Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror

(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:

http://malwarebytes.org/mbam-download-exe-random.php

=============================================

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2
Link 3
When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.

Refer to this image:
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click PCHelpForum.exe to run it.
  You will see the following image:

Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Ok.That looks like its fixed the problem...

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.

You can now uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
• In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

• Then, press Enter, or click OK.
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.

Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.
Afterwork
Malware Prevention
How Did I Get Infected
More Tips on Prevention

=============================

I see you have Nortons AVG and Windows Defender.Use only one as the three together cause slow downs and conflicts.

Press the "Ctrl" and "Alt" buttons. While holding them, press "Delete" to open the Windows Task Manager.
Click the "Processes" tab and click "winservad.exe." Click "End Process." Click "winservsuit.exe" and click "End Process."

Click the windows "Start" button and click "All Programs. Scroll up and click "Accessories." Click "System Tools"and click "System Restore."
Click "Create a restore point" on the "Welcome to System Restore" page and click "Next." Type in a name for your restore point and click "Create." Click "Close" to backup and create a restore point in case of system errors.
Click the Windows "Start" button and select "Run." Type "regedit" (without quotes) and press "OK" to open the registry.

Press "F3" to open the search box and search for and delete the following registry entries: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windows servead HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\windows servead HKEY_LOCAL_MACHINE\software\windows servead
Exit the registry.

Click the Windows "Start" button and click the "Search" button. Click "All Files and Folders" to open the search box and click "More Advanced Options." Place a check on all the options to allow you to search for your files effectively.


Search for and delete the following files: winatserv.dll winservad.exe winservsuit.exe
Click the Windows "Start" button and click "My computer. Double-click the "C:" drive and double-click the "Program Files" folder. Locate the windows servead folder and delete it. Empty the recycle bin to complete the process.

Post a new OTL log please?

Hi,

Can you access MSConfig?

Start>Run type msconfig

Click Selective Startup and uncheck Load Startup Items.

Reboot

Still getting popups?

Do you see any of these files winatserv.dll winservad.exe winservsuit.exe on your compuyter.?

I'd like you to scan your machine with ESET OnlineScan

• Scan your system with Online Scanner
• Place a check mark in the box YES, I accept the Terms Of Use.
• Click the button.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
• Click on to download the ESET Smart Installer. Save it to your desktop.
• Double click on the icon on your desktop.

• Check
• Click the button.
• Accept any security warnings from your browser.
• Check
• Make sure that the option to "Remove Found Threats" is UN checked.
• Push the "Start" button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, push
• Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• Push the button.
• Push