Hello,

OK, so this video type Chinese ad popped up in my firefox browser and even the steam application this morning (after i decided to turn Adobe off at startup). I googled "how to remove Chinese ads in lower left corner" and the first result was this post
http://forums.spybot.info/showthread.php?t=66907
which seemed to be an almost identical problem to me.

Without thinking, I decided to follow the recommendation on the post exactly, and got through the instruction on post #3 (rouguekiller, adwcleaner, OTL)
At this point my morning coffee kicked in and realized that I really have no idea what I was doing and it's better to consult an expert. So, I apologize if I just made your job more difficult than it is and I really REALLY appreciate your help!

What should I do now? should I backup my registry?

Here's the logs I got based on post #3

RogueKiller V8.1.1 [10/01/2012] tigzy 設計製作
電子郵件: tigzyRK<at>gmail<dot>com
意見反應: http://www.geekstogo.com/forum/files...3-roguekiller/
網站: http://tigzy.geekstogo.com/roguekiller.php
部落格: http://tigzyrk.blogspot.com

作業系統: Windows 7 (6.1.7600 ) 64 bits version
開始在 : 標準模式
使用者 : Caroline [系統管理員權限]
模式 : 掃瞄 -- 日期 : 10/21/2012 10:49:22

¤¤¤ 損壞的處理程序 : 0 ¤¤¤

¤¤¤ 系統登錄項目 : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> 找到
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> 找到

¤¤¤ 特定檔案/資料夾: ¤¤¤

¤¤¤ 驅動程式 : [未載入] ¤¤¤

¤¤¤ HOSTS 檔: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR 檢查: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK7559GSXP +++++
--- User ---
[MBR] 00008b6b67a5062727341ec8837d87e2
[BSP] 86b5acc9bb9a0a56824020b80d4b0420 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 345600 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 735258624 | Size: 356390 Mo
User = LL1 ... OK!
User = LL2 ... OK!

完成 : << RKreport[1].txt >>
RKreport[1].txt




# AdwCleaner v2.005 - Logfile created 10/21/2012 at 10:54:04
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Caroline - CAROLINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Caroline\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com

-\\ Mozilla Firefox v12.0 (en-US)

Profile name : default
File : C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\kfox4hvu.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "Facemoods Search");
Deleted : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Deleted : user_pref("extensions.facemoods.firstRun", false);
Deleted : user_pref("extensions.facemoods.lastActv", "5");

*************************

AdwCleaner[R1].txt - [2908 octets] - [21/10/2012 10:51:46]
AdwCleaner[R2].txt - [2968 octets] - [21/10/2012 10:51:58]
AdwCleaner[S1].txt - [2838 octets] - [21/10/2012 10:54:04]

########## EOF - C:\AdwCleaner[S1].txt - [2898 octets] ##########