We help IT Professionals succeed at work.

how can I remove Fast Browser

goiap
goiap asked
on
I need to remove fast browser My tattoons & it will not uninstall. Any ideas?
Comment
Watch Question

Commented:
i dont know

Author

Commented:
Also need to remove tattoons, tattoodle.
Top Expert 2009

Commented:
Run Combofix
Follow its instructions.
Post logfile here after
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Download and scan your system with Malwarebytes Anti-Malware.
http://www.malwarebytes.org/mbam.php

Author

Commented:
ComboFix 10-06-14.01 - Administrator 06/14/2010  16:05:24.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1005.616 [GMT -4:00]
Running from: c:\documents and settings\administrator.IAP\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Fast Browser Search
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\basis_br.xml
c:\program files\Fast Browser Search\IE\basis_de.xml
c:\program files\Fast Browser Search\IE\basis_en.xml
c:\program files\Fast Browser Search\IE\basis_es.xml
c:\program files\Fast Browser Search\IE\basis_fr.xml
c:\program files\Fast Browser Search\IE\basis_it.xml
c:\program files\Fast Browser Search\IE\basis_nr.xml
c:\program files\Fast Browser Search\IE\basis_pt.xml
c:\program files\Fast Browser Search\IE\basis_ru.xml
c:\program files\Fast Browser Search\IE\basis_tr.xml
c:\program files\Fast Browser Search\IE\BHO.dll
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\search_br.bmp
c:\program files\Fast Browser Search\IE\search_de.bmp
c:\program files\Fast Browser Search\IE\search_es.bmp
c:\program files\Fast Browser Search\IE\search_fr.bmp
c:\program files\Fast Browser Search\IE\search_it.bmp
c:\program files\Fast Browser Search\IE\search_pt.bmp
c:\program files\Fast Browser Search\IE\search_ru.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\SGPSA
c:\program files\SGPSA\BHO.dll

Infected copy of c:\windows\system32\drivers\ftdisk.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
(((((((((((((((((((((((((   Files Created from 2010-05-14 to 2010-06-14  )))))))))))))))))))))))))))))))
.

2010-06-12 15:55 . 2008-04-13 18:45      32128      ----a-w-      c:\windows\system32\drivers\usbccgp.sys
2010-06-12 15:55 . 2008-04-13 18:45      32128      ----a-w-      c:\windows\system32\dllcache\usbccgp.sys
2010-06-11 21:41 . 2010-06-11 21:41      --------      d-----w-      c:\program files\Trend Micro
2010-06-11 17:24 . 2010-06-11 17:24      --------      d-----w-      C:\lexmark w820
2010-06-11 17:24 . 2010-06-11 17:24      --------      d-----w-      c:\documents and settings\ADMINI~1~IAP\LOCALS~1
2010-06-11 17:24 . 2010-06-11 17:24      --------      d-----w-      c:\documents and settings\ADMINI~1~IAP
2010-06-05 12:39 . 2010-06-05 12:39      --------      d-sh--w-      c:\documents and settings\NetworkService\IETldCache

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-14 11:06 . 2008-07-31 19:48      --------      d-----w-      c:\program files\WallData
2010-06-11 21:30 . 2009-08-17 12:31      --------      d-----w-      c:\program files\Malwarebytes' Anti-Malware
2010-06-07 17:00 . 2010-03-17 15:16      --------      d-----w-      c:\program files\Microsoft Silverlight
2010-05-12 16:06 . 2008-07-29 15:34      --------      d-----w-      c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-29 19:39 . 2009-08-17 12:31      38224      ----a-w-      c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2009-08-17 12:31      20952      ----a-w-      c:\windows\system32\drivers\mbam.sys
2010-04-12 13:37 . 2010-04-12 13:37      60808      -c--a-w-      c:\windows\system32\S32EVNT1.DLL
2010-04-12 13:37 . 2010-04-12 13:37      124976      ----a-w-      c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-08 14:52 . 2010-04-08 14:52      36939      -c--a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\setup\uninstall.exe
2010-03-31 08:48 . 2009-12-03 07:21      93816      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\CAntiVirusCOM.dll
2010-03-31 08:48 . 2009-12-03 07:21      823928      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\AVManagerUnified.dll
2010-03-31 08:48 . 2009-12-03 07:21      53880      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\Impl_AntivirusLib.dll
2010-03-31 08:48 . 2009-12-03 07:21      40568      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\OPSWATProcessesScanner.dll
2010-03-31 08:48 . 2009-12-03 07:21      36984      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\CFireWallCOM.dll
2010-03-31 08:48 . 2009-12-03 07:21      284280      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\OESISCore.dll
2010-03-31 08:48 . 2009-12-03 07:21      27768      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\Impl_SoftwareProductLib.dll
2010-03-31 08:48 . 2009-12-03 07:21      16504      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\Impl_FirewallLib.dll
2010-03-31 08:48 . 2009-12-03 07:21      164984      ----a-w-      c:\documents and settings\gina\Application Data\Juniper Networks\Host Checker\FWManager.dll
2010-03-23 21:01 . 2010-03-23 21:01      89600      ----a-w-      c:\windows\system32\atl71.dll
2010-03-23 21:01 . 2010-03-23 21:01      87368      ----a-w-      c:\windows\system32\FwsVpn.dll
2010-03-23 21:01 . 2010-03-23 21:01      107848      ----a-w-      c:\windows\system32\SymVPN.dll
2010-03-23 21:01 . 2010-03-23 21:01      43696      ----a-w-      c:\windows\system32\drivers\srtspx.sys
2010-03-23 21:01 . 2010-03-23 21:01      320560      ----a-w-      c:\windows\system32\drivers\srtspl.sys
2010-03-23 21:01 . 2010-03-23 21:01      281648      ----a-w-      c:\windows\system32\drivers\srtsp.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinVNC"="c:\program files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 335872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"172.17.0.0,255.255.0.0,172.17.15.197,1"=""
"172.16.0.0,255.255.0.0,172.17.15.197,1"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk
backup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17      952768      ----a-w-      c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08      35696      ----a-w-      c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2010-03-23 21:01      115560      ----a-w-      c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12      15360      ----a-w-      c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-09-07 10:22      166424      -c--a-w-      c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 20:50      54576      ----a-w-      c:\program files\Hp\HP Software Update\hpwuschd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2007-09-07 10:22      141848      -c--a-w-      c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2007-08-07 17:59      331288      -c--a-w-      c:\program files\PDF Complete\pdfsty.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-07 10:22      137752      -c--a-w-      c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-09-28 01:17      443968      ----a-w-      c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 19:01      525824      -c--a-w-      c:\program files\Compaq\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2007-08-08 17:13      831488      ----a-w-      c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2007-07-10 04:39      1036288      ----a-w-      c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xerox PanelMgr]
2009-05-29 10:39      557056      ----a-w-      c:\windows\Xerox\PanelMgr\SSMMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [3/2/2009 1:08 PM 124200]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/29/2008 1:15 PM 540184]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/28/2010 3:28 AM 102448]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/29/2008 12:51 PM 36608]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S2 WdWorkstation;RUMBA Workstation;c:\windows\system32\wdnpsvc.exe [7/31/2008 3:49 PM 41280]
S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [7/29/2008 1:01 PM 46976]
S3 MRXWDRDR;MRxWdNp;c:\windows\system32\drivers\mrxwdnp.sys --> c:\windows\system32\drivers\mrxwdnp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12      REG_MULTI_SZ         Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
DPF: {92928D91-53D8-4861-835C-619E5082D3D7} - hxxp://aces.glovisusa.com/files/ManagerEx.cab
DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} - file:///C:/WINDOWS/Temp/MxReportU.cab
DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} - file:///C:/WINDOWS/Temp/MxImageSetU.cab
DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} - file:///C:/WINDOWS/Temp/MxDataSetU.cab
DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} - file:///C:/WINDOWS/Temp/MxComboU.cab
DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} - file:///C:/WINDOWS/Temp/MxTreeU.cab
DPF: {D7779973-9954-464E-9708-DA774CA50E13} - file:///C:/WINDOWS/Temp/MxMaskEditU.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} - file:///C:/WINDOWS/Temp/MxRadioU.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
SafeBoot-Symantec Antvirus
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-14 16:13
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ...

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1536561176-2071016242-1538882281-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,6c,db,ca,7f,87,29,40,a2,42,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,a1,72,4d,e8,92,77,2c,4c,af,84,d0,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4e,6c,db,ca,7f,87,29,40,a2,42,14,\
.
Completion time: 2010-06-14  16:14:33
ComboFix-quarantined-files.txt  2010-06-14 20:14

Pre-Run: 59,522,854,912 bytes free
Post-Run: 59,845,406,720 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - E81C12DF5CFD3B1EECFB637D5B7FFFF8
Top Expert 2009
Commented:
That has got it.
Check Internet Explorer addons  to see if there is any trace of Fast browser search.
Disable/remove if so.

Also check add/remove programs to uninstall/remove now invalid entries for those programs you mentioned.

Author

Commented:
How do I check Internet Explorer add-ons?

Top Expert 2009

Commented:
What version of Internet Explorer?

Author

Commented:
IE8
Top Expert 2009

Commented:
Control Panel>Internet Options>Programs>Manage Addons:

Check "Search Providers">option to remove entry if exists

Author

Commented:
GOT IT !

THANK YOU!!!
Top Expert 2009

Commented:
You're welcome :)