Browser launching at startup, virus with a sense of humor?

I am at my wit's end here. Earlier today I was unable to accomplish something which has never been a problem for me in the past. Simple file transfers over a local network between two Win7 PC's. I still haven't got to the bottom of it, but a newer problem has sprung up which would be pretty damn funny if it wasn't so frustrating.

So, in the middle of all my earlier networking problems, several people mentioned I should be using homegroups (which I still disagree with), and at some point after that, I rebooted my computer, and upon windows startup, a browser launched on its own and connected to homegroup.com (a bogus site). Hilarious... after an hour discussing homegroups, I get a strange never before seen bug (virus???) where my PC connects to homegroup.com on startup. Truly hilarious.

I've run full system scans with:
MBAM
MSE
Ad-Aware

The browser is Firefox (my default) if it matters. I've checked my startup folder, and msconfig. Also, note that homegroup.com is NOT my browser's homepage (it is still google.com as it's always been). I've checked running services... they are all accounted for.

This is hardly a catastrophic problem, the easy solution is to just close the browser. However it bothers me in general to have any unexpected behavior on my PC, and this one is extra special because of the whole homegroup ordeal. I am not sure how I could have a virus already... I just formatted this PC yesterday and have only installed trusted software (and MSE was one of my first installs as always).

Truly going crazy here. Is it possible while mucking around in all the advanced networking settings, I somehow typed the word homegroup in somewhere and caused this to happen? I doubt it... but I really have no other ideas. Help!

Thanks!

Jacee said:

The IP for that site is 69.43.160.149 ... do you recognize it?

No, I'm not on a first name basis with any IP's.

Ztruker said:

Were I you I would dump Homegroup and move back to good old WORKGROUP.

That's the thing... I'm NOT using Homegroup... I think it's a silly idea and I never needed it. And just when I got into an argument about that on a different forum over a different topic, is when this whole thing started happening. Which is what makes it so (painfully) hilarious.

Well... here is something interesting! I removed FF for grins.

With FF gone, IE was my default again. Sure enough, it did launch... but it only tried to connect to http://homegroup/

Which means FF was adding in the www and com... which makes me even more suspicious this is not a virus but something I did in my network mucking. But I am pretty damn sure I never typed the word homegroup in anywhere... the only thing I did regarding homegroups was disable them everywhere I saw them!

Last time my homepage was hijacked, I deleted all the cookies, and I think I didn't allow them, either. I'm not very experienced, but I think that will help with a problem like this.

Homegroup saves a lot of time configuring Network. I wouldn't use anything else. I set up a network after install in about 2 minutes.

I'd boot and run Microsoft Standalone System Sweeper to check for infection hiding in System files. Run another Malwarebytes full scan.

I just created a new user to see if it happened with him, and sure enough it doesn't happen with the new user. So, I got out Wingrep and searched the old user folder (which was small enough that it didn't crash Wingrep like an entire C: search did), and I found one entry that made me suspicious:

Code:

C:\Users\xxxxxxx\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5afe4de1b92fc382.customDestinations-ms
00007: fldr.dll,-11411SPSâXFL8Cü&mÎÀFLÀFç U^GÊU^GÊÐSj Ê(üÿÿKPàOÐ ê:iØ+00/C:\R1þ>ÔEWindows<ïî:þ>ÔE*WindowsV1ÿ>8System32>ïî:ÿ>8*System32t2(î:Ë GettingStarted.exeRïí:í:*EEGettingStarted.exe"U-TJC:\Windows\System32\GettingStarted.exe)@%systemroot%\system32\oobefldr.dll,-1162b{D36AFB67-9043-4714-B4A3-E9E9481750A1} %systemroot%\system32\control.exe /name Microsoft.HomeGroup"%systemroot%\system32\imageres.dll%SystemRoot%\system32\GettingStarted.exe

I deleted that file, and it solved the problem! No more http://homegroup/ browser launches!

Now, anybody have a good explanation for what that file is and how it got there?

Furthermore... I still am not able to get network shares working properly with my main account, and as an insult I noticed that my new dummy account I made for testing does network shares perfect right out of the box, with what appear to be the same exact settings I have on my main account. Grr. I guess if it bothers me enough I'll migrate the account somehow.

Found this:

GettingStarted.exe is a key process in operation system, which is responsible for system services that run from dynamic link libraries (files with extension .dll). Because it is used as a common system process, some spyware often uses a process name of "GettingStarted.exe" to disguise itself. By hiding under the fake name - “GettingStarted.exe”, spyware can damage more files and ruin your system gradually. Some spyware inject a .dll file into the authentic GettingStarted.exe process.

You may follow the methods below and see if it helps.
Method 1
a) Press Ctrl+Shft+Esc to invoke Task manager.
b) Go to Processes tab and Locate GettingStarted.exe
c) Right click it and select End process.
Method 2
You may perform clean boot to see if any third party service is causing this issue.
How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7 How to troubleshoot a problem by performing a clean boot in Windows Vista or in Windows 7
Note : After troubleshooting follow Step 7: Reset the computer to start as usual
Method 3
If the issue still persists, you may perform System File Checker to repair missing or corrupted system files.
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
Method 4
You may run the virus scan from the link below to scan for viruses on your computer.
Microsoft Safety Scanner
Microsoft Safety Scanner - Free online tool for PC health and safety
Check if the issue is resolved.

Source: what is 'C;\ystem32\GettingStarted.exe'. and why -