We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
How do you remove "My Fast Web Search" from your computer?
Options
Comments
-
The start of the log mentions Norton a lot
Use the Norton removal tool
http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039:idea:0 -
Turn off Spybots 'TEA TIMER' mode (At least until the problems sorted) ~
Open Spybot
Change Mode (Top) to ADVANCED
Select TOOLS then RESIDENT
UNTICK 'Resident TEA TIMER' (Leave 'SD Helper' TICKED)
................................................................
Open notepad and copy/paste the text in RED below
File::
c:\windows\hpqins15.dat
c:\program files\1bomb.ini
c:\programdata\hash.dat
c:\windows\System32\flvDX.dll
c:\windows\System32\msfDX.dll
c:\windows\System32\nbDX.dll
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
:idea:0 -
Thanks. I have unticked 'tea timer' within spybot, but as far as I know I do not have any Norton software on my PC..?
I've checked the programs list and there's nothing showing. How can I remove it if I don't know which one is supposed to be installed?I Hate Jobsworths!!!0 -
Use the general removal tool then ~
http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html:idea:0 -
ComboFix 10-03-21.05 - Admin 22/03/2010 21:56:42.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3327.1943 [GMT 0:00]
Running from: c:\users\Admin\Downloads\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: PCguard Anti-Virus *On-access scanning enabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: PCguard Anti-Spyware *disabled* (Updated) {307352C6-1CBD-11DB-8AF6-B622A1EF5492}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\program files\1bomb.ini"
"c:\programdata\hash.dat"
"c:\windows\hpqins15.dat"
"c:\windows\System32\flvDX.dll"
"c:\windows\System32\msfDX.dll"
"c:\windows\System32\nbDX.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\1bomb.ini
c:\programdata\hash.dat
c:\windows\hpqins15.dat
c:\windows\System32\flvDX.dll
c:\windows\System32\msfDX.dll
c:\windows\System32\nbDX.dll
.
((((((((((((((((((((((((( Files Created from 2010-02-22 to 2010-03-22 )))))))))))))))))))))))))))))))
.
2010-03-22 22:07 . 2010-03-22 22:07
d
w- c:\users\Admin\AppData\Local\temp
2010-03-22 22:07 . 2010-03-22 22:07
d
w- c:\users\Public\AppData\Local\temp
2010-03-22 22:07 . 2010-03-22 22:07
d
w- c:\users\Default\AppData\Local\temp
2010-03-21 15:07 . 2010-03-21 15:07 388096 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-20 21:36 . 2010-03-20 22:30
d
w- c:\windows\Janes Zoo
2010-03-20 14:13 . 2010-03-21 13:20
d
w- c:\users\Admin\AppData\Roaming\Farm Mania 2
2010-03-20 11:37 . 2010-03-20 11:38
d
w- c:\users\Admin\AppData\Roaming\Bigfish JanesZOO
2010-03-20 11:35 . 2010-03-20 11:35
d
w- c:\program files\bfgclient
2010-03-20 11:33 . 2010-03-20 12:37
d
w- C:\BigFishGamesCache
2010-03-19 20:52 . 2010-03-19 21:15
d
w- c:\programdata\FarmFrenzy3_Arctica
2010-03-19 20:51 . 2010-03-19 20:51
d
w- c:\users\Admin\AppData\Roaming\SpinTop
2010-03-18 20:35 . 2010-03-18 20:37
d
w- c:\program files\Pokemon PC
2010-03-18 20:35 . 2010-02-10 00:50 377 ----a-w- c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\homepg.cmd
2010-03-11 17:10 . 2010-03-11 17:10
d
w- c:\program files\PopCap Games
2010-03-11 12:44 . 2010-03-11 12:44
d
w- c:\programdata\Kodak
2010-03-11 12:44 . 2010-03-11 12:44 114688 ----a-w- c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2010-03-11 07:57 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 07:57 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 07:57 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 20:46 . 2010-03-11 17:10
d
w- c:\programdata\PopCap Games
2010-03-05 08:03 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-04 08:04 . 2010-03-04 08:04 118784 ----a-w- c:\users\Admin\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-03 16:22 . 2010-03-21 16:23 439816 ----a-w- c:\users\Admin\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-03 09:22 . 2010-03-03 09:23
d
w- c:\program files\Jasc Software Inc
2010-02-24 08:02 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 08:01 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 08:01 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 08:01 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 08:01 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 08:01 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 08:01 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 08:01 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 08:01 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 08:01 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 08:01 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 08:01 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 08:01 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-22 22:07 . 2009-11-03 08:26 87594784 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-22 21:30 . 2007-11-25 22:45 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-22 18:46 . 2009-11-03 08:26 1173584 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-21 16:19 . 2007-11-12 18:49
d
w- c:\programdata\Spybot - Search & Destroy
2010-03-20 21:34 . 2007-11-06 09:37
d
w- c:\users\Admin\AppData\Roaming\LimeWire
2010-03-20 19:03 . 2010-01-18 23:02 1 ----a-w- c:\users\Admin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-15 17:24 . 2009-01-10 17:03
d
w- c:\program files\Warcraft III
2010-03-12 13:29 . 2008-07-01 11:17
d
w- c:\users\Admin\AppData\Roaming\Vso
2010-03-11 12:23 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-03-03 19:34 . 2009-07-27 17:10
d
w- c:\users\Admin\AppData\Roaming\HpUpdate
2010-02-25 08:02 . 2007-11-05 14:45 84656 ----a-w- c:\users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 18:54 . 2007-11-05 15:02
d
w- c:\program files\HP
2010-02-24 10:16 . 2009-10-06 08:04 181632
w- c:\windows\system32\MpSigStub.exe
2010-02-19 16:22 . 2009-11-23 16:22 439816 ----a-w- c:\users\Admin\AppData\Roaming\Real\Update\setup3.09\setup.exe
2010-02-06 12:28 . 2010-02-06 12:28 37
w- c:\users\Admin\AppData\Roaming\Microsoft Games\Viva Pinata\CurrentSite\cabit.cmd
2010-02-06 12:28 . 2010-02-06 12:28
d
w- c:\users\Admin\AppData\Roaming\Microsoft Games
2010-02-06 12:27 . 2010-02-06 12:27
d
w- c:\program files\Common Files\Microsoft Games
2010-02-06 12:25 . 2007-04-17 02:35
d--h--w- c:\program files\InstallShield Installation Information
2010-02-04 16:30 . 2010-02-04 16:30
d
w- c:\users\Admin\AppData\Roaming\Malwarebytes
2010-02-04 16:30 . 2010-02-04 16:30
d
w- c:\programdata\Malwarebytes
2010-02-01 22:54 . 2010-02-01 22:53
d
w- c:\program files\iTunes
2010-02-01 22:53 . 2010-02-01 22:53
d
w- c:\program files\iPod
2010-02-01 22:53 . 2007-11-05 21:38
d
w- c:\program files\Common Files\Apple
2010-02-01 22:45 . 2010-02-01 22:45 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-18 22:46 . 2008-12-03 16:15 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 18:46 . 2007-11-08 22:05 1 ----a-w- c:\users\Admin\AppData\Roaming\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-01-07 16:07 . 2010-02-04 16:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2010-02-04 16:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 15:38 . 2010-02-24 08:01 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 08:01 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 08:01 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 08:01 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-02 06:38 . 2010-01-22 07:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:56 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:56 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2009-02-02 251264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 464168]
"eDSMSNfix"="c:\acer\Empowering Technology\eDSMSNfix.exe" [2007-02-08 13312]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-01 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-05-27 2303216]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-18 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Malwarebytes Anti-Malware (reboot)"="d:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-16 151552]
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
homepg.cmd [2010-2-10 377]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 98632]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-17 528384]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-5 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):c6,9c,d1,ee,0b,37,ca,01
R0 ionmj;ionmj;c:\windows\System32\drivers\uggdsy.sys [x]
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-09-22 910600]
R3 Radialpoint Security Services;Virgin Broadband PCguard;c:\program files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe [2009-11-06 175184]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-09-22 693512]
S2 RadialpointSafeConnectAgent;Virgin Broadband PCguard SafeConnectAgent;c:\program files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe RadialpointSafeConnectAgent [x]
S3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectDriver.sys [2008-11-14 161304]
S3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectFilter.sys [2008-11-14 29720]
S3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_VISTA\SafeConnectShim.sys [2008-11-14 29248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-03-22 c:\windows\Tasks\User_Feed_Synchronization-{41B7017B-2578-4253-A871-62DBC1F5525A}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
Supplementary Scan
.
uStart Page = hxxp://myfastwebsearch.com/
mStart Page = hxxp://en.uk.acer.yahoo.com
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4aen60bc.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - https://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=PMXMAS09FFAB&search=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcsau7.dll
FF - plugin: c:\program files\Virgin Broadband\advisor\nprpspa.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-22 22:07
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_USERS\S-1-5-21-3149414705-1355449481-2295768191-1000\Software\SecuROM\License information*]
"datasecu"=hex:76,20,33,7a,9e,82,f3,92,f2,8d,f1,36,fb,c5,6c,f0,57,c8,8d,dd,97,
aa,65,57,f3,58,05,c1,72,9e,5d,ab,87,b7,6e,8c,89,e8,54,01,b7,93,b8,59,27,01,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-03-22 22:10:55
ComboFix-quarantined-files.txt 2010-03-22 22:10
ComboFix2.txt 2010-03-22 17:48
Pre-Run: 34,312,040,448 bytes free
Post-Run: 34,314,280,960 bytes free
- - End Of File - - B23F19739E0CA87644E8544644F3B73AI Hate Jobsworths!!!0 -
Still got the problem?:idea:0
-
Yes, Its still coming up with 'my fast web search' on homepage restart.I Hate Jobsworths!!!0
-
Yes, i changes it within 'internet options', then restarted and it changed back to 'myfastwebsearch'.I Hate Jobsworths!!!0
-
Download SUPERANTISPYWARE (Make sure you click 'DOWNLOAD LATEST VERSION')
http://www.filehippo.com/download_superantispyware/
UPDATE and PERFORM COMPLETE SCAN:idea:0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards