Uh…we need to run mighty anti-rootkit scan first …
Please download Malwarebytes AntiRootkit and save it to your desktop.
http://www.malwarebytes.org/products/mbar/
Full instructions how to use MBAR
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-rootkit
Please note: This is a beta version so please be sure to read the disclaimer and note of it.
[*] Unzip/unrar MBAR in a folder to your Desktop and MBAR will start.
[*] Click on Next > then on Update button to download fresh definitions.
[*] When database updates click Next
[*] In the following window ensure “Targets” scan for Drivers; Sectors; System are ticked. Then select “Scan button”
[*] If an infection/s are found ensure “Create Restore Point” is checked, then select the “Cleanup Button” to remove threats.
Or if you are sure any entries should not be kept, just untick them. A list of infected files will be listed.
[*] The Clean up procedure will be Scheduled for process.
[*] When complete pop-up will show you. Select the Yes button and the system should re-boot to complete the cleaning process.
Please attach the two following logs from the mbar folder:
system-log.txt
and
mbar-log-year-month-day (hour-minute-second).txt.
Next …
Open notepad and copy/paste the text present inside the code box below:
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
ClearJavaCache::
Folder::
c:\program files\WebSearch
Firefox::
FF - ProfilePath - c:\documents and settings\Guillaume\Application Data\Mozilla\Firefox\Profiles\zkp965b0.default-1376345753671\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchguru.info/?pid=34&r=epp4wWoacZiOvrpnik5GLSs9qjqQQjqL&hid=4143462727663460919&lg=EN&cc=CA&unqvl=43&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchguru.info/?pid=34&r=NE5VPIwp577+yLFHwyk6ixZOekp+4aQo&hid=4143462727663460919&lg=EN&cc=CA&unqvl=43
FF - prefs.js: keyword.URL - hxxp://websearch.searchguru.info/?pid=34&r=epp4wWoacZiOvrpnik5GLSs9qjqQQjqL&hid=4143462727663460919&lg=EN&cc=CA&unqvl=43&l=1&q=
Save this as CFScript.txt
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will will re-run. When finished, it will produce a log for you.
Attach the contents of the log in your next reply. (typical location: C:[b]ComboFix.txt[/b] )