We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Help removing Facemoods please logs included
melmar_2
Posts: 209 Forumite
in Techie Stuff
Hi,i just had a daft moment when i was after a free download and went ahead without thinking.Facemoods is now running the show in Firefox and Google Chrome.
I have run Ccleaner i heve uninstalled,i have tried Glary Utilities,i have ran Combofix, Malewarebytes and HijackThis i did find a reference to Facemoods (just1) so i ticked and deleted thinking that would cure it but no.
its driving me mad now any help would be greatly appreciated have googled the problem where it says get rid in addons etc but not worked.
ComboFix 10-12-02.05 - martyn burke 03/12/2010 10:04:50.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.480.307 [GMT 0:00]
Running from: c:\documents and settings\martyn burke\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 23:39 . 2010-08-22 00:39 57344 ----a-w- c:\windows\system32\CleanMem.exe
2010-09-18 11:23 . 2003-08-01 05:40 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-08-01 05:40 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-08-01 05:40 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-08-01 05:40 953856
w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-08-01 05:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-08-01 05:40 1469440
w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-08-21 23:04 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-21 23:04 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-21 23:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-21 23:04 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-21 23:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-21 23:04 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-08-21 23:04 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-08-21 23:04 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-08-21 23:04 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2006-05-07 10:34 . 2005-05-11 08:26 278528 -c--a-w- c:\program files\Common Files\FDEUnInstaller.exe
2008-06-30 12:44 . 2008-06-24 08:07 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-03-31 11:54 88267 ----a-w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2006-11-30 10:51 935936 ----a-w- c:\program files\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360
w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
2003-06-23 14:33 1171456 ----a-w- c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-10-04 15:12 2260992 ----a-w- c:\windows\kdx\khost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-02-12 16:57 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-02-12 16:59 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XpDis0Conf]
2004-02-20 16:50 32768 ----a-w- c:\progra~1\Belkin\BELKIN~1\TOOL\WinXPDisableZeroConfigation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\sony\\giga pocket\\gps.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\SmartBridge\\BTHelpNotifier.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/08/2010 23:04 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2010 23:04 17744]
R2 SonyKBS;Keyboard State Detection Service;c:\windows\system32\drivers\SonyKBS.sys [28/02/2003 13:12 7936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2010 10:30 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27/08/2009 11:23 13224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [05/08/2008 16:45 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [05/08/2008 16:45 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [05/08/2008 16:45 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [05/08/2008 16:45 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [05/08/2008 16:45 100008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
2010-12-03 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-08-22 23:39]
2010-12-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-16 10:47]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005Core.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005UA.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ppcb
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ppcb&q=
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEyeCheck.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Facemoods: ffxtlbr@Facemoods.com - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\ffxtlbr@Facemoods.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-03 10:17:08
ComboFix-quarantined-files.txt 2010-12-03 10:16
ComboFix2.txt 2010-10-08 20:05
ComboFix3.txt 2010-09-06 21:03
ComboFix4.txt 2010-08-26 14:11
ComboFix5.txt 2010-12-03 10:01
Pre-Run: 6,207,418,368 bytes free
Post-Run: 6,180,331,520 bytes free
- - End Of File - - A706240D113A00A18340AD92C518140A
I have run Ccleaner i heve uninstalled,i have tried Glary Utilities,i have ran Combofix, Malewarebytes and HijackThis i did find a reference to Facemoods (just1) so i ticked and deleted thinking that would cure it but no.
its driving me mad now any help would be greatly appreciated have googled the problem where it says get rid in addons etc but not worked.
ComboFix 10-12-02.05 - martyn burke 03/12/2010 10:04:50.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.480.307 [GMT 0:00]
Running from: c:\documents and settings\martyn burke\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-19 23:39 . 2010-08-22 00:39 57344 ----a-w- c:\windows\system32\CleanMem.exe
2010-09-18 11:23 . 2003-08-01 05:40 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2003-08-01 05:40 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2003-08-01 05:40 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2003-08-01 05:40 953856
w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-23 19:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2003-08-01 05:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2003-08-01 05:40 1469440
w- c:\windows\system32\inetcpl.cpl
2010-09-07 15:12 . 2010-08-21 23:04 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-08-21 23:04 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-08-21 23:04 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-08-21 23:04 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-08-21 23:04 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-08-21 23:04 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-08-21 23:04 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-08-21 23:04 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-08-21 23:04 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2006-05-07 10:34 . 2005-05-11 08:26 278528 -c--a-w- c:\program files\Common Files\FDEUnInstaller.exe
2008-06-30 12:44 . 2008-06-24 08:07 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-26 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Desktop Help.lnk]
backup=c:\windows\pss\BT Broadband Desktop Help.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Timer Recording Manager.lnk]
backup=c:\windows\pss\Timer Recording Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2003-03-31 11:54 88267 ----a-w- c:\windows\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
2006-11-30 10:51 935936 ----a-w- c:\program files\btbb_wcm\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360
w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD]
2003-06-23 14:33 1171456 ----a-w- c:\program files\drag'n drop cd+dvd\BinFiles\DragDrop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
2002-08-20 09:29 40960 ----a-w- c:\windows\system32\ezSP_Px.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2005-10-04 15:12 2260992 ----a-w- c:\windows\kdx\khost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-02-12 16:57 188416 ----a-w- c:\program files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-02-12 16:59 77824 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XpDis0Conf]
2004-02-20 16:50 32768 ----a-w- c:\progra~1\Belkin\BELKIN~1\TOOL\WinXPDisableZeroConfigation.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\sony\\giga pocket\\gps.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\sony\\vaio media 2.5\\Vc.exe"=
"c:\\Program Files\\BT Broadband Desktop Help\\SmartBridge\\BTHelpNotifier.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/08/2010 23:04 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/08/2010 23:04 17744]
R2 SonyKBS;Keyboard State Detection Service;c:\windows\system32\drivers\SonyKBS.sys [28/02/2003 13:12 7936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2010 10:30 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [27/08/2009 11:23 13224]
S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [05/08/2008 16:45 83496]
S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [05/08/2008 16:45 15016]
S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [05/08/2008 16:45 109992]
S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [05/08/2008 16:45 103976]
S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [05/08/2008 16:45 100008]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
Contents of the 'Scheduled Tasks' folder
2010-12-03 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-08-22 23:39]
2010-12-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-08-16 10:47]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-20 10:30]
2010-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005Core.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]
2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1104450739-1078714452-4125110591-1005UA.job
- c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-26 15:55]
.
.
Supplementary Scan
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = about:blank
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ppcb
FF - prefs.js: keyword.URL - hxxp://start.facemoods.com/results.php?f=5&a=ppcb&q=
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
FF - plugin: c:\documents and settings\martyn burke\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPEyeCheck.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\Netscape6\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Facemoods: ffxtlbr@Facemoods.com - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\ffxtlbr@Facemoods.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\documents and settings\martyn burke\Application Data\Mozilla\Firefox\Profiles\rnydxg4y.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 10:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
LOCKED REGISTRY KEYS
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
DLLs Loaded Under Running Processes
- - - - - - - > 'explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-03 10:17:08
ComboFix-quarantined-files.txt 2010-12-03 10:16
ComboFix2.txt 2010-10-08 20:05
ComboFix3.txt 2010-09-06 21:03
ComboFix4.txt 2010-08-26 14:11
ComboFix5.txt 2010-12-03 10:01
Pre-Run: 6,207,418,368 bytes free
Post-Run: 6,180,331,520 bytes free
- - End Of File - - A706240D113A00A18340AD92C518140A
0
Comments
-
Malwarebytes' Anti-Malware 1.46
https://www.malwarebytes.org
Database version: 4460
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03/12/2010 16:42:14
mbam-log-2010-12-03 (16-42-14).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 231946
Time elapsed: 1 hour(s), 26 minute(s), 57 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 16:57:35, on 03/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Documents and Settings\martyn burke\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\sony\giga pocket\shwserv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\sony\giga pocket\RM_SV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/uk/*http://uk.docs.yahoo.com/info/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.sky.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\martyn burke\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5196 bytes
Thank you trying to save time by posting these in front0 -
Malwarebytes is way out of date. UPDATE it and run it again
What exactly is facemoods and where did it come from?:idea:0 -
Hi Alienrik sorry forgot to update Mawarebytes am running another scan now usually takes well over an hour though.
Facemoods is a search browser/engine it came up whilst searching for a freebie download from a motivational speaker on limewire or piratebay,cant remember which was on the phone at the same time and just hit download like a fool not thinking.
First time have tried this,feel a right idiot now.0 -
Updated version:
Malwarebytes' Anti-Malware 1.50
https://www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
03/12/2010 20:25:12
mbam-log-2010-12-03 (20-25-12).txt
Scan type: Full scan (C:\|D:\|E:\|F:\|)
Objects scanned: 234314
Time elapsed: 1 hour(s), 47 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)0 -
Just had a google about facemoods. Any chance that facemoods is just an add-on? If yes, you may be able to disable it/remove it from inside your browsers.0
-
Yep, it should be removeable via firefox's addons menu.The_Grandmaster wrote: »Just had a google about facemoods. Any chance that facemoods is just an add-on? If yes, you may be able to disable it/remove it from inside your browsers.
https://addons.mozilla.org/en-US/firefox/addon/52179/poppy100 -
Hi thanks,
i tried to remove using add ons in Firefox and extensions in Google Chrome but woudn`t work,no idea why not semed straight forward but would not have it.
Even tried uninstalling both and downloading again but still was there, so used Revo Uninstaller this morning and that seems to have done the job.
Only problem is i ticked to save my Bookmarks in Firefox but has not worked cannot get them back up, really gutted about that had quite a list of stuff that wanted to keep.
If anybody knows how or any advice on that, would be greatly appreciated!
Thanks
melmar0 -
i tried to remove using add ons in Firefox and extensions in Google Chrome but woudn`t work,no idea why not semed straight forward but would not have it.
One tip here, may be useful to others in the future.
If an add-on is greyed out, unable to un-install/disable, open Firefox via Right Click -Run as Administrator- via the Start menu (not desktop shortcut).Move along, nothing to see.0 -
thanks spud,will remember that, wish id known earlier, gutted about bookmarks.
cheers anyway0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 619.9K Mortgages, Homes & Bills
- 176.4K Life & Family
- 255.9K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards