My browser opens on its own...

Solved
Eternall Posted messages 154 Status Member -  
 zouhair -
Hello,

I recently reinstalled my PC, and since then, my browser opens automatically with an advertisement page. This happens with Internet Explorer, Mozilla Firefox, and Google Chrome.
I have just installed my system and its updates, a free antivirus (Avira AntiVir), and Google Chrome.

I scanned my computer using Spybot, Ad-Aware, and Malwarebytes, and deleted the issues they found, but it seems that did not solve the problem.

I am seeking your help before I have to consider reinstalling everything :)

Thank you

Configuration: Windows 7 / Safari 534.24

24 answers

  • 1
  • 2
  1. Anonymous user
     
    Hello,

    * Download AD-Remover to your Desktop.
    http://www.teamxscript.org/adremoverTelechargement.html

    /!\ Close all running applications /!\

    - Double-click on the Ad-remover icon on your Desktop.
    - On the page, click the “search” button
    - Confirm the scan launch
    - Let the tool work.
    - Post the report that appears at the end.

    (The report is also saved under C:\Ad-report(Scan/clean).Txt)

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    @

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
    1. zouhair
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:50:00, on 01/06/2012
      Platform: Unknown Windows (WinNT 6.01.3505 SP1)
      MSIE: Internet Explorer v8.00 (8.00.7601.17514)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Common Files\Java\Java Update\jusched.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
      C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
      C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.exe
      C:\Program Files\OpenOffice.org 3\program\soffice.bin
      C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
      C:\PROGRA~1\MICROS~2\Office12\WINWORD.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Mozilla Firefox\plugin-container.exe
      C:\Program Files\Real\RealPlayer\update\realsched.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\zouhair\Desktop\zik\hijackthis_telechargement_01net.exe
      C:\Users\zouhair\AppData\Local\Temp\01net\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ma/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
      O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
      O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKLM\..\RunOnce: [autoupdater] C:\Users\zouhair\AppData\Roaming\PCTuto\PCTuto\autoupdater.exe -runonce
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe /s
      O4 - HKCU\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
      O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
      O4 - HKCU\..\Run: [REVAService] C:\Program Files\LG Electronics\LG EV-DO Rev.A USB Modem\Modem Software\REVAService.exe
      O4 - HKCU\..\Run: [Facebook Update] "C:\Users\zouhair\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
      O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
      O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
      O9 - Extra button: Statistiques d'Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
      O13 - Gopher Prefix:
      O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www1.tellmemorecampus.com/bin/tol9inst.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A99CDC1F-4EBC-422A-9053-B99A2181812F}: NameServer = 172.16.21.1,212.217.0.1
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0FO\kloehk.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: alfrescoMySQL - Unknown owner - C:\Alfresco1\mysql\bin\mysqld.exe
      O23 - Service: alfrescoTomcat - Apache Software Foundation - C:\ALFRES~1\tomcat\bin\tomcat6.exe
      O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe
      O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
      O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
      O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe

      --
      End of file - 8304 bytes
      0
  2. Eternall Posted messages 154 Status Member 2
     
    Hello, and thank you for this quick response!

    Here is the report:

    ======= AD-REMOVER REPORT 2.0.0.2,G | WINDOWS XP/VISTA/7 ONLY =======

    Updated by TeamXscript on 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (SCAN [1]) -> Launched at 09:46:01 on 06/06/2011, Normal mode

    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Mickael@MICKAEL-PC ( )

    ============== SEARCH ==============

    Folder found: C:\Users\Mickael\AppData\Roaming\PCtuto
    Folder found: C:\Users\Mickael\AppData\Local\PCTuto
    Folder found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
    Folder found: C:\Program Files\PCTuto

    Value found: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto

    ============== ADDITIONAL SCAN ==============

    **** Google Chrome Version [11.0.696.77] ****

    Extension\kincjchfokkeneeofpeefomkikfkiedl (C:\Program Files\Object\chromeaddon.crx) (x)

    -- C:\Users\Mickael\AppData\Local\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Google" (Enabled: true) (?)
    Preferences - homepage: hxxp://www.google.fr/
    Preferences - homepage_is_newtabpage: false
    Plugin - Chrome NaCl (Enabled: false) (C:\Users\Mickael\AppData\Local\Google\Chrome\Application\11.0.696.77\ppGoogleNaClPluginChrome.dll)
    Plugin - "Chrome NaCl" (Enabled: false)

    ========================================

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKCU_Main|Start Page - hxxp://www.google.fr/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKLM_Main|Default_Search_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Search Page - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Start Page - hxxp://go.microsoft.com/fwlink/?LinkId=69157
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 0 File(s)
    C:\Program Files\Ad-Remover\Backup: 1 File(s)

    C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:46:28 (2386 Bytes)

    End at: 09:46:56, 06/06/2011

    ============== E.O.F ==============
    0
  3. Eternall Posted messages 154 Status Member 2
     
    Re, here is the report for step 1:

    ======= AD-REMOVER REPORT 2.0.0.2,G | WINDOWS ONLY XP/VISTA/7 =======

    Updated by TeamXscript on 12/04/11
    Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
    Website: http://www.teamxscript.org

    C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Launched at 10:03:19 on 06/06/2011, Normal mode

    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Mickael@MICKAEL-PC ( )

    ============== ACTION(S) ==============

    Folder deleted: C:\Users\Mickael\AppData\Roaming\PCtuto
    Folder deleted: C:\Users\Mickael\AppData\Local\PCTuto
    Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCTuto
    Folder deleted: C:\Program Files\PCTuto

    (!) -- Temporary files deleted.

    Value deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|PCTuto

    ============== ADDITIONAL SCAN ==============

    **** Google Chrome Version [11.0.696.77] ****

    Extension\kincjchfokkeneeofpeefomkikfkiedl (C:\Program Files\Object\chromeaddon.crx) (x)

    -- C:\Users\Mickael\AppData\Local\Google\Chrome\User Data\Default --
    Preferences - default_search_provider: "Google" (Enabled: true) (?)
    Preferences - homepage: hxxp://www.google.fr/
    Preferences - homepage_is_newtabpage: false
    Plugin - Chrome NaCl (Enabled: false) (C:\Users\Mickael\AppData\Local\Google\Chrome\Application\11.0.696.77\ppGoogleNaClPluginChrome.dll)
    Plugin - "Chrome NaCl" (Enabled: false)

    ========================================

    **** Internet Explorer Version [9.0.8112.16421] ****

    HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
    HKCU_Main|Start Page - hxxp://fr.msn.com/
    HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
    HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
    HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM_Main|Start Page - hxxp://fr.msn.com/
    HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\System32\wpcer.exe (x)
    HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\System32\winfxdocobj.exe (x)
    HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files\Internet Explorer\iedw.exe (x)
    HKLM_Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - "?" (?)

    ========================================

    C:\Program Files\Ad-Remover\Quarantine: 21 File(s)
    C:\Program Files\Ad-Remover\Backup: 15 File(s)

    C:\Ad-Report-CLEAN[1].txt - 06/06/2011 10:03:22 (2689 Bytes)
    C:\Ad-Report-SCAN[1].txt - 06/06/2011 09:46:28 (2524 Bytes)

    Finished at: 10:05:28, 06/06/2011

    ============== E.O.F ==============

    I'll be back in a moment for step 2 ....
    0
  4. Anonymous user
     
    O42 - Logiciel: PCTuto 2.0 - (.PCTuto.) [HKLM] -- PCTuto_is1 => Infection BT (Spyware.AgenceExclusive)
    O42 - Logiciel: PCTuto Avast 2.0 - (.PCTuto.) [HKLM] -- PCTuto Avast_is1 => Infection BT (Spyware.AgenceExclusive)
    O42 - Logiciel: UpdatePCTuto 2.0 - (.PCtuto.) [HKLM] -- UpdatePCTuto_is1 => Infection BT (Spyware.AgenceExclusive)
    [HKCU\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
    [HKLM\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
    [HKCU\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
    [HKLM\Software\PCTuto] => Infection BT (Spyware.AgenceExclusive)
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1]
    [HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1]

    FirewallRAZ
    EmptyTemp
    EmptyFlash
    0
  5. Eternall Posted messages 154 Status Member 2
     
    Re,

    Here is the report for the first part;

    ZHPFix Report 1.12.330 by Nicolas Coolman, Update of 06/05/2011
    Registry Export File: C:\ZHPExportRegistry-06-06-2011-20-40-45.txt
    Run by Mickael at 06/06/2011 20:40:45
    Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)
    Website: http://www.premiumorange.com/zeb-help-process/zhpfix.html

    ========== Software(s) ==========
    ABSENT Uninstall Process: c:\program files\pctuto\unins000.exe
    ABSENT Uninstall Process: c:\program files\pctuto\unins001.exe
    ABSENT Uninstall Process: c:\users\mickael\appdata\roaming\pctuto\updatepctuto\unins000.exe

    ========== Registry Key(s) ==========
    DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto_is1]
    DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1]
    DELETE [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1]
    DELETE HKCU\Software\PCTuto
    DELETE HKLM\Software\PCTuto
    ABSENT HKCU\Software\PCTuto
    ABSENT HKLM\Software\PCTuto
    ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCTuto Avast_is1
    ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PcTuto_is1
    ABSENT HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdatePCTuto_is1

    ========== Registry Value(s) ==========
    ABSENT Standard Profile Value: FirewallRaz :
    ABSENT Domain Profile Value: FirewallRaz :

    ========== Folder(s) ==========
    DELETE Windows Temp: : 19
    DELETE Flash Cookies: 17

    ========== File(s) ==========
    DELETE Windows Temp: : 59
    DELETE Flash Cookies: 6

    ========== Summary ==========
    10: Registry Key(s)
    2: Registry Value(s)
    2: Folder(s)
    2: File(s)
    3: Software(s)

    End of the scan

    I will post the rest in a few minutes.
    0
    1. Anonymous user
       
      Sure, don't forget to click on "Show result" and then on "deselect" at the end of the analysis.
      0
  6. Eternall Posted messages 154 Status Member 2
     
    Re, and here is the continuation:

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6788

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    06/06/2011 23:12:50
    mbam-log-2011-06-06 (23-12-48).txt

    Scan type: Full scan (C:\|D:\|F:\|)
    Item(s) scanned: 491872
    Elapsed time: 2 hour(s), 25 minute(s), 12 second(s)

    Infected memory process(es): 0
    Infected memory module(s): 0
    Infected registry key(s): 0
    Infected registry value(s): 0
    Infected registry data item(s): 0
    Infected folder(s): 0
    Infected file(s): 0

    Infected memory process(es):
    (No harmful item detected)

    Infected memory module(s):
    (No harmful item detected)

    Infected registry key(s):
    (No harmful item detected)

    Infected registry value(s):
    (No harmful item detected)

    Infected registry data item(s):
    (No harmful item detected)

    Infected folder(s):
    (No harmful item detected)

    Infected file(s):
    (No harmful item detected)
    0
  7. Eternall Posted messages 154 Status Member 2
     
    Here it is, it's late, I'm going to bed. I wanted to point out that since your intervention and the manipulations you made me do, I haven't had a single webpage open.

    I look forward to seeing your response, but I already thank you for all the help you have given me :)
    0
  8. Anonymous user
     
    Hello,

    You're welcome :)

    Please prepare a new ZHPDiag report to continue...

    See you later

    --
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
  9. Anonymous user
     
    Re,

    1/
    I advise you to uninstall: Ad-Aware, it's useless!

    2/
    How's your PC?
    Do you have any other issues?

    @+
    --
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
  10. Eternall Posted messages 154 Status Member 2
     
    Here, I have uninstalled Ad-Aware :)

    Can I uninstall the programs ZHPDiag and MBRcheck?

    Thank you :)
    0
  11. Anonymous user
     
    Hi,

    We'll take care of everything, but first tell me if you have any issues?

    See you soon
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
  12. Eternall Posted messages 154 Status Member 2
     
    Well, everything seems to be working fine now :)

    I haven't had the browser opening on its own even once. So everything is great :)
    0
  13. Anonymous user
     
    Re,

    To finish:

    1/

    IMPORTANT

    Purge the system restore points:

    Download OneClick2RestorePoint

    http://www.multifa7.be/Laddy/OneClick2RP.exe

    Mirrors if not accessible:
    http://batchdhelus.open-web.fr/Laddy/OneClick2RP.exe
    https://app.box.com/s/cqcsz5m0oz

    * Double-click on OneClick2RP to run it (Right-click choose Run as administrator under Vista/Seven)
    * Click on the "Purge" button, the Windows cleaning tool will open
    * Choose your main hard drive in general (C:\) ... Wait during the scan...
    * Go to the "Other options" tab
    * In the system restore section, click on the clean button and then on the Delete button.
    * The system restore points will be purged except for the last one created.

    Then with the same tool
    Create a new recognizable restore point

    Help HERE
    2/

    Download DelFix to your desktop.
    * Launch it, type removal then validate

    Wait during the scan until the report opens.

    * Copy/Paste the content of the report into your next reply.

    Note: The report is also located under C:\DelFix.txt

    You can uninstall it

    3/
    Java Update
    * You can check your Java Console:

    Install the new version if needed (in this case uninstall the old version first).

    Here’s how to uninstall:

    JavaRa

    Unzip the file on the Desktop (Right-click > Extract all).
    * Double-click (right-click "as administrator" for Vista) on the JavaRa directory.
    * Then double-click on the JavaRa.exe file (the exe may not be displayed).
    * Choose French then click on Select.
    * Click on Check for updates.
    * Select Update via jucheck.exe then click on Search.
    * Allow the process to connect if prompted, click on Install and follow the installation instructions which take a few minutes.
    * The installation is complete, return to the JavaRa screen and click on Remove old versions.
    * Click Yes to confirm. Let it work and then click OK, then OK again.
    * A report will open. Post it in your next reply.
    * Close the application.

    Note: the report can also be found in C:\ under the name JavaRa.log.
    4/
    Download and install:

    CCleaner Slim version

    * Launch it. (Right-click "as administrator" for Vista and Seven) Go to Options then

    Advanced and uncheck the box Clear only files etc....

    * Go to Cleaner, choose Analyze. Once done, start the cleaning.

    * Then choose Registry, then Search for issues. Once done, fix

    all errors as many times as found during the scan.

    **************** Help HERE ******************

    You can use CCleaner once a week

    5/

    Download updatechecker to inform you of outdated software and also allow you to perform these updates

    Make sure to update Adobe Reader

    6/

    You can also keep Malwarebytes and use it once a week.

    7/

    I recommend using the Firefox browser and installing the add-ons

    WOT to indicate suspicious files and Adblock Plus to block ads...
    8/
    A bit of reading:
    * The dangers of Peer-To-Peer, Emule etc..
    * How to Secure your Computer...

    I await the reports ...

    --
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
  14. Eternall Posted messages 154 Status Member 2
     
    Alright, I'll get started on all of this in the evening as soon as I get back, and I'll keep track of my progress as I go.

    See you later :)
    0
    1. Anonymous user
       
      Alright :)

      See you later!
      0
  15. Eternall Posted messages 154 Status Member 2
     
    Step 1: completed

    Step 2:

    # DelFix v8.0 - Report created on 07/06/2011 at 18:47
    # Updated on 01/06/11 at 1:00 PM by Xplode
    # Operating system: Windows 7 Ultimate (32 bits) [version 6.1.7601] Service Pack 1
    # Username: Mickael - MICKAEL-PC (Administrator)
    # Executed from: C:\Users\Mickael\Desktop\delfix.exe
    # Option [Removal]

    ~~~~~~ Folder(s) ~~~~~~

    Deleted: C:\Program Files\Ad-Remover
    Deleted: C:\Program Files\ZHPDiag
    Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

    ~~~~~~ File(s) ~~~~~~

    Deleted: C:\Ad-Report-CLEAN[1].txt
    Deleted: C:\Ad-Report-SCAN[1].txt
    Deleted: C:\PhysicalDisk0_MBR.bin
    Deleted: C:\ZHPExportRegistry-06-06-2011-20-40-45.txt
    Deleted: C:\Users\Mickael\Desktop\OneClick2RP.exe

    ~~~~~~ Registry ~~~~~~

    Key Deleted: HKCU\SOFTWARE\Ad-Remover
    Key Deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Remover
    Key Deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ~~~~~~ Other ~~~~~~

    -> Prefetch cleared

    ########## EOF - "C:\DelFixSuppr.txt" - [1154 bytes] ##########
    0
    1. Anonymous user
       
      Alright, if you have any issues, feel free to ask me :)
      0
  16. Eternall Posted messages 154 Status Member 2
     
    Step 3:

    When deleting the old versions, it fails to create the report.
    A txt file opens but it is empty.
    0
  17. Eternall Posted messages 154 Status Member 2
     
    Step 4: completed

    Step 5: Update checker does not seem to start.

    Step 6: Ok

    Step 7: Do I need to uninstall Google Chrome? Is it worse than Firefox?

    Step 8: OK :)

    I’m waiting for your response to see if everything is good.
    0
  18. Anonymous user
     
    Re,
    1/
    For step 3, click HERE to install the latest version of Java (Java 6 Update 26).
    Uninstall all lower versions.

    2/
    For step 5
    Install Adobe Reader here, and also uninstall the lower versions.

    3/

    Step 7
    You can keep Google Chrome, but Firefox is recommended with these add-ons.

    @+
    --
    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    Member, Contributor

    -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
    0
  • 1
  • 2