Inactive Firefox homepage set to bankofamerica.com

[squigglyx]

My homepage for Firefox keeps setting itself to bankofamerica.com even if I change it in the options. Malwarebytes and MSE are not finding anything in scans so I don't know what to do. Please help! Thank you.

 

[Bobbye]

That is an unusual reset to suspect malware. But we can check:

Please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=================================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't follow directions given to someone else
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.

Threads are closed after 5 days if there is no reply.

 

[squigglyx]

Thank you for your help!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.05.08

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
albertluann :: ALBERTLUANN [administrator]

6/6/2012 10:31:39 AM
mbam-log-2012-06-06 (10-31-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199489
Time elapsed: 8 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[squigglyx]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-06 14:54:30
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9SA00 rev.FB2OC40C
Running: rtp894fz.exe; Driver: C:\Users\ALBERT~1\AppData\Local\Temp\kwtcrpow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 81E85599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000006f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ???p?z???????????????????????????????????????????????v???????}???~?~??????????P??p?????????e?????????p??????p????????????????????????p????????????????????<??p????????h???????4??p????????????????????????????????0??p?????????e??????8??s????????h?????????????????????????????????????? ???????p?????????????,???????????? ???????????? ???????o?????p?????p????????$???C????????c????@%SystemRoot%\System32\certprop.dll,-11???????Z??p????????h?????%SystemRoot%\system32\svchost.exe -k netsvcs??????P??p?????????n????@%SystemRoot%\System32\certprop.dll,-12?????? ???p??????????????LocalSystem?????RpcSs???????????????????????????????????????t???????????????t??????? ????????????????p???????????e????,??p???????????????????????????????????????p???????????????????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????p???????????p????????,?F??? ???????????? F??p???????????????????p???????????p??????????????SeCreateGlobalPrivilege?SeTcbPrivilege?SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTakeOwnershipPrivilege?SeSecurityPr
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ???z?????{?{?????????????6??3B??????2???*6to4mp??p??????????v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|ICMP6=131:*|RA6=LocalSubnet|Name=@FirewallAPI.dll,-25069|Desc=@FirewallAPI.dll,-25074|EmbedCtxt=@FirewallAPI.dll,-25000|??<???!???{????????????????????e??????????????r???????P????????????????s?????????????????.NT?????????20??Microsoft USB PRINTER Class?????????AP??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort2_10=IPTLSOut|RPort2_10=IPHTTPSOut|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25427|Desc=@FirewallAPI.dll,-25429|EmbedCtxt=@FirewallAPI.dll,-25000|??????????????????????P????????-9??????!??????g?????????t??????????????????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=143:*|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-25075|Desc=@FirewallAPI.dll,-25081|EmbedCtxt=@FirewallAPI.dll,-25000|????????z???????????????????????????????????????????????????z??????p??????????????????s????ta??????????????WdfLoadGroup?????z??????v2.10|Action=Allow|
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ???z????*6to4mp?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|LPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|??????????z?????????????P????????????????t???? p??}???????????e??v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Public|RPort=138|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502|??API.dll,-28502|??????????????N??}???F??????????DiskDrive???????????? ???v????????????????????????????????????:??{????????h?????????????????????e???????????????p???v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=135:*|App=System|Name=@FirewallAPI.dll,-25019|Desc=@FirewallAPI.dll,-25025|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=TRUE|??<???????z??????????????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=58|ICMP6=4:*|App=System|Name=@FirewallAPI.dll,-25116|Desc=@FirewallAPI.dll,-25118|EmbedC
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ???q?&??rpcss???????????????????????????s???????????????t???LocalSystem???????R??p????????h????????p????????ed???????w???9??D-???????????????q?????????n?????p???????????????????p??? ???????o???????????p????????$???M???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?N??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Filter Driver??????p???
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ???z????????sy???????????????h???????????B?????????????????????????????g????MpKsl41d243ac???????????t?????X??????.??d????????g??????????Microsoft USB 2.0 Enhanced Host Controller Miniport Driver??????????????????????????????????t???.NTx86?-E4??????ve??????????????0???8D??????????????????????system32\DRIVERS\umbus.sys?S\umbus.sys??????????????????????????????????????????86??E4??? ???????-?????456???????????????????;??????????????????????????????????? ???`??? ???????????????????4??4D??? ???????3?????-9D???????????4?????e"{????X??????z???t??? ???????|???????????l?:????????????&?????????????????????????X??????.??d????????k???2??3A??????????????????Microsoft????????s???7???"??D-???????????????g???s??rc??????86??E4??????????????????Microsoft USB Generic Parent Driver?????11?y?y???????????????t???6??s????????????????????????????????z???????????8?????e"T?????? ??????g????????tunnel???????????????????z???}???h???????0??????????Microsoft????????????B??System Bus Extender?????????????????????????????ce??? ???????l?????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ???p????????ed???????w???9??D-???????????????q?????????n?????p???????????????????p??? ???????o???????????p????????$???M???????p???????"??p?????????e????@comres.dll,-947?????????p????????h?????%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}???????"??p?????????n????@comres.dll,-948????? ???p??????????????????????????????????????????????t???????????????t?????????????????????0??p???????????e??RpcSs?EventSystem?SENS????????,??p???????????????????????????????????????p??????????????????SeAssignPrimaryTokenPrivilege?SeAuditPrivilege?SeChangeNotifyPrivilege?SeCreateGlobalPrivilege?SeDebugPrivilege?SeImpersonatePrivilege?SeIncreaseQuotaPrivilege??????p?p?p?p?p?p?p?p?p?p?p??????????????????????????? ???????o???????????p??????????R?N??????k????????????????????????????????????????R??p????????h?????\SystemRoot\system32\DRIVERS\crcdisk.sys??????,??p?????????e????Crcdisk Filter Driver??????p?????p???????????????????p??????p???Pnp Filter???????p?p?p?p?p?p?p????R??p???????????d??crcdisk.inf
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???;?9?????;?????????;???I??????????e???01/01/1601?s_s?????;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;?;???????????????????????;???????????;???????????;?;?;?;?;?;?;?;?????<?<????text?????????s??Type????? ???;???;???????????Z?I?s??? ???????????????????;????????,?R???????????Ro?????????0???9???;???;???;????????%SystemRoot%\system32\pnrpnsp.dll???@%SystemRoot%\system32\pnrpnsp.dll,-1000????? ???;??????????????????????????????'????????????????;???;???????????9???????????????????n???????????;???d???????????;???????????????????????????????????9?;?;?;?;?;?;?;\s??? ????????????????????????????,?R???????????rp????D?????? ?????h?r??? R?????? ??????g ???<?<?????}?~?~???????t??????? ???;??unidrvui.dll?m??????%????;??????????????????????????????? R??;???;???????;???;???'0??;???,???????????????????/???????????????????????????;????D??;???9?????????????????????????0???(??????P???????????????D??;???c????????????/e10?????????????0???(??????P??????????????0?0?0?1?;?;?;?;?;?;???????;?????;???;??????????????? ?????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???I????????????????????*6to4mp?5-???????????????????????????????????l?l???????????I???I???I?????h???I?il?????X??}???6???t??????00??FSFilter Virtualization??????l?l?l?????????I?????????????????????????????I?I?I???????????????????????????????????l?l?l???I?I?????????????I?il????????????8??????}?????,??I???????8???????h??? ??????????du???}???}???????`???d???e???????????????????/???????_???0???e????X??l??????????UMB\UMBUS????????????g???6???e??? ???????I?????I?? ??W????"???&??????????????????k?lLe??PCI\VEN_8086&DEV_27CB&REV_02?PCI\VEN_8086&DEV_27CB?PCI\VEN_8086&CC_0C0300?PCI\VEN_8086&CC_0C03?PCI\VEN_8086?PCI\CC_0C0300?PCI\CC_0C03??.??????:??z???t?gmp??Net??????????/???p???t??? ???????I????????????????????????????????????s?p???? ???????I???????????????????????????????f??? ???????I?????I???????1??L????????? ?????????????J??I?????????????I?????????????????????????`???D???e???j?j????ROOT\RDP_MOU?????j?j????? ???????I?????I???????1????????????????????? ???????I???????????h?1????????????????????Mobile Intel(R) 945GME
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ???s????@%SystemRoot%\System32\ListSvc.dll,-101??????????s???????????e??? ???s??????????????LocalSystem???????,??????+???????+????????????????????????~??s??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTcbPrivilege????????????s??HIDClass????? ???????s???????????s?,??????0?N?????????????????????N??s??????????????r???{8ADD018C-5C5F-43C5-BE1E-07BAE85593B7}????????N??s???????????????r????N??s??????????????????????????????t????s??????????????{EB6B4457-F013-4E5A-9B05-1D44E4D6FAEB}??????{DE9C1288-0F09-40ff-BA84-7F19279FA74B}????????N??s??????????????????{517F6AA6-D6FA-46D0-8094-17FF17E4CCF4}????????N??s???????????????r??{5255EFED-103A-4444-B124-F88F99E4EF8D}??????? ???????s???????????s????????,?D??? ?????????????????????????????????????(??s?????????n????ListenerServiceMain?????? D??s??????????????%SystemRoot%\system32\ListSvc.dll???? ???????s???????????s???????????????????????????s???+??????????????0????????????????p?????????????????????????????? ??????????????????????????????????????????s???s???
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???e?????t?z????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e???????????????????????????????????????????????f?f?????e??????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????????U???????/???????T???????????????T???n??l.??????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????$???e??????????????????????????NDProxy?????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????nsiproxy?3???????U???????????????W??????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ????????????????????????????????????5???5???????V??????????????????????????????$???4????? ??????? ??????????????? ????????????????????????????????????????? ??????????? ???????????????????????????PEAUTH???F???f?f??????N??p?
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ???;?s?????m????? ???????m?????m???????1????????????????????? ???????m???????????k?1????????????????????? V??m???????????????????????????????????5???m?m6??????????m????? ???????k????????????????????????g??????.??Microsoft????m??????????????? ???????m?????m?? ?????????????????????xe??? ???????????????????????????????????????f??ksfilter.inf?????????????5??????volsnap?????? ???????m?????m???????1????????????????????? ???????m???????????k?1??????????????????????X??m?????????????????????????????m????? ???????m?????m???????1?????????????????????????k???6???e??????????? ???5??? ???????m???????????k?1????????????????????{00000000-0000-0000-ffff-ffffffffffff}?????????m??????>??m?????g?????????m?????????????m???m????? ???????k??????????????????????????????????????????? ???????k???????????????????????????????f???m?mos??t??????m????? ???????m???????????????????????????????f??? ???????m?????m???????1??L????????? ???????????? ???????m?????m???????1????????????&???????????????????????? ???????m?????m???????1???????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ???s?t???????????0???????????????|????(??t??????p????s?s?s?s?s??System32\Drivers\ksecdd.sys???????h??????}??????ProfSvc_Group?????8???????????h??????????????????????????t???}??? ???????s???????????s????????,????? ???????????????????????????????????????d???????????????e????????s??????????????????KeyboardClass??????????????????????????????????????????????????????s????? ???????o?????s????????????????T???????????????????????t?????????????????????????????????????????8??s????????h?????system32\DRIVERS\kbdhid.sys?\kbdhid.sys??????? t?????t??input.inf?????(??s?????????e????Keyboard HID Driver??????????s??????p????t??LocalSystem??????????????r??tO??Keyboard Port?????????????????????T??????????????d?????????????g???????????????g ???? ?????????????????????? ????????????t??????????????? ???????s???????????s?????????????? ???????????? ???????o?????t?????t??????????@?????????????"??t?????????e????@keyiso.dll,-100??????@??t????????h?????%SystemRoot%\system32\lsass.exe???????"??t?????????n????@keyiso.dll,-101????? ???s?????

---- EOF - GMER 1.0.15 ----

 

[squigglyx]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by albertluann at 14:56:06 on 2012-06-06
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2039.741 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Users\albertluann\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.bankofamerica.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: ASUS Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\asus\systemsetting\StarterHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [Facebook Update] "c:\users\albertluann\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [HotkeyMon] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotKeyMon.exe
mRun: [HotkeyService] AsusSender.exe c:\program files\eeepc\hotkeyservice\HotkeyService.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SuperHybridEngine] AsusSender.exe c:\program files\eeepc\she\SuperHybridEngine.exe
mRun: [Eee Docking] c:\program files\asus\eee docking\Eee Docking.exe autorun
mRun: [OOBESetup] c:\program files\asus\ooberegbackup\ooberegbackup.exe /restore -"c:\program files\asus\ooberegbackup\OOBEReg.ini"
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A5C6D3D4-93C7-43C2-B9FC-FE5E980FE70C} : DhcpNameServer = 10.43.2.150 10.49.1.50
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7} : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\357796D6D696E6760255E69636F627E6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\64C495142514348494 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\84142525F4B696474797 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\C65716E6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\C65716E613 : DhcpNameServer = 192.168.2.1 192.168.1.254
TCP: Interfaces\{D5D7631E-6DAB-42FD-A0DD-DBF1C1B45CA7}\F42716E6765684F6273756 : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\albertluann\appdata\roaming\mozilla\firefox\profiles\5p7elr0w.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\albertluann\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.google.com
FF - user.js: browser.startup.page - 1
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AsusService;Asus Launcher Service;c:\windows\system32\AsusService.exe [2010-8-30 219136]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-14 218688]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2010-8-30 51712]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-11 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-20 257696]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-11 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-9 1343400]
.
=============== Created Last 30 ================
.
2012-06-06 21:54:55 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-06 21:54:55 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-06 17:26:29 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76b6bb7c-a670-4c7e-8600-ee98d0a246e8}\offreg.dll
2012-06-06 06:39:20 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{76b6bb7c-a670-4c7e-8600-ee98d0a246e8}\mpengine.dll
2012-06-06 06:10:27 -------- d-----w- c:\users\albertluann\appdata\roaming\SUPERAntiSpyware.com
2012-06-06 06:09:59 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-06 02:20:12 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-06 01:46:15 98816 ----a-w- c:\windows\sed.exe
2012-06-06 01:46:15 518144 ----a-w- c:\windows\SWREG.exe
2012-06-06 01:46:15 256000 ----a-w- c:\windows\PEV.exe
2012-06-06 01:46:15 208896 ----a-w- c:\windows\MBR.exe
2012-06-06 01:45:58 -------- d-----w- C:\ComboFix
2012-06-05 06:23:15 6737808 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-03 20:56:21 -------- d-----w- c:\users\albertluann\appdata\roaming\Iselw
2012-06-03 20:56:21 -------- d-----w- c:\users\albertluann\appdata\roaming\Doqao
2012-05-10 09:34:48 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-10 09:34:42 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-10 09:34:40 1221632 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-10 09:34:39 989184 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-10 09:34:38 969216 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-10 09:34:10 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-10 09:34:09 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-10 09:34:07 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-10 09:34:04 56688 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-10 09:34:01 1074176 ----a-w- c:\windows\system32\DWrite.dll
2012-05-10 09:34:00 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-10 09:34:00 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-10 09:33:59 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-05-10 09:33:59 161792 ----a-w- c:\windows\system32\d3d10_1.dll
.
==================== Find3M ====================
.
2012-05-05 03:18:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 03:18:23 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 14:57:44.29 ===============

 

[squigglyx]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/30/2010 3:23:04 PM
System Uptime: 6/6/2012 8:06:59 AM (6 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | 1005HA
Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | PBGA 437 | 800/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 62.276 GiB free.
D: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Flash Reader
Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SINGLE&PROD_FLASH_READER&REV_1.00#058F63356336&0#
Manufacturer: Single
Name: D:\
PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_SINGLE&PROD_FLASH_READER&REV_1.00#058F63356336&0#
Service: WUDFRd
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: 5618
Device ID: ROOT\LEGACY_5618\0000
Manufacturer:
Name: 5618
PNP Device ID: ROOT\LEGACY_5618\0000
Service: 5618
.
==== System Restore Points ===================
.
RP383: 5/30/2012 10:16:44 PM - Windows Update
RP384: 6/1/2012 12:57:39 AM - Windows Update
RP385: 6/2/2012 4:04:53 AM - Windows Update
RP386: 6/3/2012 2:49:21 AM - Windows Update
RP387: 6/4/2012 9:49:17 AM - Windows Update
RP388: 6/4/2012 11:22:12 PM - Windows Update
RP389: 6/5/2012 11:01:43 PM - Removed Rosetta Stone Version 3
RP390: 6/5/2012 11:38:12 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
AIM 7
Angry Birds
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS VIBE
ASUSUpdate for Eee PC
Atheros Client Installation Program
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.2.6
Audacity Recovery Utility
Bing Rewards Client Installer
Bonjour
CCleaner
Cisco AnyConnect VPN Client
Crack the DAT 2012-2013
Crack the DAT 5.0.15
DAEMON Tools Lite
DivX Setup
Download Updater (AOL LLC)
E-Cam
EAP-GTC-x86
Eee Docking 3.3.0
EeeSplendid
Facebook Video Calling 1.2.0.159
Google Chrome
Google Update Helper
Hotkey Service
Intel AppUp(SM) center
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 5
Java Auto Updater
Java(TM) 6 Update 30
LogonStudio
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
OGA Notifier 2.0.0048.0
OLink
OOBERegBackup
Pepakura Viewer 3
QuickTime
Rainlendar2 (remove only)
Realtek High Definition Audio Driver
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Toolbars
Skype™ 4.2
Spotify
Super Hybrid Engine
Synaptics Pointing Device Driver
SystemSetting
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
VLC media player 2.0.0
Windows Live Sync
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
6/5/2012 7:18:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/5/2012 6:49:48 PM, Error: Service Control Manager [7034] - The Asus Launcher Service service terminated unexpectedly. It has done this 1 time(s).
6/5/2012 5:53:46 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/5/2012 5:53:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/5/2012 5:53:13 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
6/5/2012 5:52:19 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
6/5/2012 2:34:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
6/5/2012 11:27:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
6/5/2012 11:27:16 PM, Error: Service Control Manager [7000] - The 5618 service failed to start due to the following error: The system cannot find the file specified.
6/5/2012 11:27:16 PM, Error: Microsoft-Windows-TaskScheduler [413] - Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.
6/5/2012 11:10:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/4/2012 6:50:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
6/4/2012 6:49:51 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR12.
.
==== End Of File ===========================

 

[Bobbye]

The start page set for Firefox is Google>> FF - prefs.js: browser.startup.homepage - hxxps://www.google.com

The start age set in IE is for the legitimate, secure site for the Bqnk of America.>> uStart Page = https://www.bankofamerica.com

To set Firefox as the default browser:
Open Firefox> Click on Tools> Options> Advanced> Geberal tab> Default section> Check "Always check to see if Firefox is the default browser"> the press 'check now'> If not set to default and you want it as default> accept the change now.

Then go to Control Panel> Internet Options> Programs tab> Uncheck 'aways check to see if IE is the default browser>' Click on Apply> OK.
-------------------------------------------
To set Internet Explorer as the default browser:
Open IE> Tools> Internet Options> Programs tab> (at the bottom)Check 'Internet Explorer should check to see if it's the default browser'> if it is not, check for it to be the default browser.

If you want to change the start page for IE: Go to the site you want for the Start page> Click on Tools> Internet Options> General tab> Homepage section> Press 'use current'> Click on Apply> OK

Making a browser the default means that is the browser that will open when you click on a link to open a site page. You will launch the default browser from a shortcut after you logon and are ready to start.

 

[squigglyx]

Thank you. It seems after Firefox updated it remained as Google after I changed it. However, before it set itself as bankofamerica.com without me changing it and everytime I closed the browser, even if I changed the homepage manually, it would revert back to bankofamerica.com. That is why I was worried I might have some sort of malware or virus.

 

[Bobbye]

You're welcome. I don't know how that page got set, but I don't think it was by malware.

Let's make sure it's off the system: Run thie:TFC (Temp File Cleaner)

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

-----------------------------------------

Remove all of the tools we used and the files and folders they created

• Uninstall ComboFix and all Backups of the files it deleted
  [o] Click START> then RUN
  [o] Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
• Download OTCleanIt by OldTimer and save it to your Desktop.
  [o] Double click OTCleanIt.exe.
  [o] Click the CleanUp! button.
  [o] If you are prompted to Reboot during the cleanup, select Yes.
  [o]The tool will delete itself once it finishes.
  Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
• Set a new, clean Restore Point
  [o] Click on Start> right click on Computer> Properties
  [o] Select System Protection
  [o] Click on the Create button (near bottom)
  [o] Type a name for the Restore Point
  [o] Click on Create again to save the restore point.
• Deleting all but the most recent System Protection point in Windows 7
  [o] Click Start> Computer> right click the C Drive and choose Properties> enter.
  [o] Click Disk Cleanup from there.
  
  
  
  [o] Click Clean up system files
  This restarts Disk Cleanup to run in elevated mode.
  [o] Click the More Options tab
  
  
  
  [o] Click the Clean up under System Restore and Shadow Copies.
  [o] Click OK.
  [o] You will get a confirmation screen> Just click Delete.
  [o] Click OK on the Disk Cleanup Screen.
  [o] Click Delete Files on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
Images courtesy lytebyte.

Empty the Recycle Bin
==========================================================
Check the system for a couple of days o make sure the page holds. Let me know if okay and I'll close the thread.