MyWebSearch Hijack

waddler_8

One last go.

Download SystemLook from the link below and save it to your Desktop.

LINK

• Right click SystemLook.exe & choose "Run as Administrator" to run it.
• Copy the content of the following codebox into the main textfield:

  :filefind
  user.js
  prefs.js
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

montymud

ok, be right back again lol

waddler_8

What I'm aiming to do is find & look into all the firefox preference files (prefs.js , user.js) to see if we can see anything related to MyWebSearch

montymud

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 13/11/2012 by Abbie
Administrator - Elevation successful

========== filefind ==========

Searching for "user.js"
No files found.

Searching for "prefs.js"
C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\4ytq0hwq.default\prefs.js

---

6446 bytes [23:01 13/11/2012] [23:01 13/11/2012] 5A846AAF1E850E68C42C1BA035BB5B25

-= EOF =-

waddler_8

• Right click SystemLook.exe & choose "Run as Administrator" to run it.
• Copy the content of the following codebox into the main textfield:

  :contents
  C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\4ytq0hwq.default\prefs.js
  

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Post this log in your next reply.

montymud

SystemLook 30.07.11 by jpshortstuff
Log created at 23:59 on 13/11/2012 by Abbie
Administrator - Elevation successful

========== contents ==========

C:\Users\Abbie\AppData\Roaming\Mozilla\Firefox\Profiles\4ytq0hwq.default\prefs.js - Opened succesfully.

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "http://search.alot.com/web?src_id=31155&client_id=486181e4d67418c548dc0808&camp_id=5106&install_time=2012-08-31T17:09:16Z&pr=auto&tb_version=1.0.19000(G)&q=");
user_pref("accessibility.browsewithcaret", true);
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1352799567);
user_pref("app.update.lastUpdateTime.background-update-timer", 1352802650);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1352799687);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1352833413);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1352824792);
user_pref("browser.cache.disk.capacity", 1048576);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size_cached_value", 1048576);
user_pref("browser.download.lastDir", "C:\\Users\\Abbie\\Pictures");
user_pref("browser.fullscreen.autohide", false);
user_pref("browser.migration.version", 6);
user_pref("browser.pagethumbnails.storage_version", 2);
user_pref("browser.places.smartBookmarksVersion", 4);
user_pref("browser.preferences.advanced.selectedTabIndex", 1);
user_pref("browser.rights.3.shown", true);
user_pref("browser.search.useDBForOrder", "");
user_pref("browser.startup.homepage_override.buildID", "20121024073032");
user_pref("browser.startup.homepage_override.mstone", "16.0.2");
user_pref("browser.syncPromoViewsLeft", 0);
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
user_pref("distribution.euballot.bookmarksProcessed", true);
user_pref("extensions.OneClickDownload.filter", "filter:1,3");
user_pref("extensions.autoDisableScopes", 0);
user_pref("extensions.blocklist.pingCountTotal", 73);
user_pref("extensions.blocklist.pingCountVersion", 5);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 13);
user_pref("extensions.enabledAddons", "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:16.0.2");
user_pref("extensions.hotfix.lastVersion", "20121019.01");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\McAfee\\\\SiteAdvisor\",\"mtime\":1352823053542},\"{D19CA586-DD6C-4a0a-96F8-14644F340D60}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Common Files\\\\McAfee\\\\SystemCore\",\"mtime\":1346504610845}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1352471740697}}}]");
user_pref("extensions.lastAppVersion", "16.0.2");
user_pref("extensions.lastPlatformVersion", "16.0.2");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.installDate", "2012101218");
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.partnerId", "^AFD^xdm005^YY^gb");
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.partnerSubId", "COHwzab1-7ICFWLHtAod1D4AQA");
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.installation.toolbarId", "12944D8E-E285-4B37-9725-481DD47535ED");
user_pref("extensions.toolbar.mindspark._6oMembers_.lastActivePing", "1350061234722");
user_pref("extensions.toolbar.mindspark._6oMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "heroicplay@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstalled", "heroicplay@mindspark.com");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://discover/");
user_pref("extensions.ui.locale.hidden", true);
user_pref("gfx.direct3d.prefer_10_1", true);
user_pref("idle.lastDailyNotification", 1352835158);
user_pref("intl.charsetmenu.browser.cache", "UTF-8, us-ascii, ISO-8859-15, windows-1251, windows-1252");
user_pref("network.cookie.prefsMigrated", true);
user_pref("places.database.lastMaintenance", 1352835162);
user_pref("places.history.expiration.transient_current_max_pages", 104858);
user_pref("pref.browser.homepage.disable_button.restore_default", false);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("searchreset.backup.browser.search.defaultenginename", "");
user_pref("searchreset.backup.browser.startup.homepage", "");
user_pref("security.OCSP.enabled", 0);
user_pref("security.csp.enable", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.clients.lastSyncLocal", "0");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.migrated", true);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("services.sync.tabs.lastSyncLocal", "0");
user_pref("storage.vacuum.last.index", 1);
user_pref("storage.vacuum.last.places.sqlite", 1351811937);
user_pref("toolkit.startup.last_success", 1352847674);
user_pref("toolkit.telemetry.prompted", 2);
user_pref("toolkit.telemetry.rejected", true);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1354214049);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.36", "");


-= EOF =-

waddler_8

It's late so I'm off to bed but at least we're getting somewhere:

user_pref("extensions.toolbar.mindspark._6oMembers _.hp.enabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.initialized", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.contextKey", "");
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.installDate", "2012101218");
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.partnerId", "^AFD^xdm005^YY^gb");
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.partnerSubId", "COHwzab1-7ICFWLHtAod1D4AQA");
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.success", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.installation.toolbarId", "12944D8E-E285-4B37-9725-481DD47535ED");
user_pref("extensions.toolbar.mindspark._6oMembers _.lastActivePing", "1350061234722");
user_pref("extensions.toolbar.mindspark._6oMembers _.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._6oMembers _.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark.hp.enabled ", true);
user_pref("extensions.toolbar.mindspark.hp.enabled .guid", "heroicplay@mindspark.com");
user_pref("extensions.toolbar.mindspark.lastInstal led", "heroicplay@mindspark.com");

Who owns MyWebSearch?
We do! We’re Mindspark, a company of over 200 dedicated, passionate employees, and a wholly-owned business of IAC/InterActiveCorp

http://www.mindspark.com/main/toolbar-info/index.shtml

Post the contents of attach.txt from when you ran DDS and I'll take a look tomorrow.

montymud

Ok, thank you! I am off to bed too so will run it as soon as I have dropped my girls off to school in the morning.

waddler_8

attach.txt will already have been made at the same time as it produced DDS.txt

You'll find it in the same location.

montymud

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 27/08/2012 08:51:52
System Uptime: 13/11/2012 17:37:24 (6 hours ago)
.
Motherboard: TOSHIBA | | PWWHA
Processor: Intel(R) Celeron(R) CPU B815 @ 1.60GHz | CPU 1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 164.328 GiB free.
is FIXED (NTFS) - 232 GiB total, 221.165 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP27: 28/10/2012 22:36:13 - Installed PermissionResearch
RP28: 28/10/2012 22:42:54 - Installed PermissionResearch
RP29: 05/11/2012 01:14:45 - Scheduled Checkpoint
RP30: 12/11/2012 10:14:45 - OTL Restore Point - 12/11/2012 10:14:44
.
==== Installed Programs ======================
.
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Filter Driver Package
Atheros Driver Installation Program
BBC iPlayer Desktop
Bejeweled 2 Deluxe
Bejeweled 3
BitTorrent
Bluetooth Stack for Windows by Toshiba
Bonjour
Chicken Invaders 3 - Revenge of the Yolk
Chuzzle Deluxe
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diner Dash 2 Restaurant Rescue
Facebook Video Calling 1.2.0.287
FATE
Final Drive: Nitro
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback
Insaniquarium Deluxe
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
McAfee Internet Security
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Mozilla Firefox 15.0 (x86 en-GB)
Mozilla Firefox 16.0.2 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10 Essentials
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
NeroKwikMedia Help (CHM)
Origin
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
Polar Bowler
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ROBLOX Player for Abbie
ROBLOX Studio 2.0 Beta for Abbie
ROBLOX Studio for Abbie
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype™ 5.10
Slingo Deluxe
Synaptics Pointing Device Driver
The Sims™ 3
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 World Adventures
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Places Icon Utility
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TRORMCLauncher
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update Installer for WildTangent Games App
Utility Common Driver
VLC media player 2.0.3
Wedding Dash 2 - Rings Around the World
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/11/2012 10:14:33, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================