]
ShortcutTarget: auditusr.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\auditusr.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\cacls.lnk [2015-06-17]
ShortcutTarget: cacls.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\cacls.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\charmap.lnk [2015-06-17]
ShortcutTarget: charmap.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\charmap.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\ddeshare.lnk [2015-06-18]
ShortcutTarget: ddeshare.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\ddeshare.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\dmadmin.lnk [2015-06-19]
ShortcutTarget: dmadmin.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\dmadmin.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\doskey.lnk [2015-06-17]
ShortcutTarget: doskey.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\doskey.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\ipconfig.lnk [2015-06-19]
ShortcutTarget: ipconfig.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\ipconfig.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\mshta.lnk [2015-06-27]
ShortcutTarget: mshta.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\mshta.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\osuninst.lnk [2015-06-19]
ShortcutTarget: osuninst.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\osuninst.exe (No File)
Startup: C:\Documents and Settings\MY COMPUTER\Start Menu\Programs\Startup\pintool.lnk [2015-06-18]
ShortcutTarget: pintool.lnk -> C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate\pintool.exe (No File)
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1645522239-113007714-1177238915-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-08-23] (Ask)
U5 13f9915b6e5a5a40; C:\Windows\System32\Drivers\13f9915b6e5a5a40.sys [85376 2015-05-14] () <===== ATTENTION Necurs Rootkit?
2015-07-13 23:49 - 2015-07-13 23:49 - 00000000 _RSHD C:\WINDOWS\M-505045256088009087080
2015-07-13 17:39 - 2015-07-13 17:39 - 00422760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\uqolakcs.sys
2015-07-13 11:25 - 2015-07-13 11:25 - 00000000 _RSHD C:\WINDOWS\M-505025040068479870696960805245050
2015-07-12 17:12 - 2015-07-12 17:12 - 00000000 _RSHD C:\WINDOWS\M-505025040068479870608507020
2015-07-10 22:33 - 2015-07-14 18:54 - 00000000 _RSHD C:\WINDOWS\M-50504528343485849294856957580535350
2015-07-09 02:57 - 2015-07-09 02:57 - 00000000 _RSHD C:\WINDOWS\M-5050452834348584929485695758050
2015-07-09 02:54 - 2015-07-09 02:54 - 00000000 _RSHD C:\WINDOWS\M-50504528348584929485695758050
2015-07-08 19:41 - 2015-07-08 19:41 - 00000000 _RSHD C:\WINDOWS\M-50504025676203520540405025
2015-07-08 01:25 - 2015-07-08 01:25 - 00000000 _RSHD C:\WINDOWS\M-5050402567620352053
2015-07-07 15:00 - 2015-07-07 15:00 - 00000000 _RSHD C:\WINDOWS\M-5050402562050603850256869070
2015-07-06 19:47 - 2015-07-14 18:54 - 00000000 _RSHD C:\WINDOWS\M-505045868329386402955020
2015-07-06 19:47 - 2015-07-14 18:54 - 00000000 _RSHD C:\WINDOWS\M-5050324589790225392040235
2015-07-06 19:47 - 2015-07-14 18:54 - 00000000 ____D C:\Documents and Settings\MY COMPUTER\Application Data\4C049C714431636637967565D6D45C3D
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-505075043257069507952408040
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-5050402562050603850
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-505032564627205040205068235
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-50502876660282987798694020
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-505024068329588766028298798694020
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 _RSHD C:\WINDOWS\M-5050240436832957086028294020
2015-07-06 19:47 - 2015-07-06 19:47 - 00000000 ____D C:\Documents and Settings\MY COMPUTER\Application Data\miniupnpc
2015-07-06 19:46 - 2015-07-06 19:46 - 00000000 _RSHD C:\WINDOWS\M-5050324627205040205068235
2015-07-06 19:46 - 2015-07-06 19:46 - 00000000 _RSHD C:\WINDOWS\M-505024068329588766028298694020
2015-07-06 19:46 - 2015-07-06 19:46 - 00000000 _RSHD C:\WINDOWS\M-50502406832957086028294020
2015-07-06 19:45 - 2015-07-06 19:45 - 00000000 _RSHD C:\WINDOWS\M-505032462720504020505
2015-07-06 19:41 - 2015-07-06 19:41 - 00000000 _RSHD C:\WINDOWS\M-505032462720504020
2015-07-06 19:41 - 2015-07-06 19:41 - 00000000 _RSHD C:\WINDOWS\M-505024068329586028294020
2015-07-04 13:21 - 2015-07-04 13:21 - 00000257 _____ C:\cc206c82871e8690209e51d7ef.lnk
2015-07-03 01:50 - 2015-07-03 01:50 - 00010391 _____ C:\Documents and Settings\MY COMPUTER\Application Data\E0B611F6913C08308BDED482396CFCAA
2015-07-02 22:08 - 2015-07-14 17:59 - 00000462 _____ C:\Documents and Settings\MY COMPUTER\Application Data\iZs8L5TzhjX7d2la4dk
2015-07-15 00:20 - 2014-05-06 02:30 - 00000250 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2015-07-14 18:51 - 2015-05-02 17:09 - 00000000 _RSHD C:\WINDOWS\M-505034039586930203940876
2015-07-03 01:50 - 2015-07-03 01:50 - 0010391 _____ () C:\Documents and Settings\MY COMPUTER\Application Data\E0B611F6913C08308BDED482396CFCAA
2015-07-02 22:08 - 2015-07-14 17:59 - 0000462 _____ () C:\Documents and Settings\MY COMPUTER\Application Data\iZs8L5TzhjX7d2la4dk
CustomCLSID: HKU\S-1-5-21-1645522239-113007714-1177238915-1003_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> "C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Google\Chrome\Application\43. (the data entry has 40 more characters).
CustomCLSID: HKU\S-1-5-21-1645522239-113007714-1177238915-1003_Classes\CLSID\{38216570-5DB1-45F8-A344-B0C4E252B14B}\InprocServer32 -> C:\Documents and Settings\MY COMPUTER\Local Settings\Application Data\Google\Update\1.3.26.7\psuser. (the data entry has 11 more characters).
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe
AlternateDataStreams: C:\WINDOWS\system32\Drivers\etc\hosts:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\Temp:2652902F
Locked "13f9915b6e5a5a40" service could not be unlocked. <===== ATTENTION
C:\Documents and Settings\MY COMPUTER\Application Data\Microsoft\Windows\IEUpdate
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.