TechSpot

Firefox homepage set to bankofamerica.com

By squigglyx
Jun 6, 2012
  1. My homepage for Firefox keeps setting itself to bankofamerica.com even if I change it in the options. Malwarebytes and MSE are not finding anything in scans so I don't know what to do. Please help! Thank you.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    That is an unusual reset to suspect malware. But we can check:

    Please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. squigglyx

    squigglyx TS Rookie Topic Starter

    Thank you for your help!

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.05.08

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    albertluann :: ALBERTLUANN [administrator]

    6/6/2012 10:31:39 AM
    mbam-log-2012-06-06 (10-31-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199489
    Time elapsed: 8 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. squigglyx

    squigglyx TS Rookie Topic Starter

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-06-06 14:54:30
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9SA00 rev.FB2OC40C
    Running: rtp894fz.exe; Driver: C:\Users\ALBERT~1\AppData\Local\Temp\kwtcrpow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81E85599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000006f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???p?z???????????????????????????????????????????????v???????}???~?~??????????P??p?????????e?????????p??????p????????????????????????p????????????????????<??p????????h???????4??p????????????????????????????????0??p?????????e??????8??s????????h?????????????????????????????????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???C????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p???????????????????p???????????p??????????????SeCreateGlobalPrivilege?SeTcbPrivilege?SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTakeOwnershipPrivilege?SeSecurityPr
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???z?????{?{?????????????6??3B??????2???*6to4mp??p??????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|??<???!???{????????????????????e??????????????r???????P????????????????s?????????????????.NT?????????20??Microsoft USB PRINTER Class?????????AP??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|??????????????????????P????????-9??????!??????g?????????t??????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|????????z???????????????????????????????????????????????????z??????p??????????????????s????ta??????????????WdfLoadGroup?????z??????v2.10|Action=Allow|
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???z????*6to4mp?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|??????????z?????????????P????????????????t???? p??}???????????e??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|??????????????N??}???F??????????DiskDrive???????????? ???v????????????????????????????????????:??{????????h?????????????????????e???????????????p???v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|??<???????z??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedC
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???q?&??rpcss???????????????????????????s???????????????t???LocalSystem???????R??p????????h????????p????????ed???????w???9??D-???????????????q?????????n?????p???????????????????p??? ???????o???????????p????????$???M???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?N??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Filter Driver??????p???
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???z????????sy???????????????h???????????B?????????????????????????????g????MpKsl41d243ac???????????t?????X??????.??d????????g??????????Microsoft USB 2.0 Enhanced Host Controller Miniport Driver??????????????????????????????????t???.NTx86?-E4??????ve??????????????0???8D??????????????????????system32\DRIVERS\umbus.sys?S\umbus.sys??????????????????????????????????????????86??E4??? ???????-?????456???????????????????;??????????????????????????????????? ???`??? ???????????????????4??4D??? ???????3?????-9D???????????4?????e"{????X??????z???t??? ???????|???????????l?:????????????&?????????????????????????X??????.??d????????k???2??3A??????????????????Microsoft????????s???7???"??D-???????????????g???s??rc??????86??E4??????????????????Microsoft USB Generic Parent Driver?????11?y?y???????????????t???6??s????????????????????????????????z???????????8?????e"T?????? ??????g????????tunnel???????????????????z???}???h???????0??????????Microsoft????????????B??System Bus Extender?????????????????????????????ce??? ???????l?????
    Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p????????ed???????w???9??D-???????????????q?????????n?????p???????????????????p??? ???????o???????????p????????$???M???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?N??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Filter Driver??????p?????p???????????????????p??????p???Pnp Filter???????p?p?p?p?p?p?p????R??p???????????d??crcdisk.inf
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???;?9?????;?????????;???I??????????e???01/01/1601?s_s?????;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;???????????????????????;???????????;???????????;?;?;?;?;?;?;?;?????<?<????text?????????s??Type????? ???;???;???????????Z?I?s??? ???????????????????;????????,?R???????????Ro?????????0???9???;???;???;????????%SystemRoot%\system32\pnrpnsp.dll???@%SystemRoot%\system32\pnrpnsp.dll,-1000????? ???;??????????????????????????????'????????????????;???;???????????9???????????????????n???????????;???d???????????;???????????????????????????????????9?;?;?;?;?;?;?;\s??? ????????????????????????????,?R???????????rp????D?????? ?????h?r??? R?????? ??????g ???<?<?????}?~?~???????t??????? ???;??unidrvui.dll?m??????%????;??????????????????????????????? R??;???;???????;???;???'0??;???,???????????????????/???????????????????????????;????D??;???9?????????????????????????0???(??????P???????????????D??;???c????????????/e10?????????????0???(??????P??????????????0?0?0?1?;?;?;?;?;?;???????;?????;???;??????????????? ?????????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???I????????????????????*6to4mp?5-???????????????????????????????????l?l???????????I???I???I?????h???I?il?????X??}???6???t??????00??FSFilter Virtualization??????l?l?l?????????I?????????????????????????????I?I?I???????????????????????????????????l?l?l???I?I?????????????I?il????????????8??????}?????,??I???????8???????h??? ??????????du???}???}???????`???d???e???????????????????/???????_???0???e????X??l??????????UMB\UMBUS????????????g???6???e??? ???????I?????I?? ??W????"???&??????????????????k?lLe??PCI\VEN_8086&DEV_27CB&REV_02?PCI\VEN_8086&DEV_27CB?PCI\VEN_8086&CC_0C0300?PCI\VEN_8086&CC_0C03?PCI\VEN_8086?PCI\CC_0C0300?PCI\CC_0C03??.??????:??z???t?gmp??Net??????????/???p???t??? ???????I????????????????????????????????????s?p???? ???????I???????????????????????????????f??? ???????I?????I???????1??L????????? ?????????????J??I?????????????I?????????????????????????`???D???e???j?j????ROOT\RDP_MOU?????j?j????? ???????I?????I???????1????????????????????? ???????I???????????h?1????????????????????Mobile Intel(R) 945GME
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s????@%SystemRoot%\System32\ListSvc.dll,-101??????????s???????????e??? ???s??????????????LocalSystem???????,??????+???????+????????????????????????~??s??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTcbPrivilege????????????s??HIDClass????? ???????s???????????s?,??????0?N?????????????????????N??s??????????????r???{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}????????N??s???????????????r????N??s??????????????????????????????t????s??????????????{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}??????{DE9C1288-0F09-40ff-BA84-7F19279FA74B}????????N??s??????????????????{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}????????N??s???????????????r??{5255EFED-103A-4444-B124-F88F99E4EF8D}??????? ???????s???????????s????????,?D??? ?????????????????????????????????????(??s?????????n????ListenerServiceMain?????? D??s??????????????%SystemRoot%\system32\ListSvc.dll???? ???????s???????????s???????????????????????????s???+??????????????0????????????????p?????????????????????????????? ??????????????????????????????????????????s???s???
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???e?????t?z????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????????????????????????f?f?????e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????????U???????/???????T???????????????T???n??l.??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????NDProxy?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????nsiproxy?3???????U???????????????W??????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????????????5???5???????V??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????PEAUTH???F???f?f??????N??p?
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???;?s?????m????? ???????m?????m???????1????????????????????? ???????m???????????k?1????????????????????? V??m???????????????????????????????????5???m?m6??????????m????? ???????k????????????????????????g??????.??Microsoft????m??????????????? ???????m?????m?? ?????????????????????xe??? ???????????????????????????????????????f??ksfilter.inf?????????????5??????volsnap?????? ???????m?????m???????1????????????????????? ???????m???????????k?1??????????????????????X??m?????????????????????????????m????? ???????m?????m???????1?????????????????????????k???6???e??????????? ???5??? ???????m???????????k?1????????????????????{00000000-0000-0000-ffff-ffffffffffff}?????????m??????>??m?????g?????????m?????????????m???m????? ???????k??????????????????????????????????????????? ???????k???????????????????????????????f???m?mos??t??????m????? ???????m???????????????????????????????f??? ???????m?????m???????1??L????????? ???????????? ???????m?????m???????1????????????&???????????????????????? ???????m?????m???????1???????????????
    Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?t???????????0???????????????|????(??t??????p????s?s?s?s?s??System32\Drivers\ksecdd.sys???????h??????}??????ProfSvc_Group?????8???????????h??????????????????????????t???}??? ???????s???????????s????????,????? ???????????????????????????????????????d???????????????e????????s??????????????????KeyboardClass??????????????????????????????????????????????????????s????? ???????o?????s????????????????T???????????????????????t?????????????????????????????????????????8??s????????h?????system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????? t?????t??input.inf?????(??s?????????e????Keyboard HID Driver??????????s??????p????t??LocalSystem??????????????r??tO??Keyboard Port?????????????????????T??????????????d?????????????g???????????????g ???? ?????????????????????? ????????????t??????????????? ???????s???????????s?????????????? ???????????? ???????o?????t?????t??????????@?????????????"??t?????????e????@keyiso.dll,-100??????@??t????????h?????%SystemRoot%\system32\lsass.exe???????"??t?????????n????@keyiso.dll,-101????? ???s?????

    ---- EOF - GMER 1.0.15 ----
     
  5. squigglyx

    squigglyx TS Rookie Topic Starter

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
    Run by albertluann at 14:56:06 on 2012-06-06
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2039.741 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\System32\AsusService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
    C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
    C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
    C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Users\albertluann\AppData\Local\Facebook\Update\FacebookUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.bankofamerica.com
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
    uRun: [Facebook Update] "c:\users\albertluann\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
    mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
    mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
    mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
    mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{A5C6D3D4-93C7-43C2-B9FC-FE5E980FE70C} : DhcpNameServer = 10.43.2.150 10.49.1.50
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7} : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\357796D6D696E6760255E69636F627E6 : DhcpNameServer = 10.0.1.1
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\64C495142514348494 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\84142525F4B696474797 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\C65716E6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\C65716E613 : DhcpNameServer = 192.168.2.1 192.168.1.254
    TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\F42716E6765684F6273756 : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\albertluann\appdata\roaming\mozilla\firefox\profiles\5p7elr0w.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\users\albertluann\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    FF - user.js: browser.startup.homepage - hxxps://www.google.com
    FF - user.js: browser.startup.page - 1
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-8-30 219136]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-14 218688]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-8-30 51712]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-11 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 257696]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-11 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-9 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-06-06 21:54:55 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-06 21:54:55 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-06 17:26:29 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76b6bb7c-a670-4c7e-8600-ee98d0a246e8}\offreg.dll
    2012-06-06 06:39:20 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76b6bb7c-a670-4c7e-8600-ee98d0a246e8}\mpengine.dll
    2012-06-06 06:10:27 -------- d-----w- c:\users\albertluann\appdata\roaming\SUPERAntiSpyware.com
    2012-06-06 06:09:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-06 02:20:12 -------- d-sh--w- C:\$RECYCLE.BIN
    2012-06-06 01:46:15 98816 ----a-w- c:\windows\sed.exe
    2012-06-06 01:46:15 518144 ----a-w- c:\windows\SWREG.exe
    2012-06-06 01:46:15 256000 ----a-w- c:\windows\PEV.exe
    2012-06-06 01:46:15 208896 ----a-w- c:\windows\MBR.exe
    2012-06-06 01:45:58 -------- d-----w- C:\ComboFix
    2012-06-05 06:23:15 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-06-03 20:56:21 -------- d-----w- c:\users\albertluann\appdata\roaming\Iselw
    2012-06-03 20:56:21 -------- d-----w- c:\users\albertluann\appdata\roaming\Doqao
    2012-05-10 09:34:48 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-05-10 09:34:42 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
    2012-05-10 09:34:40 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
    2012-05-10 09:34:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
    2012-05-10 09:34:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
    2012-05-10 09:34:10 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-10 09:34:09 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-10 09:34:07 2342400 ----a-w- c:\windows\system32\win32k.sys
    2012-05-10 09:34:04 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-10 09:34:01 1074176 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-10 09:34:00 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-05-10 09:34:00 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-05-10 09:33:59 739840 ----a-w- c:\windows\system32\d2d1.dll
    2012-05-10 09:33:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll
    .
    ==================== Find3M ====================
    .
    2012-05-05 03:18:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-05 03:18:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    .
    ============= FINISH: 14:57:44.29 ===============
     
  6. squigglyx

    squigglyx TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/30/2010 3:23:04 PM
    System Uptime: 6/6/2012 8:06:59 AM (6 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | 1005HA
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 800/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 62.276 GiB free.
    D: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Flash Reader
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SINGLE&PROD_FLASH_READER&REV_1.00#058F63356336&0#
    Manufacturer: Single
    Name: D:\
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SINGLE&PROD_FLASH_READER&REV_1.00#058F63356336&0#
    Service: WUDFRd
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: 5618
    Device ID: ROOT\LEGACY_5618\0000
    Manufacturer:
    Name: 5618
    PNP Device ID: ROOT\LEGACY_5618\0000
    Service: 5618
    .
    ==== System Restore Points ===================
    .
    RP383: 5/30/2012 10:16:44 PM - Windows Update
    RP384: 6/1/2012 12:57:39 AM - Windows Update
    RP385: 6/2/2012 4:04:53 AM - Windows Update
    RP386: 6/3/2012 2:49:21 AM - Windows Update
    RP387: 6/4/2012 9:49:17 AM - Windows Update
    RP388: 6/4/2012 11:22:12 PM - Windows Update
    RP389: 6/5/2012 11:01:43 PM - Removed Rosetta Stone Version 3
    RP390: 6/5/2012 11:38:12 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    7-Zip 9.20
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.5
    AIM 7
    Angry Birds
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS VIBE
    ASUSUpdate for Eee PC
    Atheros Client Installation Program
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 1.2.6
    Audacity Recovery Utility
    Bing Rewards Client Installer
    Bonjour
    CCleaner
    Cisco AnyConnect VPN Client
    Crack the DAT 2012-2013
    Crack the DAT 5.0.15
    DAEMON Tools Lite
    DivX Setup
    Download Updater (AOL LLC)
    E-Cam
    EAP-GTC-x86
    Eee Docking 3.3.0
    EeeSplendid
    Facebook Video Calling 1.2.0.159
    Google Chrome
    Google Update Helper
    Hotkey Service
    Intel AppUp(SM) center
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    J2SE Runtime Environment 5.0 Update 5
    Java Auto Updater
    Java(TM) 6 Update 30
    LogonStudio
    Malwarebytes Anti-Malware version 1.61.0.1400
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 13.0 (x86 en-US)
    Mozilla Maintenance Service
    OGA Notifier 2.0.0048.0
    OLink
    OOBERegBackup
    Pepakura Viewer 3
    QuickTime
    Rainlendar2 (remove only)
    Realtek High Definition Audio Driver
    Scientific-Atlanta WebSTAR 2000 series Cable Modem
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Toolbars
    Skype™ 4.2
    Spotify
    Super Hybrid Engine
    Synaptics Pointing Device Driver
    SystemSetting
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VC80CRTRedist - 8.0.50727.4053
    VLC media player 2.0.0
    Windows Live Sync
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/5/2012 7:18:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    6/5/2012 6:49:48 PM, Error: Service Control Manager [7034] - The Asus Launcher Service service terminated unexpectedly. It has done this 1 time(s).
    6/5/2012 5:53:46 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    6/5/2012 5:53:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    6/5/2012 5:53:13 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    6/5/2012 5:52:19 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
    6/5/2012 2:34:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
    6/5/2012 11:27:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
    6/5/2012 11:27:16 PM, Error: Service Control Manager [7000] - The 5618 service failed to start due to the following error: The system cannot find the file specified.
    6/5/2012 11:27:16 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
    6/5/2012 11:10:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    6/4/2012 6:50:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    6/4/2012 6:49:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The start page set for Firefox is Google>> FF - prefs.js: browser.startup.homepage - hxxps://www.google.com

    The start age set in IE is for the legitimate, secure site for the Bqnk of America.>> uStart Page = https://www.bankofamerica.com

    To set Firefox as the default browser:
    Open Firefox> Click on Tools> Options> Advanced> Geberal tab> Default section> Check "Always check to see if Firefox is the default browser"> the press 'check now'> If not set to default and you want it as default> accept the change now.

    Then go to Control Panel> Internet Options> Programs tab> Uncheck 'aways check to see if IE is the default browser>' Click on Apply> OK.
    -------------------------------------------
    To set Internet Explorer as the default browser:
    Open IE> Tools> Internet Options> Programs tab> (at the bottom)Check 'Internet Explorer should check to see if it's the default browser'> if it is not, check for it to be the default browser.

    If you want to change the start page for IE: Go to the site you want for the Start page> Click on Tools> Internet Options> General tab> Homepage section> Press 'use current'> Click on Apply> OK

    Making a browser the default means that is the browser that will open when you click on a link to open a site page. You will launch the default browser from a shortcut after you logon and are ready to start.
     
  8. squigglyx

    squigglyx TS Rookie Topic Starter

    Thank you. It seems after Firefox updated it remained as Google after I changed it. However, before it set itself as bankofamerica.com without me changing it and everytime I closed the browser, even if I changed the homepage manually, it would revert back to bankofamerica.com. That is why I was worried I might have some sort of malware or virus.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome. I don't know how that page got set, but I don't think it was by malware.

    Let's make sure it's off the system: Run thie:TFC (Temp File Cleaner)

    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
    -----------------------------------------

    Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
      [o] Click START> then RUN
      [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • Download OTCleanIt by OldTimer and save it to your Desktop.
      [o] Double click OTCleanIt.exe.
      [o] Click the CleanUp! button.
      [o] If you are prompted to Reboot during the cleanup, select Yes.
      [o]The tool will delete itself once it finishes.
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    • Set a new, clean Restore Point
      [o] Click on Start> right click on Computer> Properties
      [o] Select System Protection
      [o] Click on the Create button (near bottom)
      [o] Type a name for the Restore Point
      [o] Click on Create again to save the restore point.
    • Deleting all but the most recent System Protection point in Windows 7
      [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
      [o] Click Disk Cleanup from there.
      [​IMG]
      [o] Click Clean up system files
      This restarts Disk Cleanup to run in elevated mode.
      [o] Click the More Options tab
      [​IMG]
      [o] Click the Clean up under System Restore and Shadow Copies.
      [o] Click OK.
      [o] You will get a confirmation screen> Just click Delete.
      [o] Click OK on the Disk Cleanup Screen.
      [o] Click Delete Files on the Confirmation screen.
    [​IMG]
    This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
    Images courtesy lytebyte.

    Empty the Recycle Bin
    ==========================================================
    Check the system for a couple of days o make sure the page holds. Let me know if okay and I'll close the thread.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...