Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infection IE8 - Searchqu Toolbar & ShopperReports

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » May 28th, 2011, 12:46 pm

Hello,

I have (at least) 2 malware in my IE8:
- Searchqu Toolbar and the search zone of IE8 changes from google to Searchqu
- a ShopperReports panel wich appear anytime
It is very nasty for our childrens ... and us.

I saw i can not apply cleaning procedure suggested to another PC, so i post you the information you asked.
Is it possible to help me ?

Thanks a lot.

DDS.txt:
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Scherer at 18:31:57 on 2011-05-28
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3327.2502 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\FreeWheel\FreeWheel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Java\Java Update\jucheck.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scherer\Bureau\dds.com
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.be/




Attach.txt :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume3
Install Date: 9/09/2008 16:22:01
System Uptime: 28/05/2011 11:40:54 (7 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K/EPU
Processor: Processeur Intel Pentium III Xeon | LGA775 | 2504/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 581,161 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 49 GiB total, 28,399 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&1400782C&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&1400782C&0
Service: i8042prt
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 5130c-2
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5130c-2
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP512: 20/03/2011 18:26:05 - Point de vérification système
RP513: 20/03/2011 19:38:23 - Point de vérification système
RP514: 22/03/2011 12:27:30 - Point de vérification système
RP515: 23/03/2011 13:55:27 - Point de vérification système
RP516: 26/03/2011 10:07:43 - Point de vérification système
RP517: 27/03/2011 12:20:29 - Point de vérification système
RP518: 29/03/2011 12:22:33 - Point de vérification système
RP519: 3/04/2011 11:35:46 - Point de vérification système
RP520: 5/04/2011 15:58:12 - Point de vérification système
RP521: 7/04/2011 14:17:22 - Point de vérification système
RP522: 17/04/2011 16:39:34 - Point de vérification système
RP523: 18/04/2011 19:57:35 - Point de vérification système
RP524: 21/04/2011 12:43:59 - Point de vérification système
RP525: 23/04/2011 12:42:00 - Point de vérification système
RP526: 24/04/2011 13:39:16 - Point de vérification système
RP527: 25/04/2011 14:22:39 - Point de vérification système
RP528: 25/04/2011 23:18:47 - Software Distribution Service 3.0
RP529: 27/04/2011 13:08:57 - Point de vérification système
RP530: 29/04/2011 18:38:35 - Point de vérification système
RP531: 30/04/2011 19:37:01 - Point de vérification système
RP532: 2/05/2011 18:16:21 - Point de vérification système
RP533: 4/05/2011 18:02:00 - Point de vérification système
RP534: 5/05/2011 20:18:03 - Point de vérification système
RP535: 10/05/2011 10:10:09 - Point de vérification système
RP536: 13/05/2011 18:58:29 - Point de vérification système
RP537: 17/05/2011 17:08:08 - Point de vérification système
RP538: 19/05/2011 14:44:52 - Point de vérification système
RP539: 20/05/2011 19:22:41 - Point de vérification système
RP540: 22/05/2011 12:40:04 - Point de vérification système
RP541: 23/05/2011 18:31:00 - Point de vérification système
RP542: 25/05/2011 19:44:05 - Point de vérification système
RP543: 28/05/2011 12:25:19 - Point de vérification système
RP544: 28/05/2011 14:01:09 - Installé Command & Conquer Generals
RP545: 28/05/2011 18:17:28 - Installed HiJackThis
.
==== Installed Programs ======================
.
7-Zip 4.57
ACTIMATH
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.2 - Français
Adobe Shockwave Player 11.5
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AI Suite
Air Shark 2
Alex Builds His Farm
AMR to MP3 Converter 1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoCAD 2007 - English
Autodesk DWF Viewer
avast! Free Antivirus
Belgium e-ID middleware 3.5.4 (build 6535)
BitTorrent
Bonjour
BufferChm
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
Cars
Casper La ruelle hantée
CCleaner
CDDRV_Installer
Colin McRae Rally 2005
Command & Conquer Generals
CorelDRAW 10
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
CP avec Disney le Livre de la Jungle
D6100
D6100_D7100_D7300_Help
Destination Component
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
DVDStyler v1.8.0.2
eSupportQFolder
EtiketaGoGo v3.3.2
F1 Challenge 99-02
FlightGear v1.9.1
Franklin va à l'école
Free Easy Burner V 4.1
Free M4a to MP3 Converter 5.9
FreeWheel
GeoGebra
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Earth
GPBaseService
GPBaseService2
Graphmatica 1.60e
Heroes of Might and Magic V - Collectors Edition
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Document Manager 1.2
HP Imaging Device Functions 11.5
HP Photosmart and Deskjet 7.0 Software (fra)
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP PrecisionScan LTX
HP Scanjet G3110 11.5
HP Solution Center 13.0
HP Update
hpg3110
hpg3110QFolder
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
InstantShareDevicesMFC
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Joue et apprends - Jouer en réfléchissant
Jungle Book Learning 1st Grade Fix
K-Lite Codec Pack 5.8.3 (Basic)
KhalSetup
Lapin Malin Maternelle 2 + Atelier de dessin & de musique
Lapin Malin, Le globe magique
LaserJet 1020 series
Lecteur Windows Media 11
Logitech Communications Manager
Logitech SetPoint
MagicDisc 2.7.106
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional avec FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2296199)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2436673)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2503658)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2506223)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2511455)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969897)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB971961)
Mise à jour de sécurité pour Windows XP (KB972260)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974455)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB976325)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows Internet Explorer 8 (KB980302)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Mise à jour pour Windows XP (KB976749)
Mise à jour pour Windows XP (KB978207)
Mise à jour pour Windows XP (KB980182)
MobileMe Control Panel
Module de compatibilité pour Microsoft Office System 2007
Mozilla Firefox (3.6.15)
MSVC80_x86_v2
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OpenAL
OrderReminder HP LaserJet 1020
Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4)
Package de pilotes Windows - Nokia Modem (10/05/2009 4.2)
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PanoStandAlone
PC Connectivity Solution
PDFill PDF Editor with FREE PDF Writer and Tools
PDFill PDF Writer
Picasa 3
PicPick
Plume et Youri
PSSWCORE
QuestScan 1.0 build 129 powered by FIRST SEARCHBAR
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Services Off-line de Home'Bank 5.11
ShopperReports
SolutionCenter
Status
SUPER © Version 2010.bld.39 (Oct 24, 2010)
SUPERAntiSpyware
Toolbox
TrayApp
Uniblue ProcessScanner
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
WZebra 4.2.4
Xvid Video Codec
Zoo Empire
.
==== Event Viewer Messages From Past Week ========
.
28/05/2011 14:00:24, error: Service Control Manager [7000] - Le service SASDIFSV n'a pas pu démarrer en raison de l'erreur : Impossible de créer un fichier déjà existant.
28/05/2011 11:42:17, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
28/05/2011 11:42:13, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
25/05/2011 18:57:48, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
24/05/2011 9:28:47, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
24/05/2011 21:05:41, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
24/05/2011 21:05:41, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
24/05/2011 13:08:20, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
24/05/2011 13:08:17, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
24/05/2011 13:01:05, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
23/05/2011 18:15:47, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
22/05/2011 10:10:45, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
21/05/2011 18:00:02, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
21/05/2011 14:22:16, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
.
==== End Of File ===========================
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm
Advertisement
Register to Remove

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » May 30th, 2011, 11:07 am

Checking your logs... be back soon with instructions.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » May 30th, 2011, 12:36 pm

Hello BriquesEtBlocs ... Welcome to the forum.

My name is Wingman, and I'll be helping you with any malware problems.
The logs I request can take a while to research, so please be patient, also I do not read French... so I may ask for translations. ;)

Before we begin...please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so or install any other software (or hardware) during the cleaning process.
  4. Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  5. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  6. Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
  7. Failure to respond for 3 days, will result in your topic being closed.

Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
If you already have this program installed, please proceed to the Run: portion of these instructions.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
ERUNT utility program
Download:

  1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
  2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
  3. Use the default install settings...
  4. Make sure the first two check boxes -> (Create ERUNT and NTREGOPT desktop icons) are checked.
    Say "NO" if prompted or asked if you want to add ERUNT to the Start-Up folder. You can enable this later.
  5. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  6. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
  7. Click on OK ... then click on "YES" to create the folder.
Run:
This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.
  1. Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
P2P Advisory!
IMPORTANT There are signs of one or more P2P (Peer to Peer) File Sharing Programs installed on your computer.
BitTorrent

As long as you have the P2P program(s) installed, per Forum Policy, I can offer you no further assistance.
If you choose NOT to remove the program(s)...indicate that in your next reply and this topic will be closed.
Otherwise, please perform the following steps:
Remove P2P Program(s)
  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate the following program:
    BitTorrent
    Adobe Reader 9.4.2 - Français <<--- This is out-dated, we will install a newer version, later.
    Java Auto Updater
    ShopperReports
  3. Click on the Change/Remove button to uninstall it.
    Repeat steps 2 and 3 for each program listed.
  4. When the program(s) have been uninstalled... Close Add/Remove Programs. Close Control Panel.

By using any form of P2P networking to download files you can anticipate infestations of malware to occur. The P2P program
itself, may be safe but the files may not... use P2P at your own risk! Keep in mind that this practice may be the source of your current malware infestation.
Reference... siting risk factors, using P2P programs: How to Prevent the Online Invasion of Spyware and Adware

Step 3.
DDS Scan - Re-run ,
The DDS log you posted was incomplete... if you still have the full DDS.txt file, please copy and paste it into your next reply.
Otherwise... please
    Disable any script blocking software you have running before running DDS.
  1. Re-run DDS
    A black window will open with some instructions/comments...
  2. When done, DDS will open the DDS.txt log
    Caution: The log will NOT be saved... you must save them to your desktop.
  3. Please post the DDS.txt file contents in your next reply.

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. P2P program removed?
  3. Complete DDS.txt file contents.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 2nd, 2011, 2:30 am

Hello Wingman,

Thanks for helping me.
It seems to be a long way ... I begin now and come back with results ASAP.

I hope i will be back soon.
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 2nd, 2011, 3:17 am

Ok, I'm allways there.
I made a copy of the registry. The folder was created. Everything seems ok.
I succed to remove the 4 program's you asked to remove. Normally, no more P2P Program.
I was unable to run DDS.scr so I install a fix in the registry and i works well now.

ShopperReport doen't appear anymore. Thanks.
I have still the Searchqu toolbar.

Here are the logs from dds.
Thanks again for your time.


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Scherer at 9:01:47 on 2011-06-02
Microsoft Windows XP Professionnel 5.1.2600.3.1252.32.1036.18.3327.2752 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\FreeWheel\FreeWheel.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scherer\Bureau\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10o_ActiveX.exe -update activex
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\fichiers communs\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LVCOMSX] "c:\program files\fichiers communs\logishrd\lcommgr\LVComSX.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\fichiers communs\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\scherer\menudm~1\progra~1\dmarra~1\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\scherer\menudm~1\progra~1\dmarra~1\freewh~1.lnk - c:\program files\freewheel\FreeWheel.exe
uPolicies-explorer: NoSMMyPictures = 0 (0x0)
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
Trusted Zone: cite-sciences.fr\billets
Trusted Zone: efficy.com\valens
Trusted Zone: kaupthing.be\my
Trusted Zone: partenamut.be\www
Trusted Zone: soficom.be\webmail
Trusted Zone: ucl.ac.be\www.ailv
DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} - hxxps://ccff02.minfin.fgov.be/CCFF_Auth ... apicom.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\scherer\application data\mozilla\firefox\profiles\a0fa4qwv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - Ext: Belgium eID: belgiumeid@eid.belgium.be - c:\program files\mozilla firefox\extensions\belgiumeid@eid.belgium.be
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-9-12 294608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-9-12 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]
S2 gupdate;Service Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S2 QuestScan Service;QuestScan Service;c:\documents and settings\all users\application data\questscan\questscan129.exe [2011-5-22 45056]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usbxp.sys [2004-4-30 24832]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-4-9 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-4-9 8320]
.
=============== Created Last 30 ================
.
2011-05-28 16:17:33 388096 ----a-r- c:\documents and settings\scherer\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-28 16:17:33 -------- d-----w- c:\program files\Trend Micro
2011-05-19 15:20:07 -------- d-----w- c:\documents and settings\scherer\local settings\application data\Ilivid Player
2011-05-19 15:19:58 -------- d-----w- c:\documents and settings\scherer\application data\searchquband
2011-05-19 15:19:02 -------- d-----w- c:\documents and settings\scherer\application data\searchqutoolbar
2011-05-19 15:18:58 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-05-19 15:18:53 -------- d-----w- c:\documents and settings\scherer\local settings\application data\PackageAware
2011-05-19 15:12:37 650752 ----a-w- c:\windows\system32\xvidcore.dll
2011-05-19 15:12:37 240640 ----a-w- c:\windows\system32\xvidvfw.dll
2011-05-19 15:12:37 152064 ----a-w- c:\windows\system32\xvid.ax
2011-05-19 15:12:36 -------- d-----w- c:\program files\Xvid
2011-05-19 15:12:03 -------- d-----w- c:\program files\QuestScan
2011-05-19 15:12:03 -------- d-----w- c:\documents and settings\all users\application data\QuestScan
2011-05-08 19:24:05 -------- d-----w- c:\program files\iPod
2011-05-08 19:24:03 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2011-05-16 17:50:04 12400 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-27 09:10:31 21840 ----atw- c:\windows\system32\SIntfNT.dll
2011-03-27 09:10:31 17212 ----atw- c:\windows\system32\SIntf32.dll
2011-03-27 09:10:31 12067 ----atw- c:\windows\system32\SIntf16.dll
2011-03-07 05:33:47 692736 ----a-w- c:\windows\system32\inetcomm.dll
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
.
============= FINISH: 9:02:00,76 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professionnel
Boot Device: \Device\HarddiskVolume3
Install Date: 9/09/2008 16:22:01
System Uptime: 2/06/2011 8:44:44 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5K/EPU
Processor: Processeur Intel Pentium III Xeon | LGA775 | 2504/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 580,289 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 49 GiB total, 28,399 GiB free.
H: is CDROM ()
I: is Removable
J: is Removable
K: is Removable
L: is Removable
N: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: Logitech
Name: PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F03\4&1400782C&0
Manufacturer: Logitech
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F03\4&1400782C&0
Service: i8042prt
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 5130c-2
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 5130c-2
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
==== System Restore Points ===================
.
RP512: 20/03/2011 18:26:05 - Point de vérification système
RP513: 20/03/2011 19:38:23 - Point de vérification système
RP514: 22/03/2011 12:27:30 - Point de vérification système
RP515: 23/03/2011 13:55:27 - Point de vérification système
RP516: 26/03/2011 10:07:43 - Point de vérification système
RP517: 27/03/2011 12:20:29 - Point de vérification système
RP518: 29/03/2011 12:22:33 - Point de vérification système
RP519: 3/04/2011 11:35:46 - Point de vérification système
RP520: 5/04/2011 15:58:12 - Point de vérification système
RP521: 7/04/2011 14:17:22 - Point de vérification système
RP522: 17/04/2011 16:39:34 - Point de vérification système
RP523: 18/04/2011 19:57:35 - Point de vérification système
RP524: 21/04/2011 12:43:59 - Point de vérification système
RP525: 23/04/2011 12:42:00 - Point de vérification système
RP526: 24/04/2011 13:39:16 - Point de vérification système
RP527: 25/04/2011 14:22:39 - Point de vérification système
RP528: 25/04/2011 23:18:47 - Software Distribution Service 3.0
RP529: 27/04/2011 13:08:57 - Point de vérification système
RP530: 29/04/2011 18:38:35 - Point de vérification système
RP531: 30/04/2011 19:37:01 - Point de vérification système
RP532: 2/05/2011 18:16:21 - Point de vérification système
RP533: 4/05/2011 18:02:00 - Point de vérification système
RP534: 5/05/2011 20:18:03 - Point de vérification système
RP535: 10/05/2011 10:10:09 - Point de vérification système
RP536: 13/05/2011 18:58:29 - Point de vérification système
RP537: 17/05/2011 17:08:08 - Point de vérification système
RP538: 19/05/2011 14:44:52 - Point de vérification système
RP539: 20/05/2011 19:22:41 - Point de vérification système
RP540: 22/05/2011 12:40:04 - Point de vérification système
RP541: 23/05/2011 18:31:00 - Point de vérification système
RP542: 25/05/2011 19:44:05 - Point de vérification système
RP543: 28/05/2011 12:25:19 - Point de vérification système
RP544: 28/05/2011 14:01:09 - Installé Command & Conquer Generals
RP545: 28/05/2011 18:17:28 - Installed HiJackThis
RP546: 29/05/2011 18:22:00 - Point de vérification système
RP547: 30/05/2011 20:44:59 - Point de vérification système
RP548: 2/06/2011 8:37:02 - Removed Adobe Reader 9.4.2 - Français.
RP549: 2/06/2011 8:41:37 - Supprimé Java(TM) 6 Update 11
RP550: 2/06/2011 8:42:19 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.57
ACTIMATH
Adobe Flash Player 10 ActiveX
Adobe Shockwave Player 11.5
AFPL Ghostscript 8.53
AFPL Ghostscript Fonts
AI Suite
Air Shark 2
Alex Builds His Farm
AMR to MP3 Converter 1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoCAD 2007 - English
Autodesk DWF Viewer
avast! Free Antivirus
Belgium e-ID middleware 3.5.4 (build 6535)
Bonjour
BufferChm
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Cards_Calendar_OrderGift_DoMorePlugout
Cars
Casper La ruelle hantée
CCleaner
CDDRV_Installer
Colin McRae Rally 2005
Command & Conquer Generals
CorelDRAW 10
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB2158563)
Correctif pour Windows XP (KB2443685)
Correctif pour Windows XP (KB952287)
Correctif pour Windows XP (KB961118)
Correctif pour Windows XP (KB970653-v3)
Correctif pour Windows XP (KB976098-v2)
Correctif pour Windows XP (KB979306)
Correctif pour Windows XP (KB981793)
CP avec Disney le Livre de la Jungle
D6100
D6100_D7100_D7300_Help
Destination Component
DeviceManagementQFolder
DocMgr
DocProc
DocProcQFolder
DVDStyler v1.8.0.2
ERUNT 1.1j
eSupportQFolder
EtiketaGoGo v3.3.2
F1 Challenge 99-02
FlightGear v1.9.1
Franklin va à l'école
Free Easy Burner V 4.1
Free M4a to MP3 Converter 5.9
FreeWheel
GeoGebra
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Google Earth
GPBaseService
GPBaseService2
Graphmatica 1.60e
Heroes of Might and Magic V - Collectors Edition
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Document Manager 1.2
HP Imaging Device Functions 11.5
HP Photosmart and Deskjet 7.0 Software (fra)
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP PrecisionScan LTX
HP Scanjet G3110 11.5
HP Solution Center 13.0
HP Update
hpg3110
hpg3110QFolder
hph_ProductContext
hph_readme
hph_software
hph_software_req
HPPhotoSmartExpress
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
InstantShareDevicesMFC
iTunes
Java Auto Updater
Joue et apprends - Jouer en réfléchissant
Jungle Book Learning 1st Grade Fix
K-Lite Codec Pack 5.8.3 (Basic)
KhalSetup
Lapin Malin Maternelle 2 + Atelier de dessin & de musique
Lapin Malin, Le globe magique
LaserJet 1020 series
Lecteur Windows Media 11
Logitech Communications Manager
Logitech SetPoint
MagicDisc 2.7.106
Marvell Miniport Driver
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional avec FrontPage
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)
Mise à jour de sécurité pour Lecteur Windows Media (KB2378111)
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)
Mise à jour de sécurité pour Lecteur Windows Media (KB954155)
Mise à jour de sécurité pour Lecteur Windows Media (KB968816)
Mise à jour de sécurité pour Lecteur Windows Media (KB973540)
Mise à jour de sécurité pour Lecteur Windows Media (KB975558)
Mise à jour de sécurité pour Lecteur Windows Media (KB978695)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2183461)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2360131)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2416400)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2482017)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2497640)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB2510531)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB981332)
Mise à jour de sécurité pour Windows Internet Explorer 8 (KB982381)
Mise à jour de sécurité pour Windows XP (KB2079403)
Mise à jour de sécurité pour Windows XP (KB2115168)
Mise à jour de sécurité pour Windows XP (KB2121546)
Mise à jour de sécurité pour Windows XP (KB2160329)
Mise à jour de sécurité pour Windows XP (KB2229593)
Mise à jour de sécurité pour Windows XP (KB2259922)
Mise à jour de sécurité pour Windows XP (KB2279986)
Mise à jour de sécurité pour Windows XP (KB2286198)
Mise à jour de sécurité pour Windows XP (KB2296011)
Mise à jour de sécurité pour Windows XP (KB2296199)
Mise à jour de sécurité pour Windows XP (KB2347290)
Mise à jour de sécurité pour Windows XP (KB2360937)
Mise à jour de sécurité pour Windows XP (KB2387149)
Mise à jour de sécurité pour Windows XP (KB2393802)
Mise à jour de sécurité pour Windows XP (KB2412687)
Mise à jour de sécurité pour Windows XP (KB2419632)
Mise à jour de sécurité pour Windows XP (KB2423089)
Mise à jour de sécurité pour Windows XP (KB2436673)
Mise à jour de sécurité pour Windows XP (KB2440591)
Mise à jour de sécurité pour Windows XP (KB2443105)
Mise à jour de sécurité pour Windows XP (KB2476687)
Mise à jour de sécurité pour Windows XP (KB2478960)
Mise à jour de sécurité pour Windows XP (KB2478971)
Mise à jour de sécurité pour Windows XP (KB2479628)
Mise à jour de sécurité pour Windows XP (KB2479943)
Mise à jour de sécurité pour Windows XP (KB2481109)
Mise à jour de sécurité pour Windows XP (KB2483185)
Mise à jour de sécurité pour Windows XP (KB2485376)
Mise à jour de sécurité pour Windows XP (KB2485663)
Mise à jour de sécurité pour Windows XP (KB2503658)
Mise à jour de sécurité pour Windows XP (KB2506212)
Mise à jour de sécurité pour Windows XP (KB2506223)
Mise à jour de sécurité pour Windows XP (KB2507618)
Mise à jour de sécurité pour Windows XP (KB2508272)
Mise à jour de sécurité pour Windows XP (KB2508429)
Mise à jour de sécurité pour Windows XP (KB2509553)
Mise à jour de sécurité pour Windows XP (KB2511455)
Mise à jour de sécurité pour Windows XP (KB2524375)
Mise à jour de sécurité pour Windows XP (KB923561)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952004)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953838)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour de sécurité pour Windows XP (KB954211)
Mise à jour de sécurité pour Windows XP (KB954459)
Mise à jour de sécurité pour Windows XP (KB954600)
Mise à jour de sécurité pour Windows XP (KB955069)
Mise à jour de sécurité pour Windows XP (KB956390)
Mise à jour de sécurité pour Windows XP (KB956391)
Mise à jour de sécurité pour Windows XP (KB956572)
Mise à jour de sécurité pour Windows XP (KB956744)
Mise à jour de sécurité pour Windows XP (KB956802)
Mise à jour de sécurité pour Windows XP (KB956803)
Mise à jour de sécurité pour Windows XP (KB956841)
Mise à jour de sécurité pour Windows XP (KB956844)
Mise à jour de sécurité pour Windows XP (KB957095)
Mise à jour de sécurité pour Windows XP (KB957097)
Mise à jour de sécurité pour Windows XP (KB958215)
Mise à jour de sécurité pour Windows XP (KB958644)
Mise à jour de sécurité pour Windows XP (KB958687)
Mise à jour de sécurité pour Windows XP (KB958690)
Mise à jour de sécurité pour Windows XP (KB958869)
Mise à jour de sécurité pour Windows XP (KB959426)
Mise à jour de sécurité pour Windows XP (KB960225)
Mise à jour de sécurité pour Windows XP (KB960714)
Mise à jour de sécurité pour Windows XP (KB960715)
Mise à jour de sécurité pour Windows XP (KB960803)
Mise à jour de sécurité pour Windows XP (KB960859)
Mise à jour de sécurité pour Windows XP (KB961371)
Mise à jour de sécurité pour Windows XP (KB961373)
Mise à jour de sécurité pour Windows XP (KB961501)
Mise à jour de sécurité pour Windows XP (KB963027)
Mise à jour de sécurité pour Windows XP (KB968537)
Mise à jour de sécurité pour Windows XP (KB969059)
Mise à jour de sécurité pour Windows XP (KB969897)
Mise à jour de sécurité pour Windows XP (KB969898)
Mise à jour de sécurité pour Windows XP (KB969947)
Mise à jour de sécurité pour Windows XP (KB970238)
Mise à jour de sécurité pour Windows XP (KB970430)
Mise à jour de sécurité pour Windows XP (KB971468)
Mise à jour de sécurité pour Windows XP (KB971486)
Mise à jour de sécurité pour Windows XP (KB971557)
Mise à jour de sécurité pour Windows XP (KB971633)
Mise à jour de sécurité pour Windows XP (KB971657)
Mise à jour de sécurité pour Windows XP (KB971961)
Mise à jour de sécurité pour Windows XP (KB972260)
Mise à jour de sécurité pour Windows XP (KB972270)
Mise à jour de sécurité pour Windows XP (KB973346)
Mise à jour de sécurité pour Windows XP (KB973354)
Mise à jour de sécurité pour Windows XP (KB973507)
Mise à jour de sécurité pour Windows XP (KB973525)
Mise à jour de sécurité pour Windows XP (KB973869)
Mise à jour de sécurité pour Windows XP (KB973904)
Mise à jour de sécurité pour Windows XP (KB974112)
Mise à jour de sécurité pour Windows XP (KB974318)
Mise à jour de sécurité pour Windows XP (KB974392)
Mise à jour de sécurité pour Windows XP (KB974455)
Mise à jour de sécurité pour Windows XP (KB974571)
Mise à jour de sécurité pour Windows XP (KB975025)
Mise à jour de sécurité pour Windows XP (KB975467)
Mise à jour de sécurité pour Windows XP (KB975560)
Mise à jour de sécurité pour Windows XP (KB975561)
Mise à jour de sécurité pour Windows XP (KB975562)
Mise à jour de sécurité pour Windows XP (KB975713)
Mise à jour de sécurité pour Windows XP (KB976325)
Mise à jour de sécurité pour Windows XP (KB977165)
Mise à jour de sécurité pour Windows XP (KB977816)
Mise à jour de sécurité pour Windows XP (KB977914)
Mise à jour de sécurité pour Windows XP (KB978037)
Mise à jour de sécurité pour Windows XP (KB978251)
Mise à jour de sécurité pour Windows XP (KB978262)
Mise à jour de sécurité pour Windows XP (KB978338)
Mise à jour de sécurité pour Windows XP (KB978542)
Mise à jour de sécurité pour Windows XP (KB978601)
Mise à jour de sécurité pour Windows XP (KB978706)
Mise à jour de sécurité pour Windows XP (KB979309)
Mise à jour de sécurité pour Windows XP (KB979482)
Mise à jour de sécurité pour Windows XP (KB979559)
Mise à jour de sécurité pour Windows XP (KB979683)
Mise à jour de sécurité pour Windows XP (KB979687)
Mise à jour de sécurité pour Windows XP (KB980195)
Mise à jour de sécurité pour Windows XP (KB980218)
Mise à jour de sécurité pour Windows XP (KB980232)
Mise à jour de sécurité pour Windows XP (KB980436)
Mise à jour de sécurité pour Windows XP (KB981322)
Mise à jour de sécurité pour Windows XP (KB981852)
Mise à jour de sécurité pour Windows XP (KB981957)
Mise à jour de sécurité pour Windows XP (KB981997)
Mise à jour de sécurité pour Windows XP (KB982132)
Mise à jour de sécurité pour Windows XP (KB982214)
Mise à jour de sécurité pour Windows XP (KB982665)
Mise à jour de sécurité pour Windows XP (KB982802)
Mise à jour pour Windows Internet Explorer 8 (KB976662)
Mise à jour pour Windows Internet Explorer 8 (KB980182)
Mise à jour pour Windows Internet Explorer 8 (KB980302)
Mise à jour pour Windows XP (KB2141007)
Mise à jour pour Windows XP (KB2345886)
Mise à jour pour Windows XP (KB2467659)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Mise à jour pour Windows XP (KB955759)
Mise à jour pour Windows XP (KB955839)
Mise à jour pour Windows XP (KB967715)
Mise à jour pour Windows XP (KB968389)
Mise à jour pour Windows XP (KB971029)
Mise à jour pour Windows XP (KB971737)
Mise à jour pour Windows XP (KB973687)
Mise à jour pour Windows XP (KB973815)
Mise à jour pour Windows XP (KB976749)
Mise à jour pour Windows XP (KB978207)
Mise à jour pour Windows XP (KB980182)
MobileMe Control Panel
Module de compatibilité pour Microsoft Office System 2007
Mozilla Firefox (3.6.15)
MSVC80_x86_v2
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
OGA Notifier 2.0.0048.0
OpenAL
OrderReminder HP LaserJet 1020
Package de pilotes Windows - Nokia Modem (06/01/2009 7.01.0.4)
Package de pilotes Windows - Nokia Modem (10/05/2009 4.2)
Package de pilotes Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PanoStandAlone
PC Connectivity Solution
PDFill PDF Editor with FREE PDF Writer and Tools
PDFill PDF Writer
Picasa 3
PicPick
Plume et Youri
PSSWCORE
QuestScan 1.0 build 129 powered by FIRST SEARCHBAR
QuickTime
Realtek High Definition Audio Driver
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Services Off-line de Home'Bank 5.11
SolutionCenter
Status
SUPER © Version 2010.bld.39 (Oct 24, 2010)
SUPERAntiSpyware
Toolbox
TrayApp
Uniblue ProcessScanner
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
WebFldrs XP
WebReg
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinZip
WZebra 4.2.4
Xvid Video Codec
Zoo Empire
.
==== Event Viewer Messages From Past Week ========
.
31/05/2011 9:15:01, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
31/05/2011 9:14:59, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
31/05/2011 18:00:05, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
31/05/2011 18:00:03, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
30/05/2011 17:28:55, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
30/05/2011 17:28:49, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
30/05/2011 17:23:53, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
30/05/2011 17:23:53, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
30/05/2011 11:01:25, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
30/05/2011 11:01:23, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
29/05/2011 10:47:38, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
29/05/2011 10:47:35, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
28/05/2011 14:00:24, error: Service Control Manager [7000] - Le service SASDIFSV n'a pas pu démarrer en raison de l'erreur : Impossible de créer un fichier déjà existant.
28/05/2011 11:42:17, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
28/05/2011 11:42:13, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
2/06/2011 8:45:31, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
2/06/2011 8:45:31, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
2/06/2011 8:19:26, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
2/06/2011 8:19:25, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
1/06/2011 13:45:49, error: Service Control Manager [7026] - Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger : i8042prt
1/06/2011 13:45:48, error: Service Control Manager [7009] - Délai (30000 millisecondes) d'attente pour une connexion du service QuestScan Service.
.
==== End Of File ===========================
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » June 2nd, 2011, 1:42 pm

Hello BriquesEtBlocs

Good there is some progress... :)

Please do not make any changes to your system: do not make any registry changes, do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start...then click Run.
  2. In the open text entry box...please copy/paste the following:
    appwiz.cpl
  3. Click the OK...button. It takes a few seconds for the program list to be "populated'.
  4. Locate the following program(s):
    Windows iLivid Toolbar
  5. Press the "Remove" or "Change/Remove"...button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs...some may not have an uninstall feature.
  6. When finished...close/exit Add/Remove Programs.

Step 3.
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


  1. Double-click SystemLook.exe to run it.
  2. Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    
  3. Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 4.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. SystemLook.txt file contents
  3. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 3rd, 2011, 9:41 am

Hello Wingman,

I am surprised. I tough systemlook was only used to find informations. But I seem to be delivred from Searchqu toobar. It doesn't appear anymore in the browser windows nor in the list of available toolbars.
I succeed to install Google as home page and as the default search engine. So i apparently have no more problem.

How is it possible ? Is it your conclusion too ?
Is there anything more to be done ?
May I install back Acrobat Reader ?

Thanks for your answer.


Here is the log of systemlook :

SystemLook 04.09.10 by jpshortstuff
Log created at 20:33 on 02/06/2011 by Scherer
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\Documents and Settings\Scherer\Application Data\Mozilla\Firefox\Profiles\a0fa4qwv.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [15:18 19/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\Documents and Settings\Scherer\Cookies\scherer@searchqu[1].txt --a---- 433 bytes [16:32 02/06/2011] [16:32 02/06/2011] 2920399F3E246D7C11550D5B102ADF0D
C:\Documents and Settings\Scherer\Favoris\MalWare Removal • View topic - Infection IE8 - Searchqu Toolbar & ShopperReports.url --a---- 299 bytes [06:29 02/06/2011] [06:29 02/06/2011] A36C040047E9E5BE1CD57C1125559590
C:\Documents and Settings\Scherer\Local Settings\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1
C:\Documents and Settings\Scherer\Local Settings\Temp\nse2B.tmp\Searchqu Toolbar uninstall.exe --a---- 114444 bytes [18:32 02/06/2011] [15:19 19/05/2011] 8A92C6B74C8F5C4B692E66061F185EB9
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [15:18 19/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-3AB97A8A.pf --a---- 62284 bytes [18:32 02/06/2011] [18:32 02/06/2011] C299B6B99061ECE21C928B99F2BE2C9B

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Program Files\Enlight\Zoo Empire\texture\particle\WhiteSmoke1.dds --a---- 1520 bytes [11:53 21/09/2008] [07:53 11/12/2003] 199AB017C5BFCAAE5CFAB0C508C8A118

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\Documents and Settings\PC Bureau\Application Data\searchquband d------ [19:45 28/05/2011]
C:\Documents and Settings\PC Bureau\Application Data\searchqutoolbar d------ [19:45 28/05/2011]
C:\Documents and Settings\Scherer\Application Data\searchquband d------ [15:19 19/05/2011]

Searching for "*iLivid*"
C:\Documents and Settings\Scherer\Local Settings\Application Data\Ilivid Player d------ [15:20 19/05/2011]
C:\Program Files\Windows iLivid Toolbar d------ [15:18 19/05/2011]

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\ToolBar""
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\ilivid]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqudatamngr"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"removeSearchqutoolbar"="cmd.exe /c RD /S /Q "C:\Program Files\Windows iLivid Toolbar\ToolBar""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe"="C:\Program Files\Windows iLivid Toolbar\ToolBar\dtUser.exe:*:Enabled:DTX broker"
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\ilivid]
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
[HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid]

Searching for "whitesmoke"
No data found.

-= EOF =-
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » June 3rd, 2011, 11:05 am

Hello BriquesEtBlocs

Please do not make any changes to your system: do not make any registry changes, do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

More than likely it was the uninstall of the iLivid Toolbar (which includes Searchqu) that removed the presence of the Searchqu entries. There are still some additional removals to be done.
When we are done, I'll have you install a new version of Adobe Reader, that will be more secure, than the old version.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
OTM
  1. Please download OTM.exe...by Old Timer. Save it to your desktop.
  2. Double click on OTM.exe to run it.
    If you receive the "Open File - Security Warning", please press Run.
  3. Please copy and paste the text in the Code box below, into OTM (1).
    Please refer to the OTM screen image below, for reference.
    Warning: Do not type it out... errors could damage your machine.
    Code: Select all
    :Reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]
    [-HKEY_CURRENT_USER\Software\ilivid]
    [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "removeSearchqudatamngr"=-
    "removeSearchqutoolbar"=-
    [-HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\ilivid]
    [-HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid]
    [-HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid]
    [-HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid]
    
    :Files
    C:\Documents and Settings\Scherer\Application Data\Mozilla\Firefox\Profiles\a0fa4qwv.default\searchplugins\SearchquWebSearch.xml 
    C:\Documents and Settings\Scherer\Cookies\scherer@searchqu[1].txt 
    C:\Documents and Settings\Scherer\Local Settings\Temp\searchqutoolbar-manifest.xml
    C:\Documents and Settings\Scherer\Local Settings\Temp\nse2B.tmp\Searchqu Toolbar uninstall.exe
    C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
    C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-3AB97A8A.pf 
    C:\Documents and Settings\PC Bureau\Application Data\searchquband
    C:\Documents and Settings\PC Bureau\Application Data\searchqutoolbar
    C:\Documents and Settings\Scherer\Application Data\searchquband
    C:\Documents and Settings\Scherer\Local Settings\Application Data\Ilivid Player
    C:\Program Files\Windows iLivid Toolbar
    
    :Commands
    [EmptyTemp]
    [EmptyFlash]
    

    Please refer to this image to use OTM.exe

    Image
  4. Click on MoveIt! (2)
  5. The end results of the processing will be in 2 places:
    • The Results window on the right side of the OTM screen.
    • A log (text) file created in "C:\_OTM\MovedFiles\mmddyyyy_hhmmss.log"
  6. Copy all the text from the Results window... Open Notepad, paste the OTM results into the Notepad file, save it on your desktop.
  7. Click Exit (3) when done.
  8. Please paste the entire content from the OTM (Results) window (Notepad file) or the OTM log file, in your next reply.
NOTE: If your computer did not automatically reboot... please reboot it (normally) now!
Caution: Be careful of what you copy and paste with this tool. OTM is a powerful program, designed to move highly persistent files and folders and is intended by the developer to be used under the guidance and supervision of a trained malware removal expert.


Step 3.
System Look
Please rerun this step... lets make sure we got everything.
  1. Double-click SystemLook.exe to run it.
  2. Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    
  3. Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  4. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

Step 4.
Reset IP-Flush DNS-Renew IP
We'll release your IP address settings, flush the DNS resolver cache, then renew you IP address settings.
This will eliminate any old cached items that may cause redirections to the old search entries.
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    ipconfig /release
    ipconfig /flushdns
    ipconfig /renew
    del %0
  2. Save the Notepad file on your desktop...as DNSreset.bat... save type as "All Files"
    Image
    DNSreset.bat <<------------- you should see this on your desktop.
  3. Double click on DNSreset.bat to run it.
    A black CMD window will flash, then disappear...this is normal. The batch file will be deleted when finished.
  4. The IP address settings should be released and renewed and the DNS cache flushed.

Step 5.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. OTM scan results.
  3. SystemLook.txt file contents
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 4th, 2011, 6:01 am

Hello Wingman,

All this has been done.
No problem during the process. Only one things : OTM resart my computer so I couldn't copy the contend of the result windows.
I give you the contend of the log file.
The PC works well. No specific point to be mentionned.

I saw in the Systemlook logfile that it remained a cookies with 'searchqu' in the name. I delete cookies from IE and run again systemlook. It seems to be deleted.
'Zoo Empire' is a children game we buy with a CDROM.

Anything else to be done ?


OTM Logfile:
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqudatamngr not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\removeSearchqutoolbar not found.
Registry key HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\ilivid\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\iLivid\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-789336058-1801674531-1003\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.6.false\C:\Program Files\iLivid\ not found.
========== FILES ==========
C:\Documents and Settings\Scherer\Application Data\Mozilla\Firefox\Profiles\a0fa4qwv.default\searchplugins\SearchquWebSearch.xml moved successfully.
File/Folder C:\Documents and Settings\Scherer\Cookies\scherer@searchqu[1].txt not found.
C:\Documents and Settings\Scherer\Local Settings\Temp\searchqutoolbar-manifest.xml moved successfully.
File/Folder C:\Documents and Settings\Scherer\Local Settings\Temp\nse2B.tmp\Searchqu Toolbar uninstall.exe not found.
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
C:\WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-3AB97A8A.pf moved successfully.
C:\Documents and Settings\PC Bureau\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\PC Bureau\Application Data\searchqutoolbar folder moved successfully.
C:\Documents and Settings\Scherer\Application Data\searchquband folder moved successfully.
C:\Documents and Settings\Scherer\Local Settings\Application Data\Ilivid Player folder moved successfully.
File/Folder C:\Program Files\Windows iLivid Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Enfants
->Temp folder emptied: 124666615 bytes
->Temporary Internet Files folder emptied: 108435477 bytes
->Java cache emptied: 81313 bytes
->Flash cache emptied: 19530 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 1355272 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PC Bureau
->Temp folder emptied: 12060343 bytes
->Temporary Internet Files folder emptied: 1016210 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 142555516 bytes
->Flash cache emptied: 2401 bytes

User: Scherer
->Temp folder emptied: 11623378 bytes
->Temporary Internet Files folder emptied: 430019068 bytes
->Java cache emptied: 250314 bytes
->FireFox cache emptied: 23720887 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1891897 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351795 bytes
%systemroot%\System32 .tmp files removed: 9286144 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1583887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 105534763 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1229747 bytes
RecycleBin emptied: 101734096 bytes

Total Files Cleaned = 1 030,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06042011_112411

Files moved on Reboot...
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\Q3CRI5KJ\Outils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\Q3CRI5KJ\~$tils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\MTK7YP8T\Outils d évaluation - Mathématiques - Phénomènes aléatoires not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\MTK7YP8T\~$tils d évaluation - Mathématiques - Phénomènes aléatoires not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\KHIBWXUN\Outils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\KHIBWXUN\~$tils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\9R3PADAL\Outils d évaluation - Mathématiques - Figures géométriques not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\9R3PADAL\~$tils d évaluation - Mathématiques - Figures géométriques not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\89IJSLIJ\Outils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\89IJSLIJ\~$tils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\4Z2ZITA5\Outils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\4Z2ZITA5\~$tils d évaluation - Mathématiques - Grandeurs et fonctions not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\4H6FI3O9\Outils d évaluation - Mathématiques - Phénomènes aléatoires not found!
File C:\Documents and Settings\Scherer\Local Settings\Temporary Internet Files\Content.IE5\4H6FI3O9\~$tils d évaluation - Mathématiques - Phénomènes aléatoires not found!
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Systemlook logfile:
SystemLook 04.09.10 by jpshortstuff
Log created at 11:51 on 04/06/2011 by Scherer
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchqu*"
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\Scherer\Application Data\Mozilla\Firefox\Profiles\a0fa4qwv.default\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [15:18 19/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\Scherer\Local Settings\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [13:32 02/03/2011] [13:32 02/03/2011] AA709C3696701CC2792A44116E7D83A1
C:\_OTM\MovedFiles\06042011_112411\C_Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml --a---- 5529 bytes [15:18 19/05/2011] [12:24 23/03/2011] F69CD0E8BF2F78CFD7D5FBA59D4B8B89
C:\_OTM\MovedFiles\06042011_112411\C_WINDOWS\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-3AB97A8A.pf --a---- 62284 bytes [18:32 02/06/2011] [18:32 02/06/2011] C299B6B99061ECE21C928B99F2BE2C9B

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Program Files\Enlight\Zoo Empire\texture\particle\WhiteSmoke1.dds --a---- 1520 bytes [11:53 21/09/2008] [07:53 11/12/2003] 199AB017C5BFCAAE5CFAB0C508C8A118

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\PC Bureau\Application Data\searchquband d------ [19:45 28/05/2011]
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\PC Bureau\Application Data\searchqutoolbar d------ [19:45 28/05/2011]
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\Scherer\Application Data\searchquband d------ [15:19 19/05/2011]

Searching for "*iLivid*"
C:\_OTM\MovedFiles\06042011_112411\C_Documents and Settings\Scherer\Local Settings\Application Data\Ilivid Player d------ [15:20 19/05/2011]

Searching for "*whitesmoke*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
No data found.

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

-= EOF =-
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » June 7th, 2011, 5:46 pm

Hello BriquesEtBlocs

I'm sorry for the delay getting back to you... I didn't receive the notification you had replied.

Sounds like your system is running pretty good. We need to update your version of Java... out-dated version are subject to malware attacks.
I want to run some additional scans, let's make sure there's nothing hiding the corniers.

Please do not make any changes to your system: do not make any registry changes, do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2.
Java Update Needed!
Your Java is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older versions of Java components and update:

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD UPDATED VERSION
  1. Get the latest version of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Look for "Java SE 6 Update 26"
  3. Click the "Download JRE" button to the right.
  4. Check "Accept License Agreement "
  5. Locate the entry for Windows x86 Offline and click on the associated file name, save the file to your desktop.
<STOP> Do not install the new version of Java yet. We need to do some cleanup first!

REMOVE OLD JAVA VERSIONS
  1. Close any programs you may have running - especially your web browser.
  2. Go to Start > Settings > Control Panel.
  3. Double-click on Add/Remove Programs ...remove all older versions of Java.
  4. Locate the following program(s):
    Java(TM) 6 Update 23
  5. Click the Remove or Change/Remove button...follow any onscreen instructions for the Java uninstaller.
  6. When all Java components are removed... Exit Add/remove Programs and Control Panel.
    Delete old Java Folder
    • Right click on the Start...button.
    • Select Explore...from the menu.
    • Navigate to and find the following folder: if found, delete it.
      It's possible it may have been removed by the uninstall steps
      C:\Program Files\Java\ <==== delete this entire folder
    • When finished, close and exit Explorer.

INSTALL UPDATED VERSION
  1. Close all open applications (standard), especially your browser.
  2. From desktop... double-click on jre-6u26-windows-i586.exe to install the newest version.
  3. Follow the on-screen directions...when installation is completed successfully, reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.
OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel... click on the JAVA icon.
  2. Press the Update tab... UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK... then close the Java Control Panel. close and exit Control Panel.

Step 3.
Malwarebytes' Anti-Malware
Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
Alternate download sites available here or here.
  1. Make sure you are connected to the Internet.
  2. Double-click on mbam-setup.exe to install the application.
  3. When the installation begins, follow the prompts and do not make any changes to default settings.
  4. When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware <<---Important!
    • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    MBAM will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself.
    • Press the OK button to close that box and continue.
    • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
  1. Make sure the "Perform Quick Scan" option is selected.
  2. Then click on the Scan button.
  3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  4. Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  1. Click on the Show Results button to see a list of any malware that was found.
  2. Check all items except any items (if present) in the C:\System Volume Information folder... then click on Remove Selected.
    We will take care of the System Volume Information items later.
    When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  3. Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 4.
OTM - Clean up
  1. Double click on OTM.exe to run it.
  2. Click on CleanUp!
  3. When done, you will be prompted to restart your computer. Please do so at this time.
If your computer does not automatically restart, please restart it manually.

Step 5.
ESET NOD32 Online Scan
Note: If using Mozilla Firefox you will need to download "esetsmartinstaller_enu.exe" when prompted... then double click on it to install.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan.
Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
** Make sure you are using an account that has Administrative privileges **
    Press the "ESET Online Scanner" button.
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"... a window will open... it may appear nothing is happening... please be patient.
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Leave the "default" settings under Advanced as they are, if not set , please check:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
  5. Click "Start"... ESET scanner will begin to download the virus signatures database.
    When the signatures have been downloaded, the scan will start automatically.
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
Remember to enable your Anti-virus protection... before continuing!

Step 6.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. MBAM scan results
  3. ESET online scan results.
  4. How is the computer behaving?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 10th, 2011, 4:50 pm

Hello Wingman,

I've done all the tasks.
Every thing goes right.
I turn back avast on and superantispyware (I do'nt know if it is the most recommanded anti spyware?)

Here are the logs.



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Version de la base de données: 6821

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/06/2011 22:59:33
mbam-log-2011-06-09 (22-59-33).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 190159
Temps écoulé: 6 minute(s), 6 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QuestScan Service (Adware.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{258C9770-1713-4021-8D7E-1F184A2BD754} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUESTSCAN (Adware.QuestScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QUESTSCAN_SERVICE (Adware.QuestScan) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestScan\DisplayName (Adware.QuestScan) -> Value: DisplayName -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QuestScan\DllPath (Adware.QuestScan) -> Value: DllPath -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
c:\documents and settings\pc bureau\application data\shoppingreport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\db (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\dwld (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\report (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\res1 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096} (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\all users\application data\questscan\questscan129.exe (Adware.Agent.Gen) -> Quarantined and deleted successfully.
c:\windows\wizcrap.dll (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\program files\questscan\questscan.exe (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\Config.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\db\Aliases.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\db\Sites.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\dwld\whitelist.xip (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\report\aggr_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\report\send_storage.xml (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\documents and settings\pc bureau\application data\shoppingreport2\cs\res1\whitelist.dbs (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{f0e1168a-b4b5-484c-b77e-0d28e6b64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=52f67e173e387a408d452545f3a19e5f
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-06-10 08:36:18
# local_time=2011-06-10 10:36:18 (+0100, Paris, Madrid (heure d'été))
# country="Belgium"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1135224 1135224 0 0
# compatibility_mode=768 16777215 100 0 41000642 41000642 0 0
# compatibility_mode=8192 67108863 100 0 80147 80147 0 0
# scanned=188084
# found=1
# cleaned=0
# scan_time=3509
C:\Download\Setup_FreeBurner.exe Win32/Adware.Toolbar.Dealio application (unable to clean)
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » June 11th, 2011, 7:48 am

Hello BriquesEtBlocs

OK... let's continue. After completing these instructions, if the computer is behaving OK, I'll provide some final cleanup steps and some ways to help keep your computer more secure.

Please do not make any changes to your system: do not add or remove any software, run any scans or "fix" programs and/or remove any files unless instructed to do so, by me. Please read these instructions carefully before executing and then perform the steps, in the order given. If you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Step 1.
ERUNT - Emergency Recovery Utility NT
Please run this again, as changes may have occurred between the last run and now. Better to be safe than to be sorry.
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Run:
  1. Please navigate to Start >> All Programs >> ERUNT... double-click ERUNT from the menu.
  2. Click on OK within the pop-up menu.
  3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!


Step 2.
Delete Files
We need to delete some files and folders.
It will be easier and less error prone, if we create a batch file to do this... please follow these steps:
  1. Copy all text in the quote box (below)...to Notepad.
    @echo off
    REM: Delete specific files within a Directory
    del /f /q "C:\Download\Setup_FreeBurner.exe"
    del %0
  2. Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    Image
    delfile.bat <<------------- you should see this on your desktop.
  3. Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  4. The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Step 3.
Please include in your next reply:
  1. Any problem executing the instructions?
  2. How is the computer behaving? Still having problems?
Thanks,
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby BriquesEtBlocs » June 13th, 2011, 4:47 am

Hello wingman,

It's done without problems.
The PC works fine. Nothing else to be mentionned.
Superantispyware ask an update. I wait for your tips in this field.
... and my wife is waiting deseperatly for PDF reader ... ;-)

Thanks.
BriquesEtBlocs
Active Member
 
Posts: 7
Joined: May 28th, 2011, 12:25 pm

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby Wingman » June 13th, 2011, 7:56 am

Hello BriquesEtBlocs

Congratulations... your computer now appears to be malware free! :)
You can update SuperAntispyware once you have completed these steps, as needed.

Step 1.
OTM - Clean up
  1. Double click on OTM.exe to run it.
  2. Click on CleanUp!
  3. When done, you will be prompted to restart your computer. Please do so at this time.
If your computer does not automatically restart, please restart it manually.

Step 2.
You may manually remove any of the remaining programs or reports:
DDS
SystemLook


Step 3.
Update Adobe Reader
Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Choose the preferred language, from the available link.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here...if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete... Close and re-open your Internet browser.

Adobe Reader X - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.
An alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.

Step 4.
Create a new - clean SRP (System Restore Point)
Now that you're clean, it's a great time to create a new, clean SRP and remove any old, possibly compromised, entries.
Create a new SRP
  1. Go to Start > All Programs > Accessories > System Tools > System Restore
  2. Select Create a restore point... then press the Next...button.
  3. Type a name for the new SRP... like All Clean... then press the Create... button.
  4. When finished... press the Close...button.
Remove old SRP entries
  1. Now... Go to Start > Run... type in: cleanmgr...press the OK...button.
    The Disk Cleanup begins "calculating" space savings by compressing old files. This could take several minutes.
  2. When available... select the More Options... tab.
  3. In the System Restore section... Press the Clean up...button.
  4. Reply Yes to the prompt. Press the X to close and exit.
    All existing restore points will be deleted... except the new one you just created.

Please follow these simple guidelines in order to help keep your computer more secure:

Update your Antivirus programs and other programs regularly.
Secunia Personal Software Inspector - Copyright © Secunia. F-secure Health Check - Copyright © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
How to configure and use Automatic Updates in Windows XP
Using Windows Update for Windows XP
Microsoft Update Home

Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want. :)

Malwarebytes' Anti-Malware
You have this installed already, run scans weekly (at least)... make sure you check for updates before running scans.
Download it from Malewarebytes © Malwarebytes Corporation.
Tutorials are available for installing and running, Malwarebytes' Anti-Malware.
Powerful, easy to use and free. For real-time protection you will have to purchase the product.

WinPatrol
Download it from Copyright © BillP Studios
Information about how WinPatrol works, is available Here.
(The free version of WinPatrol... provides limited real-time protection)


No 3rd Party Firewall
Looking over your log, I don't see any evidence of a third party firewall installed. If you have one installed, make sure it's functioning properly.
As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access from the outside world.
Firewalls protect against hackers and malicious intruders.
If you do not have a firewall installed...
I strongly recommend you download a free (for personal use) firewall NOW that monitors traffic in
both directions... from one of these excellent vendors:
  1. Comodo (Is now bundled with AV software, toolbar and search provider. Opt to install only the firewall software... uncheck the rest)
  2. Online Armor Free (Free version at bottom of page (XP/Vista/W7 (32bit).) 64bit version not available yet. Some reported conflicts with Avira AntiVir.
  3. ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)
  4. Ashampoo
If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a very basic firewall. This (XP) firewall is NO replacement for a dedicated software solution. Remember to install and have active, only one firewall at the same time. If you install one of these firewalls, remember to turn off Windows' firewall.


Read, stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly

Please let me know that you completed the cleanup steps, the create/purge System Restore point steps and reviewed the rest of the post. Once I receive your reply, unless there are other malware questions or concerns, I will have this topic closed as resolved.

Stay Safe! ;)
Wingman
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14117
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA

Re: Infection IE8 - Searchqu Toolbar & ShopperReports

Unread postby NonSuch » June 19th, 2011, 2:27 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27304
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware