Removal of Fast Browser Serach

[Greatbx]

I appreciate your continued help on this...

DDS Log

--------------------------------------------------------------------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Graham at 21:25:04.98 on 09/04/2010
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2045.1020 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\STacSV.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Graham\Downloads\Spy-Bot\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.1.0.19\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.1.0.19\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} - hxxps://fixit.support.microsoft.com/ActiveX/FixItClient.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\progra~1\google\google~2\GoogleDesktopNetwork3.dll
SEH: ShellHook Class: {88485281-8b4b-4f8d-9ede-82e29a064277} - c:\progra~1\markany\conten~1\MACSMA~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
mASetup: {61E3FE32-07B9-4563-A3E0-2DE2D620FE10} - c:\program files\pixiepack codec pack\InstallerHelper.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\graham\appdata\roaming\mozilla\firefox\profiles\l1m62gyg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={236AEA6C-901F-EC71-6DDB-AED74C272EC6}&q=
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pe3ah4nc;DiRT Environment Driver (pe3ah4nc);c:\windows\system32\drivers\pe3ah4nc.sys [2007-5-18 64880]
R0 ps6ah4nc;DiRT Synchronization Driver (ps6ah4nc);c:\windows\system32\drivers\ps6ah4nc.sys [2007-5-18 55160]
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2007-10-9 21728]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1101000.013\SymDS.sys [2009-11-13 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1101000.013\SymEFA.sys [2009-11-13 171056]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1101000.013\cchpx86.sys [2009-11-13 501888]
R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [2009-8-6 13440]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100402.001\IDSvix86.sys [2010-4-6 343088]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-2-27 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1101000.013\Ironx86.sys [2009-11-13 114736]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1101000.013\symtdiv.sys [2009-11-13 339504]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.1.0.19\ccSvcHst.exe [2009-11-13 126392]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-1-24 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-3-11 102448]
R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [2009-8-6 215168]
R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [2009-8-6 321280]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [2009-8-6 77056]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [2009-8-6 396672]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [2009-8-6 17920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-9 133104]
S2 NOF;Norton Online;"c:\program files\norton online\engine\1.1.5.14\ccsvchst.exe" /s "nof" /m "c:\program files\norton online\engine\1.1.5.14\dimaster.dll" /prefetch:1 --> c:\program files\norton online\engine\1.1.5.14\ccSvcHst.exe [?]
S2 pr2ah4nc;DiRT Drivers Auto Removal (pr2ah4nc);c:\windows\system32\pr2ah4nc.exe svc --> c:\windows\system32\pr2ah4nc.exe svc [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-31 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-10-11 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-28 30192]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-2-16 815104]
S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v2.sys [2007-10-9 206336]
S4 EPGService;EPGService;c:\progra~1\wintv\epg services\system\EPGService.exe [2008-2-16 361984]
S4 SCM_Service;SCM_Service;c:\windows\system32\WinService.exe [2007-10-9 180224]

=============== Created Last 30 ================

2010-04-08 21:33:29 0 d-----w- c:\users\graham\appdata\roaming\Malwarebytes
2010-04-08 21:33:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-08 21:33:16 0 d-----w- c:\programdata\Malwarebytes
2010-04-08 21:33:14 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-08 21:33:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-06 21:12:35 0 d-----w- c:\program files\Sun
2010-04-06 20:10:49 0 d-----w- c:\users\graham\.SunDownloadManager
2010-04-06 16:49:59 0 d-----w- c:\programdata\Apple Computer
2010-04-05 15:49:53 0 d-sh--w- C:\$RECYCLE.BIN
2010-03-27 23:48:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-25 21:49:36 98816 ----a-w- c:\windows\sed.exe
2010-03-25 21:49:36 77312 ----a-w- c:\windows\MBR.exe
2010-03-25 21:49:36 261632 ----a-w- c:\windows\PEV.exe
2010-03-25 21:49:36 161792 ----a-w- c:\windows\SWREG.exe
2010-03-19 21:38:09 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-17 20:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-17 20:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-03-11 21:08:49 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 21:08:48 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 21:08:48 30720 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-04-06 21:11:03 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-27 21:50:02 390528 ----a-w- c:\windows\system32\drivers\RapportBuka.sys
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-14 17:17:28 86016 ----a-w- c:\windows\inf\infpub.dat
2010-02-14 17:17:28 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-14 17:10:17 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-28 13:47:52 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-08-04 21:10:42 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-09-06 15:50:23 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-09-06 15:50:23 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2008-11-29 10:51:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2008-11-29 10:51:03 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2008-11-29 10:51:03 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-09-06 15:50:23 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-10-16 17:47:59 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-08-15 02:26:56 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 21:27:00.21 ===============


Attach Log

---------------------------------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 14/08/2007 19:33:45
System Uptime: 04/08/2010 18:32:38 (-2805 hours ago)

Motherboard: Dell Inc. | | 0CT017
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 456 GiB total, 155.191 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.13 GiB free.
E: is CDROM (UDF)
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
Description: USB Mass Storage Device
Device ID: USB\VID_13FE&PID_1E00\077B114402FE
Manufacturer: Compatible USB storage device
Name: USB Mass Storage Device
PNP Device ID: USB\VID_13FE&PID_1E00\077B114402FE
Service: USBSTOR

==== System Restore Points ===================

RP1268: 22/03/2010 02:41:40 - Scheduled Checkpoint
RP1270: 23/03/2010 22:02:00 - Windows Update
RP1272: 25/03/2010 15:54:40 - Installed Rapport
RP1273: 27/03/2010 22:58:55 - ComboFix created restore point
RP1275: 27/03/2010 23:53:59 - Removed Java(TM) 6 Update 2
RP1277: 27/03/2010 23:55:24 - Removed Java(TM) 6 Update 3
RP1279: 27/03/2010 23:56:45 - Removed Java(TM) 6 Update 4
RP1281: 28/03/2010 00:00:26 - Removed Java(TM) 6 Update 4
RP1283: 28/03/2010 00:05:31 - Removed Java(TM) 6 Update 5
RP1285: 28/03/2010 00:06:43 - Removed Java(TM) 6 Update 7
RP1287: 28/03/2010 00:07:54 - Removed Java(TM) SE Runtime Environment 6
RP1289: 04/04/2010 12:28:42 - Windows Update
RP1291: 06/04/2010 06:40:10 - Scheduled Checkpoint
RP1293: 06/04/2010 21:49:05 - Removed Java(TM) 6 Update 18
RP1295: 06/04/2010 22:07:05 - Installed Java(TM) SE Development Kit 6 Update 19
RP1297: 06/04/2010 22:10:22 - Installed Java(TM) 6 Update 19
RP1299: 07/04/2010 18:27:18 - Scheduled Checkpoint
RP1301: 08/04/2010 12:03:00 - Scheduled Checkpoint
RP1303: 09/04/2010 01:44:36 - Scheduled Checkpoint

==== Installed Programs ======================

3DMark03
4Story 1.6
Acrobat.com
Acronis*True*Image*Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adventure Rock 1.0
Apple Application Support
Apple Software Update
BAMZOOKi SR v1.0 (build 357.1)
BAMZOOKi v3.1 (build 204.173)
BBC iPlayer Download Manager
BT Broadband Desktop Help
BT Yahoo! Applications
BTHomeHub
CCleaner (remove only)
Colin McRae Rally 2
ContentSAFER for Wizmax
Corel Snapfire Plus
Curse Client
Dell Resource CD
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
DiRT
Disney's Animated StoryBook 101 Dalmatians
Disney Pirates of the Caribbean Online
Dora Backpack
EmoDio
ERUNT 1.1j
Futuremark SystemInfo
GearDrvs
Google Chrome
Google Desktop
Google Earth
Google Update Helper
Hauppauge English Help Files and Resources
Hauppauge WinTV DVB-T EPG Service
Hauppauge WinTV Infrared Remote
Hauppauge WinTV IR Blaster
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Hauppauge WinTV2000
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
InterActual Player
InterVideo FilterSDK for Hauppauge
IsoBuster 2.7
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 19
Java(TM) SE Development Kit 6 Update 19
Junk Mail filter update
Learning Ladder 1-2
LEGO LOCO
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
Maxtor Manager
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Logo
Microsoft Works
Mozilla Firefox (3.6.3)
MSRedist
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
NETGEAR WG111v2 wireless USB 2.0 adapter
Nokia Connectivity Cable Driver
Nokia Ovi Player
Nokia PC Suite
Nokia Software Updater
Nokia_Multimedia_Common_Components_2_5
Norton Internet Security
Norton Online
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Online Manuals for WinTV (English)
OpenOffice.org 3.1
Orange Preload
Orb
Oz - TMA
PC Connectivity Solution
Picasa 3
Pivot Stickfigure Animator
PixiePack Codec Pack
QuickTime
Radiotracker
Rapport
RealPlayer
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Samsung Master
Samsung USB Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shrek 2
SigmaTel Audio
Sonic Activation Module
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
STK02N 2.2
Symantec Technical Support Web Controls
System Requirements Lab
Thief - Deadly Shadows
Twin USB Vibration Gamepad
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb979895)
User's Guides
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Wizard101
World of Warcraft
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

08/04/2010 23:24:21, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
08/04/2010 23:24:21, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
08/04/2010 18:34:09, Error: Service Control Manager [7000] - The Norton Online service failed to start due to the following error: The system cannot find the path specified.
08/04/2010 18:33:49, Error: EventLog [6008] - The previous system shutdown at 17:47:39 on 08/04/2010 was unexpected.
08/04/2010 12:40:25, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
08/04/2010 11:44:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the STacSV service.
08/04/2010 06:27:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
08/04/2010 06:27:58, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/04/2010 22:25:25, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
07/04/2010 06:43:10, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
07/04/2010 06:43:10, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
07/04/2010 06:43:09, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
06/04/2010 21:48:25, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
06/04/2010 21:48:25, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
06/04/2010 21:48:25, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
06/04/2010 21:48:19, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
06/04/2010 17:34:31, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
06/04/2010 17:34:14, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {AE3A66BB-85FE-49B8-BF7B-4DB4E0005091} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
05/04/2010 16:38:03, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
05/04/2010 16:28:51, Error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 16:11:17, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer hp LaserJet 1010 with shared resource name hp LaserJet 1010. Error 2114. The printer cannot be used by others on the network.

==== End Of File ===========================

 

[Blade81]

Hi,

Let's try to reinstall Firefox once more.

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.


1. Uninstall Firefox (and its profile).
2. Delete c:\users\graham\appdata\roaming\mozilla\firefox\profiles folder if it exists.
3. Reinstall Firefox.

 

[Greatbx]

Tried the reinstall as you suggested and Fast Browser Search is still there. I did not remove the firefox/profile from:

C:\Users\Graham\AppData\Local\Mozilla\Firefox\Profiles

Should I also do this ?

Thanks.

 

[Blade81]

Yes. As instructed, it should be done before Firefox reinstallation.

 

[Greatbx]

I uninstalled Firefox. Ensured the local & roaming profiles were deleted (actually did it for all Users). Reinstalled Firefox and unfortunately Fast Browser Search is still there.

 

[Greatbx]

Good news, I've managed to remove it :2thumb:

I found the following instructions:

1) Shutdown FF
2) Rename following files to have .old extension
2a) C:\Program Files\Mozilla Firefox\chrome\fbstoolbar.jar
2b) C:\Program Files\Mozilla Firefox\chrome\fbstoolbar.manifest
2c) C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
2d) C:\Program Files\Mozilla Firefox\searchplugins\fast.png
3) Start FF
4) Using about:config mentioned above, do a search on "fast" and "fbs" and reset each instance by right-clicking on each item found and choosing "Reset"
5) Restart FF

At http://support.mozilla.com/tiki-view_forum_thread.php?locale=de&comments_parentId=264720&forumId=1

Steps 2c and 2d did not apply as the files were not there.

What is strange is the fbstool jar and manifest had dates of 10/12/2009 and 07/07/2009. The rest of the files in the \chrome folder had the date of 01/04/2010 which is the default for all the files in the folder after a clean Firefox install of v3.6.3.

I tried the uninstall of Firefox again. The uninstall left a number of folders under C:\Program Files\Mozilla Firefox including \chrome with the fbstools files. I deleted C:\Program Files\Mozilla Firefox and all sub-folders.

When I reinstalled Firefox the fbstool files were not present. What is puzzling me is that I am sure at one point in an earlier reinstall of Firefox I deleted the Mozilla folder - although I am now doubting myself .

I have kept the fbstools manifest and jar files. Did you want them for any further investigation ?

Thanks for all the help you have provided.

 

[Blade81]

Glad that got resolved

I have kept the fbstools manifest and jar files. Did you want them for any further investigation ?

No need to submit those files.

Let's see the final steps next.

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Uncheck any checkboxes listed for your hard drives.
7. Press OK.


B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 6. check any checkboxes listed for your hard drives.



Now lets uninstall ComboFix:

• Click START then RUN
• Now copy-paste Combofix /uninstall in the runbox and click OK

Please download OTC and save it to desktop.

• Double-click OTC.exe.
• Click the CleanUp! button.
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

• hosts file:
  • Every version of windows has a hosts file as part of them.
  • In a very basic sense, they are used to locate webpages.
  • We can customize a hosts file so that it blocks certain webpages.
  • However, it can slow down certain computers.
  • This is why using a hosts file is optional!!
  Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
  If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
  1. [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
• Run Secunia vulnerability check here and fix its findings.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

 

[Greatbx]

I have followed all the steps and my system seems fine.

Thanks again :bigthumb:

 

[Blade81]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.