Bing has taken over as my default search address bar in Firefox, search provider

[treetops]

You know where it says www.techspot.com. Yes it has taken it over. There is no bing addon, extension or remove program. I followed a few guides I found googling and they only work until I restart FF. My old search engine was Google in the address bar.

 

[Cobalt006]

In the address bar where it says your search program. Drop down the menu there. You should be able to switch it back to Google

 

[mike1959]

Hi, It's the 'down arrow' or 'V' icon. Just click on it and you will have a choice of several search engines.
I use 'Dogpile' and you can find others in the 'Manage search engines' line.

 

[treetops]

When I click on the V this is what I see. I dont see anything in firefox that says search program. It appears to just give a list of my recent search history. The top link that says make google your search engine is just a website that tells you how to change your search engine bar to google.

 

[mailpup]

You're clicking on the wrong thing. See the box in your picture that says, "there is no try only do?" Click on the Google icon. Technically there is small down arrow next to it. Select your choice from the drop down menu. Although you already have Google selected, select it again and see it that does anything.

If a search engine you want does not appear in the resulting drop down menu, click on Manage Search Engines.

 

[treetops]

You're clicking on the wrong thing. See the box in your picture that says, "there is no try only do?" Click on the Google icon. Technically there is small down arrow next to it. Select your choice from the drop down menu. Although you already have Google selected, select it again and see it that does anything.

If a search engine you want does not appear in the resulting drop down menu, click on Manage Search Engines.

That only seems to affect my search engine on the far right. I like typing into the address bar since its bigger and an easy click. It used to use google search now it uses bing. The one on the far right works just fine.

The text highlighted is the bar that has bing as the search engine that I want back to google.

I have tried

1. • 1
     Launch Firefox.
   • 2
     Type "about:config" in the location bar.
   • 3
     Click on the button that reads, "I'll be careful, I promise!" on the screen that warns you about your warranty.
   • 4
     Type "keyword.URL" in the filter bar.
   • 5
     Right-click on "keyword.URL" in the search results. Click "Reset."
   • guide from http://www.ehow.com/how_5196325_remove-firefox-work-way-used.html

[LEFT] [/LEFT]
[LEFT]But it goes back to bing when I restart firefox. Ok maybe I should been referring to it as the location bar.[/LEFT]

 

[mailpup]

How about this instruction? - http://www.firefoxfacts.com/2008/01/13/change-default-search-in-firefox/

The instructions start out similarly but they're different.

 

[treetops]

How about this instruction? - http://www.firefoxfacts.com/2008/01/13/change-default-search-in-firefox/

The instructions start out similarly but they're different.

I just tried setting it from google to yahoo, no effect. I set it back to google, still no affect.

 

[mailpup]

You could try uninstalling FF and reinstalling it. Maybe that will restore that function.

Edit: As you may know, you need not delete your profile information when you uninstall. Alternately, if your bookmarks are the only things you want to save, you can just save your bookmarks by exporting them to a designated folder and when you reinstall, you can import them back.

 

[mike1959]

Hi. In Firefox, in the top menu line, go to 'Tools' option.
Click on 'Options'
Click on 'General'
On the line that says about 'Homepage', type in the box, www.google.com
Then click OK, close Firefox, and restart it.

 

[treetops]

You could try uninstalling FF and reinstalling it. Maybe that will restore that function.

Edit: As you may know, you need not delete your profile information when you uninstall. Alternately, if your bookmarks are the only things you want to save, you can just save your bookmarks by exporting them to a designated folder and when you reinstall, you can import them back.

I really just want my book marks tool bar, heck my favorites too. I tried both new suggestion neither worked. My browser has been romanced by bing and now has a bing baby, what am I going to have to do reinstall windows? I think at this point I may need to go to the virus removal section.

I like pc but this makes me want a mac.

Heck I should sell my win 7 key on ebay and get a free linux os this is annoying.

 

[mike1959]

Hi, Just before you rush out and buy a Mac, try;
'Start', 'Search for files and folders' box and type in 'msconfig''
In the Startup tab, untick, 'Bing desktop'
In the 'Services' tab untick, 'Bing Desktop Update Service' & 'Bingbar Service'.
Click on 'Apply', and 'exit without restarting'.
In Firefox;-
The toolbars are in 'View', 'Toolbars' & tick each one you want to see.

 

[Bobbye]

I'm sorry you didn't finish up in May when I was helping you. At that time, we found there was a validation problem with the OS> was that ever corrected?

You also said you were removing Firefox in favor of Chrome> did you do that then put Firefox back?

If Bing has taken over the homepage, there will be other entries that need to be removed. I can do that with script in Combofix. We can try that if you resolved the past 'file mismatches and validation', but if the problem is more extensive, you will need to return to the malware forum.
---------------------------------------
For now: Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------

• Download Combofix from HERE or HEREand save to the desktop
  • Double click combofix.exe & follow the prompts.
  • If prompted for Recovery Console, please allow.
  • Once installed, you should see a blue screen prompt that says:
    

    The Recovery Console was successfully installed.

  • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
  • Note: No query will be made if the Recovery Console is already on the system.
• Close any open browsers.
• Before you run the Combofix scan, please disable any security software you have running.
  (If you need help with this, please see HERE)
• Click on Yes, to continue scanning for malware
• If Combofix asks you to update the program, allow
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Note 1o not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

[treetops]

Mike19 bing desktop is not on my computer.

Bob
Yes I reinstalled my os, any validation problems should be resolved. I went back to firefox after reinstalling my os. I ran combofix, it did not resolve the bing problem. The problem is minor, but still annoying.

Bing has not taken over my homepage, merely the search address bar as shown in the photo where the text is highlighted. It used to search threw googles search engine, all of a sudden it changed to bing.

I just got back from a camping trip thanks for the responses here is the combofix log.

p.s. Hey bob I believe the old python code on my old os was left over from the diablo 2 bots I had used and uninstalled year(s) ago. And my mouse hardware was to blame for the bad clicks I was having.

ComboFix 12-07-21.01 - Josh 07/22/2012 16:14:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3060 [GMT -7:00]
Running from: c:\users\Josh\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 23:18 . 2012-07-22 23:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 20:55 . 2012-07-22 20:55 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCCB76E3-6072-4FAA-849F-33E928A8ADBE}\offreg.dll
2012-07-21 23:01 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCCB76E3-6072-4FAA-849F-33E928A8ADBE}\mpengine.dll
2012-07-12 00:56 . 2012-07-12 00:56 388096 ----a-r- c:\users\Josh\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-12 00:56 . 2012-07-12 00:56 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-10 22:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 21:43 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-02 12:45 . 2012-07-02 12:45 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-07-02 04:25 . 2012-07-02 04:25 -------- d-----w- c:\windows\Sun
2012-07-02 04:24 . 2012-07-02 04:24 -------- d-----w- c:\users\Josh\AppData\Local\CRE
2012-07-02 04:24 . 2012-07-02 04:24 -------- d-----w- c:\program files (x86)\Conduit
2012-07-02 04:24 . 2012-07-02 05:06 -------- d-----w- c:\users\Josh\AppData\Local\Conduit
2012-07-02 04:20 . 2012-07-02 04:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-02 04:14 . 2012-07-02 04:14 -------- d-----w- c:\program files (x86)\Oracle
2012-07-02 04:14 . 2012-05-05 02:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-02 04:14 . 2012-05-05 02:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-02 04:13 . 2012-07-02 04:13 -------- d-----w- c:\program files (x86)\Java
2012-06-24 22:04 . 2012-06-24 22:04 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2012-06-24 22:03 . 2010-07-15 18:30 290816 ----a-w- c:\windows\SysWow64\stFLVSource.ax
2012-06-24 22:03 . 2012-06-24 22:03 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-06-24 22:03 . 2009-08-17 16:54 1184984 ----a-w- c:\windows\SysWow64\wvc1dmod.dll
2012-06-24 22:03 . 2012-06-24 22:03 -------- d-----w- c:\program files (x86)\Sothink Video Converter
2012-06-24 22:03 . 2009-08-17 16:54 438272 ----a-w- c:\windows\SysWow64\Mpeg2DecFilter.ax
2012-06-24 22:03 . 2009-08-17 16:54 217088 ----a-w- c:\windows\SysWow64\CoreFLACDecoder.ax
2012-06-24 22:03 . 2009-03-18 00:38 70656 ----a-w- c:\windows\SysWow64\RLAPEDec.ax
2012-06-24 20:38 . 2012-06-24 20:38 -------- d-----w- c:\program files (x86)\BurnAware Free
2012-06-23 23:12 . 2012-06-23 23:12 -------- d-----w- c:\users\Josh\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 18:07 . 2012-06-05 23:50 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 18:07 . 2012-06-05 23:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-10 22:39 . 2012-06-04 11:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-04 23:25 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-04 23:25 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-04 11:48 . 2012-06-04 11:48 97280 ----a-w- C:\bootsect.exe
2012-06-04 11:31 . 2012-06-04 11:31 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-04 11:31 . 2012-06-04 11:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-04 11:31 . 2012-06-04 11:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-04 11:31 . 2012-06-04 11:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-04 11:31 . 2012-06-04 11:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-04 11:31 . 2012-06-04 11:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-04 11:31 . 2012-06-04 11:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-04 11:31 . 2012-06-04 11:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-04 11:31 . 2012-06-04 11:31 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-04 11:31 . 2012-06-04 11:31 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-04 11:31 . 2012-06-04 11:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-04 11:31 . 2012-06-04 11:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-04 11:31 . 2012-06-04 11:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-04 11:31 . 2012-06-04 11:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-04 11:31 . 2012-06-04 11:31 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-04 11:31 . 2012-06-04 11:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-04 11:31 . 2012-06-04 11:31 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-04 11:31 . 2012-06-04 11:31 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-04 11:31 . 2012-06-04 11:31 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-04 11:31 . 2012-06-04 11:31 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-04 11:31 . 2012-06-04 11:31 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-04 11:31 . 2012-06-04 11:31 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-04 11:31 . 2012-06-04 11:31 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-04 11:31 . 2012-06-04 11:31 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-04 11:31 . 2012-06-04 11:31 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-04 11:31 . 2012-06-04 11:31 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-04 11:31 . 2012-06-04 11:31 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-04 11:31 . 2012-06-04 11:31 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-04 11:31 . 2012-06-04 11:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-04 11:31 . 2012-06-04 11:31 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-04 11:31 . 2012-06-04 11:31 448512 ----a-w- c:\windows\system32\html.iec
2012-06-04 11:31 . 2012-06-04 11:31 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-04 11:31 . 2012-06-04 11:31 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-04 11:31 . 2012-06-04 11:31 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-04 11:31 . 2012-06-04 11:31 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-04 11:31 . 2012-06-04 11:31 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-04 11:31 . 2012-06-04 11:31 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-04 11:31 . 2012-06-04 11:31 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-04 11:31 . 2012-06-04 11:31 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-04 11:31 . 2012-06-04 11:31 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-04 11:31 . 2012-06-04 11:31 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-04 11:31 . 2012-06-04 11:31 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-04 11:31 . 2012-06-04 11:31 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-04 11:31 . 2012-06-04 11:31 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-04 11:31 . 2012-06-04 11:31 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-04 11:31 . 2012-06-04 11:31 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-04 11:31 . 2012-06-04 11:31 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-04 11:31 . 2012-06-04 11:31 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-04 11:31 . 2012-06-04 11:31 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-04 11:31 . 2012-06-04 11:31 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-04 11:31 . 2012-06-04 11:31 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-04 11:31 . 2012-06-04 11:31 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 22:19 . 2012-06-21 19:40 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:40 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:40 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:40 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:40 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 19:40 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:40 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:40 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 19:40 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-31 19:25 . 2012-06-05 21:38 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-22 21:26 . 2012-06-08 05:00 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-22 21:26 . 2012-06-08 05:00 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-22 21:26 . 2012-05-22 21:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-04 11:06 . 2012-06-14 06:02 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-16 03:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-14 06:02 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 06:02 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-16 03:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-14 06:02 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 06:02 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 06:02 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 06:02 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 06:02 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 06:02 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 06:02 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 06:02 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 06:02 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 06:02 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 06:02 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-17 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Josh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-6-14 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Play Wireless USB Adapter Utility.lnk - c:\program files (x86)\Belkin\F7D4101\V1\PBN.exe [2009-11-25 110592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 116648]
R2 WLANBelkinService;Belkin WLAN service;c:\program files (x86)\Belkin\F7D4101\V1\wlansrv.exe [2009-12-29 36864]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 116648]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-04 1255736]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-06 69976]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S3 ALSysIO;ALSysIO;c:\users\Josh\AppData\Local\Temp\ALSysIO64.sys [x]
S3 BCMH43XX;N+ Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-05 18:07]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 10:38]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-04 10:38]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1265617423-3445245865-536936970-1000Core.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 10:38]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1265617423-3445245865-536936970-1000UA.job
- c:\users\Josh\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-02 10:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-21 02:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hulu.com/?src=topnav
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.3.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Josh\AppData\Roaming\Mozilla\Firefox\Profiles\oew56lwd.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 16:20:02
ComboFix-quarantined-files.txt 2012-07-22 23:20
.
Pre-Run: 535,927,402,496 bytes free
Post-Run: 535,783,829,504 bytes free
.
- - End Of File - - 698554BBECB8BEF8A512C9584ECF30F9

 

[Bobbye]

(Please let me know if you have any problems with link. I had to redo some of the coding)

There are no entries for Bing showing in THIS log. But the Firefox keyword search has:

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=]

I've put the Conduit entry in the script below. Please check Add/Remove Programs and uninstall ANY entries for Conduit or Conduit Engine.
-------------------------------------------
The conduit.engine and conduit.toolbar is a PUP (potentially unwanted program). Conduit bundles a hidden "toolbar" and other apps with other companies' software.
(Some say Conduit pays kiickbacks to that companu because they hide the fact from the end user that Conduit products are being allowed to secretly install, along with the product the end user actually wanted.)

Conduit.Engine installs along other toolbars powered by Conduit. This is frequently seen in the personal toolbars that users set up for a particular "community."

Feel free to also call Conduit Foistware because it is installed without your knowledge or permission.

But you need to reset the keyword again in Firefox because it has Conduit:

Firefox Keyword Reset:

1. . Open FireFox and instead of a url, type about:config in the Address Bar.
2. . Firefox will give you a warning, but go in anyway.
3. . Locate the keyword.url line. It should look like the image below.
4. . Right click on keyword.url, then select Reset

---------------------------------------------------------
*REMOVED COMBOFIX SCRIPT ~DMJ*
====================
I have also put the current HijackThis in the script. Make sure the HijackThis you had has been removed. Check Add/Remove Programs to be sure. After it is uninstalled, follow my directions to set up the Directory. Then you can downloasd, install and run a new HJT scan. It's possible I may see a Bing entry in that.

First, set up a Directory for HijackThis as follows:
Right click Start> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
Exit Explorer
You now have a folder C:\HijackThis
----------------------------------
Download HijackThis and save to your desktop.

• Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
• Extract it to the directory on your hard drive you created C:\HijackThis.
• Then navigate to that directory and double-click on the hijackthis.exe file.
• When started click on the Scan button and then the Save Log button to create a log of your information.
• The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and paste (Ctrl+V) the log in your next reply.

NOTEo NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
==================================
Since Combofix removed entries for a Trojan, go ahead with this:To run the Eset Online Virus Scan:
If you use Internet Explorer:

1. Open the ESETOnlineScan
2. Skip to #4 to "Continue with the directions"
   
   If you are using a browser other than Internet Explorer
3. Open Eset Smart Installer
   [o] Click on the esetsmartinstaller_enu.exe link and save to the desktop.
   [o] Double click on the desktop icon to run.
   [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
4. Continue with the directions.
5. Check 'Yes I accept terms of use.'
6. Click Start button
7. Accept any security warnings from your browser.
   
   
8. Uncheck 'Remove found threats'
9. Check 'Scan archives/
10. Leave remaining settings as is.
11. Press the Start button.
12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
13. When the scan completes, press List of found threats
14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================================
    Post the logs for new Combofix after running the script, Eset and HijackThis in your next reply.
    If you still have issues when I have reviewed these logs, I will refer you to the Virus and Malware Forum to do additional 'cleaning.'

 

[DelJo63]

frequently you can uninstall tool bars in the CP->Programs

 

[treetops]

I found a quick solution, thanks for identifying it was a conduit thing and yes I wrote them a email. When I have more time I will follow through your instructions anyways as to make sure its completely gone.

http://forum.precisesecurity.com/computer-security/remove-searchconduitcom-hijacker

1. Open Firefox
2. On the address bar, type – about:config in the URL. Press Enter.
3. You will be warned about Warranty. Click on “I’ll be careful…”
4. On the Filter dialog box type – search.conduit
5. It will display all related entries. Right-click on Preferences Name and Reset.

 

[Bobbye]

Make sure the keword URL is no longer pointing to the Search.Conduit.

 

[Bobbye]

Your "quick solution" is the same I gave you in my Reply #5:
Firefox Keyword Reset:

1. . Open FireFox and instead of a url, type about:config in the Address Bar.
2. . Firefox will give you a warning, but go in anyway.
3. . Locate the keyword.url line. It should look like the image below.
4. . Right click on keyword.url, then select Reset

The ONLY difference is that you filter 'conduit' and I filter 'ketword'> which in this case should be the same.

Did you run the script I left? I did not get the new Combofix log.

A note for you: it takes time to review logs. It takes time to write script. It takes time to give you all of the instructions. But when you abandon a thread before the problem is resolved or your helper refers you elsewhere, it can be a waste of time spent. With me, you are now running 2 for 2.

 

[learninmypc]

treetops, AFTER you have followed the other advice, may I make a suggestion that worked for me?
I realize what works for one , may not work for another, but I had a similiar problem & was able to fix it with this addon https://addons.mozilla.org/en-US/firefox/addon/omnibar/
The end result will look similiar to this

Good luck

 

[treetops]

I am busy atm, thats why I did not want to make a virus removal thread. I am thankful for your time I will get back later but I am not sure when.

 

[Bobbye]

Okay.

 

[treetops]

Well I got bing off as I needed. I do not need any further help.

P.s. it appears that it was somehow packaged with a new bittorrent update even though no check boxes were clicked on the install, I ran across other similar accounts after a few hours of reading various forums

I did pm you the last logs of my first problem after I reinstalled my os. I do appreciate your help, but posted here as I am not going after a lengthy cleaning. Thanks for all the suggestions.

 

[Bobbye]

The following is just FYI: as requested, my help is ended.

There entries below were on the the system in the logs you ran for me in May. I left a link for information about File sharing then. As long as they are present, the system has an open door for malware.

https://www.techspot.com/community/...had-system-fix-too.180264/page-2#post-1174002

Installed Programs: BitTorrent has access through the firewall:
You have this listed underAuthorized Applications in the Firewall:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

Various ports open in the firewall:
"TCP Query User{D5B5DB21-35EB-491B-BAE8-69EF0DAF89EB} C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"UDP Query User{7EDF809B-2783-4667-80BB-EF5784A35147} C:\program files (x86)\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |

========== LOP Check ==========
Both BitTorrent and Frostwire are listed here: See note on LOP:
[2012/04/30 22:48:47 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\BitTorrent

[2009/11/15 00:52:41 | 000,000,000 | ---D | M] -- C:\Users\Josh\AppData\Roaming\FrostWire

LOP Check - off by default for the standard scans and on by default for the Quick Scan. This scan scans the All Users Application Data folder and the user's Application Data folder and lists all files, and all folders present not on the LOP Whitelist (a list of about 160 folders that have been deemed safe) and all files in the Windows Tasks folder.
-----------------------------------------
So don't be surprised at what BitTorrent has done.

 

[Tim Pence]

I found a quick solution, thanks for identifying it was a conduit thing and yes I wrote them a email. When I have more time I will follow through your instructions anyways as to make sure its completely gone.

http://forum.precisesecurity.com/computer-security/remove-searchconduitcom-hijacker

1. Open Firefox
2. On the address bar, type – about:config in the URL. Press Enter.
3. You will be warned about Warranty. Click on “I’ll be careful…”
4. On the Filter dialog box type – search.conduit
5. It will display all related entries. Right-click on Preferences Name and Reset.

You rock!!!! I have been searching for hours and this is the only thing that helped me. Thank you very much!!!