Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirect,missing icons on start up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirect,missing icons on start up

Unread postby drkilljoy » May 23rd, 2010, 2:25 pm

I have some malware that changes my search engine links, and when I start up my laptop, some icons are missing, someone please help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:20 PM, on 5/16/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugin-container.exe
C:\Program Files\Microsoft Works\WksWP.exe
C:\PROGRA~1\MICROS~2\WkDStore.exe
C:\PROGRA~1\MICROS~2\wkgdcach.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ReCycle Patch] "C:\Users\CAllen\AppData\Local\Temp\Rar$EX00.997\ReCyclePatch.exe" -s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7511 bytes










µTorrent
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CDisplay 1.8
Choice Guard
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
Enigma
ERUNT 1.1j
ESET Online Scanner v3
GTK+ Runtime 2.14.7 rev a (remove only)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPSSupply
iTunes
Java(TM) 6 Update 18
LabelPrint
LG USB Modem driver
Malwarebytes' Anti-Malware
ManyCam 2.4 (remove only)
M-Audio Series II MIDI
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.16)
Mozilla Firefox (3.6.4)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Pidgin
Power2Go
PowerDirector
QuickTime
Reason 4.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Servicepoint 3.5.10
Viewpoint Media Player
VLC media player 1.0.2
VoiceOver Kit
WeatherBug Gadget
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm
Advertisement
Register to Remove

Re: Google redirect,missing icons on start up

Unread postby askey127 » May 24th, 2010, 8:17 pm

drkilljoy,
We have to do some preliminary work before we look for the infection.
Since you have Vista, most programs I will ask you to use need to be started by right-clicking with the mouse, and choosing "Run as administrator".
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?f=11&t=33112
As a condition of receiving our help, I have included the P2P program utorrent in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze, BitLord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
It's also very important to avoid any "cracks" or "Keygens" that allow unauthorized use of programs. Besides being illegal, these files also are loaded with "planted" malware.
-----------------------------------------------------------
Remove Registry items with HighjackThis. Start HijackThis.
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
O4 - HKLM\..\Run: [ReCycle Patch] "C:\Users\CAllen\AppData\Local\Temp\Rar$EX00.997\ReCyclePatch.exe" -s

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:
µTorrent
Choice Guard
WeatherBug Gadget

Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into Keeping the program.
-----------------------------------------------------------
Download a free AntiVirus Program
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
Consider this an Emergency until you complete it!----------------------------------------------
Run Temp File Cleaner
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and Run as Administrator in Vista)
If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » May 25th, 2010, 4:06 pm

I was able to get rid of uTorrent but the two other programs were not listed and I searched for them.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:20 PM, on 5/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Verizon Broadband Toolbar - {A057A204-BACC-4D26-8398-26FADCF27386} - C:\PROGRA~1\VERIZO~1\VERIZO~1.DLL
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServicepointService - Radialpoint Inc. - C:\Program Files\Verizon\VSP\ServicepointService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7485 bytes












32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Adobe Shockwave Player
AIM 6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CDisplay 1.8
Choice Guard
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
Enigma
ERUNT 1.1j
ESET Online Scanner v3
GPL MPEG-1/2 DirectShow Decoder Filter
GTK+ Runtime 2.14.7 rev a (remove only)
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Experience Enhancements
HP Customer Participation Program 8.0
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart Essential 2.5
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Smart Web Printing
HP Solution Center 8.0
HP Total Care Advisor
HP Update
HP User Guides 0090
HP Wireless Assistant
HPNetworkAssistant
HPSSupply
iTunes
Java(TM) 6 Update 18
LabelPrint
LG USB Modem driver
Malwarebytes' Anti-Malware
M-Audio Series II MIDI
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MobileMe Control Panel
Mozilla Firefox (3.0.16)
Mozilla Firefox (3.6.4)
MP3 Converter Simple
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
QuickTime
Reason 4.0
Rhapsody Player Engine
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
SlingPlayer
Spelling Dictionaries Support For Adobe Reader 9
Super Webcam
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Verizon Broadband Toolbar (IE only)
Verizon Broadband Toolbar Firefox only
Verizon Servicepoint 3.5.10
Viewpoint Media Player
VLC media player 1.0.2
VoiceOver Kit
WeatherBug Gadget
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinPatrol 2009
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Toolbar
YouTube Downloader 2.5.5
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » May 26th, 2010, 7:53 am

drkilljoy,
---------------------------------------------
Symantec did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
---------------------------------------------
Download Revo Uninstaller Free version from here:
http://www.revouninstaller.com/revo_uni ... nload.html
Install the Revo program and use it to try and Uninstall
Choice Guard
WeatherBug Gadget

-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
-----------------------------------------------------------
Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. UNCHECK the following ...
    • Sections
    • IAT/EAT
    • Drives/Partitions other than C:\
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » May 27th, 2010, 2:15 am

Avira AntiVir Personal
Report file date: Tuesday, May 25, 2010 16:01

Scanning for 2158107 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CALLEN-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:45:12
VBASE006.VDF : 7.10.6.83 2048 Bytes 4/15/2010 19:45:12
VBASE007.VDF : 7.10.6.84 2048 Bytes 4/15/2010 19:45:12
VBASE008.VDF : 7.10.6.85 2048 Bytes 4/15/2010 19:45:12
VBASE009.VDF : 7.10.6.86 2048 Bytes 4/15/2010 19:45:12
VBASE010.VDF : 7.10.6.87 2048 Bytes 4/15/2010 19:45:12
VBASE011.VDF : 7.10.6.88 2048 Bytes 4/15/2010 19:45:12
VBASE012.VDF : 7.10.6.89 2048 Bytes 4/15/2010 19:45:13
VBASE013.VDF : 7.10.6.90 2048 Bytes 4/15/2010 19:45:13
VBASE014.VDF : 7.10.6.123 126464 Bytes 4/19/2010 19:45:13
VBASE015.VDF : 7.10.6.152 123392 Bytes 4/21/2010 19:45:14
VBASE016.VDF : 7.10.6.178 122880 Bytes 4/22/2010 19:45:14
VBASE017.VDF : 7.10.6.206 120320 Bytes 4/26/2010 19:45:15
VBASE018.VDF : 7.10.6.232 99328 Bytes 4/28/2010 19:45:15
VBASE019.VDF : 7.10.7.2 155648 Bytes 4/30/2010 19:45:16
VBASE020.VDF : 7.10.7.26 119808 Bytes 5/4/2010 19:45:16
VBASE021.VDF : 7.10.7.51 118272 Bytes 5/6/2010 19:45:17
VBASE022.VDF : 7.10.7.75 404992 Bytes 5/10/2010 19:45:18
VBASE023.VDF : 7.10.7.100 125440 Bytes 5/13/2010 19:45:18
VBASE024.VDF : 7.10.7.119 177664 Bytes 5/17/2010 19:45:19
VBASE025.VDF : 7.10.7.139 129024 Bytes 5/19/2010 19:45:20
VBASE026.VDF : 7.10.7.157 145920 Bytes 5/21/2010 19:45:20
VBASE027.VDF : 7.10.7.158 2048 Bytes 5/21/2010 19:45:20
VBASE028.VDF : 7.10.7.159 2048 Bytes 5/21/2010 19:45:20
VBASE029.VDF : 7.10.7.160 2048 Bytes 5/21/2010 19:45:21
VBASE030.VDF : 7.10.7.161 2048 Bytes 5/21/2010 19:45:21
VBASE031.VDF : 7.10.7.170 147456 Bytes 5/25/2010 19:45:21
Engineversion : 8.2.1.242
AEVDF.DLL : 8.1.2.0 106868 Bytes 5/25/2010 19:45:31
AESCRIPT.DLL : 8.1.3.29 1343866 Bytes 5/25/2010 19:45:30
AESCN.DLL : 8.1.6.1 127347 Bytes 5/25/2010 19:45:29
AESBX.DLL : 8.1.3.1 254324 Bytes 5/25/2010 19:45:32
AERDL.DLL : 8.1.4.6 541043 Bytes 5/25/2010 19:45:29
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/25/2010 19:45:28
AEHEUR.DLL : 8.1.1.27 2670967 Bytes 5/25/2010 19:45:27
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25
AEGEN.DLL : 8.1.3.9 377203 Bytes 5/25/2010 19:45:24
AEEMU.DLL : 8.1.2.0 393588 Bytes 5/25/2010 19:45:23
AECORE.DLL : 8.1.15.3 192886 Bytes 5/25/2010 19:45:23
AEBB.DLL : 8.1.1.0 53618 Bytes 5/25/2010 19:45:22
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, May 25, 2010 16:01

Starting search for hidden objects.
The scan has been canceled!


End of the scan: Tuesday, May 25, 2010 16:02
Used time: 00:14 Minute(s)

The scan has been canceled!

0 Scanned directories
0 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
1 Objects were scanned with rootkit scan
0 Hidden objects were found









GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-27 02:10:22
Windows 6.0.6002 Service Pack 2
Running: crb1667d.exe; Driver: C:\Users\CAllen\AppData\Local\Temp\uxryrpod.sys


---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 87406CEC

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager@BackupCount 2

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » May 27th, 2010, 5:50 am

drkilljoy,
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
. If you don't know how to disable your antivirus, stop and ask.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Disable ALL antivirus/antimalware programs before proceeding!
    To disable Antivir Guard:
    Right button click the Avira red Umbrella icon in the system tray
    Left button click once on the item named Antivir guard Enable
    The "Umbrella" should now look folded up.
  • Now start ComboFix (zzz.exe) on your desktop by right clicking the icon and choosing "Run as administrator"
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply
A copy of the log will be located here -> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.
Right click the red umbrella and Reenable your Antivir Guard by clicking on it again. The umbrella should now open.
-----------------------------------------------------------
After you have posted the Combofix log:
Run a full scan with Antivir and do not cancel it before it's done
Do it by right-clicking on the red umbrella again; choose Start Antivir.
Tell it to update.
When it signals update is complete, have it Run a Full Scan.
This can take an hour or two.
Let it finish.
When it completes, post the contents of the report back here.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » May 28th, 2010, 4:31 pm

I ran combofix but I cannot connect to the internet on my laptop. I tried what you said and everything else but nothing seems to work, can this be fixed?
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » May 28th, 2010, 8:34 pm

Go to the Control Panel, Networks
Click on whatever Network you normally connect to,
After it's highlighted, right click and choose Connect.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » May 29th, 2010, 1:16 am

I tried that and I still cannot connect to the internet
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » May 29th, 2010, 7:00 am

drkilljoy,
You said you RAN ComboFix.
There should be a log in the C: drive here: C:\Combofix.txt
Use My Computer, double click on C:, look for the file.
Please copy the contents of that file to a flash (thumb) drive and post it back here from a connected machine.

If you go to the Windows Control Panel, you can shut off Parental Controls. That could be a cause of connection difficulty.
I am a little uncertain of your settings now because you were evidently running Vista parental controls in the connection layer, but using P2P file sharing, and had no Antivirus. This is a dangerous combination.

It's possible you will have to do a full Recovery on the machine using the HP setup you have as a boot option.
You certainly should back up all important files (not programs) to CDs, DVDs, or flash drives.

Can you recall exactly when in the sequence you lost connectivity?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » May 30th, 2010, 2:08 am

I lost connectivity once the after log came up, How exactly can I fix the parental settings?. I will post the log as soon as I get a flash drive.
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » June 1st, 2010, 1:17 am

ComboFix 10-05-27.03 - CAllen 05/31/2010 23:56:40.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2046 [GMT -4:00]
Running from: c:\users\CAllen\Desktop\zzz.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-05-01 to 2010-06-01 )))))))))))))))))))))))))))))))
.

2010-06-01 04:06 . 2010-06-01 04:06 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-06-01 04:06 . 2010-06-01 04:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-01 04:06 . 2010-06-01 04:06 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-06-01 04:06 . 2010-06-01 04:06 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-06-01 04:06 . 2010-06-01 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-28 15:41 . 2010-06-01 04:06 -------- d-----w- c:\users\CAllen\AppData\Local\temp
2010-05-27 23:41 . 2010-05-27 23:41 -------- d-----w- c:\program files\NCH Software
2010-05-27 23:41 . 2010-05-27 23:41 -------- d-----w- c:\users\CAllen\AppData\Roaming\NCH Software
2010-05-27 05:24 . 2010-05-27 05:24 -------- d-----w- c:\users\CAllen\AppData\Local\VS Revo Group
2010-05-27 05:24 . 2009-12-30 16:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-05-27 05:23 . 2010-05-27 05:23 -------- d-----w- c:\program files\VS Revo Group
2010-05-25 21:07 . 2010-05-25 21:42 -------- d-----w- c:\program files\CamStudio
2010-05-24 22:48 . 2010-05-24 22:54 -------- d-----w- c:\program files\GPL MPEG Decoder
2010-05-24 22:41 . 2010-05-24 22:41 -------- d-----w- c:\program files\YouTube Downloader
2010-05-24 22:33 . 2010-05-24 22:33 -------- d-----w- c:\program files\SuperWebcam
2010-05-24 22:33 . 2006-06-27 12:56 31872 ----a-w- c:\windows\system32\drivers\superwebcam.sys
2010-05-24 04:15 . 2010-05-24 04:16 -------- d-----w- c:\users\CAllen\AppData\Local\ManyCam
2010-05-22 09:47 . 2010-05-22 09:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
2010-05-22 09:47 . 2010-05-22 09:47 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AOL OCP
2010-05-18 00:55 . 2010-05-18 00:56 -------- d-----w- c:\users\CAllen\AppData\Roaming\ManyCam
2010-05-18 00:55 . 2010-05-18 02:02 -------- d-----w- c:\program files\Ask.com
2010-05-11 20:44 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 05:13 . 2010-05-02 05:13 -------- d-----w- c:\program files\iPod
2010-05-02 05:10 . 2010-05-02 05:10 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-01 03:47 . 2010-01-15 17:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-28 15:23 . 2009-09-24 18:04 0 ----a-w- c:\windows\system32\drivers\tdx.sys
2010-05-28 02:27 . 2010-01-02 00:33 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2010-05-27 05:15 . 2008-02-29 04:10 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-25 15:21 . 2010-01-12 22:50 -------- d-----w- c:\users\CAllen\AppData\Roaming\uTorrent
2010-05-24 22:33 . 2008-02-29 04:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-18 05:48 . 2009-02-21 02:37 2974 ----a-w- c:\users\CAllen\AppData\Roaming\wklnhst.dat
2010-05-14 22:42 . 2009-11-30 05:48 -------- d-----w- c:\progra~2\Propellerhead Software
2010-05-14 22:42 . 2009-11-30 05:42 -------- d-----w- c:\users\CAllen\AppData\Roaming\Propellerhead Software
2010-05-13 17:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-13 17:13 . 2008-02-29 05:15 -------- d-----w- c:\progra~2\Microsoft Help
2010-05-12 15:21 . 2009-10-03 05:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 23:38 . 2008-07-04 03:22 680 ----a-w- c:\users\CAllen\AppData\Local\d3d9caps.dat
2010-05-03 14:42 . 2009-12-19 17:47 -------- d-----w- c:\progra~2\Radialpoint
2010-05-02 05:15 . 2009-09-10 16:56 -------- d-----w- c:\program files\iTunes
2010-05-02 05:13 . 2008-06-25 17:08 -------- d-----w- c:\program files\Common Files\Apple
2010-04-26 00:23 . 2009-10-07 04:14 -------- d-----w- c:\users\CAllen\AppData\Roaming\vlc
2010-04-25 06:11 . 2010-04-25 06:11 -------- d-----w- c:\program files\Common Files\Java
2010-04-25 06:10 . 2010-04-25 06:10 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-25 06:09 . 2008-02-29 05:45 -------- d-----w- c:\program files\Java
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 20:12 . 2010-04-04 20:11 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-04 20:09 . 2010-04-04 20:08 -------- d-----w- c:\program files\QuickTime
2010-03-05 14:01 . 2010-04-14 13:48 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-03 05:26 . 2010-03-03 05:26 1691 ----a-w- c:\users\CAllen\AppData\Roaming\.purple\certificates\x509\tls_peers\api.screenname.aol.com
2009-12-20 00:33 . 2009-12-19 19:20 6148384 --sha-w- c:\windows\System32\drivers\fidbox.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-05-28_15.38.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-06-01 03:52 66300 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-01 03:52 93226 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-03 04:38 . 2010-06-01 03:52 15270 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1860400135-879163118-3456586307-1000_UserData.bin
- 2008-06-03 04:38 . 2010-05-28 15:12 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-03 04:38 . 2010-06-01 03:41 65536 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-03 04:38 . 2010-05-28 15:12 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-03 04:38 . 2010-06-01 03:41 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-25 16:12 . 2010-05-28 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-25 16:12 . 2010-06-01 03:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-25 16:12 . 2010-05-28 15:25 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-25 16:12 . 2010-06-01 03:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-25 16:12 . 2010-05-28 15:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-25 16:12 . 2010-06-01 03:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-01 03:48 . 2010-06-01 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-28 15:25 . 2010-05-28 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-28 15:25 . 2010-05-28 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-01 03:48 . 2010-06-01 03:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-05 03:57 . 2010-05-29 11:09 320812 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-06-01 03:57 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-28 15:33 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-28 15:33 101350 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-06-01 03:57 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-07-13 50480]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^CAllen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\CAllen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2007-07-13 14:36 50480 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-03-18 22:50 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-02-06 22:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):86,df,45,f0,19,5d,ca,01

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S2 ServicepointService;ServicepointService;c:\program files\Verizon\VSP\ServicepointService.exe [2009-11-18 668912]
S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\DRIVERS\superwebcam.sys [2006-06-27 31872]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-31 c:\windows\Tasks\User_Feed_Synchronization-{6DFFBE1E-577F-4EB1-BBB2-8971CA403F8E}.job
- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\CAllen\AppData\Roaming\Mozilla\Firefox\Profiles\sygs4tdl.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - plugin: c:\program files\Verizon\VSP\nprpspa.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\CAllen\AppData\Local\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\CAllen\AppData\Roaming\Mozilla\plugins\npicaN.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 00:06
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\Drivers\atapi.tsk"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2444)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2010-06-01 00:09:18
ComboFix-quarantined-files.txt 2010-06-01 04:09
ComboFix2.txt 2010-06-01 03:01
ComboFix3.txt 2010-05-28 17:14
ComboFix4.txt 2010-05-28 15:41

Pre-Run: 57,108,451,328 bytes free
Post-Run: 57,074,692,096 bytes free

- - End Of File - - BF86CD5C38DECB59B8F7BCF8CFE2D0FE
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » June 1st, 2010, 7:44 am

drkilljoy,
If you still have no connectivity, please proceed as follows to restore your system to a previous state:
Close and save any documents that you may have open.

Click on the Start button to open your Start Menu.
Click on the All Programs menu option.
Click once on the Accessories Start Menu group.
Click once on the System Tools Start Menu group.
Click once on the System Restore icon. After you click on the icon, if a User Account Control window opens you should click on the Continue button.

You will now be at the System Restore screen. From this screen you can specify the restore point that you would like to restore.

By default, Vista will already have selected a "Recommended restore" option.
This restore point is the last one was made after a new program, driver, or update was installed.
You should select "Choose a different restore point" and press the Next button.
This will bring you to a screen that contains a listing of all the available restore points.

In your case, you need to find a Restore point Prior to 27 May, but as close as possible.
The latest one on either 26 May or 25 May would be best, if available.


You should select the restore point that you would like to use and press the Next button to start the restore process.
Vista will display a Window showing your selected restore point and asking you to confirm that this is the one you would like to restore.
If you would like to select a different restore point press the Back button.
Otherwise you can press the Cancel button to exit System Restore or the Finish button to begin the restore process.
If you selected Finish, Vista will display a second prompt asking you to confirm that you would like to continue the restore.

If you are sure you want to do the restore, then press the Yes button.
Vista will now log you off of the computer and start the System Restore process.
When the restore has been completed, you computer will be restarted and when Vista boots back up it will be restored to its previous state.
When you log in to Vista for the first time after the restore, you will see a message showing that the restore was successful.

If there are any problems with your computer due to the restore operation, you can revert back to your previous settings by going back into the System Restore Utility
and selecting the Undo System Restore option and pressing the Next button.


You should have all the same settings you had at that earlier date, and hopefully your connectivity has been restored.
Post back after you have done this and tell me the results.
Then we can proceed.
Please do not run anything, install anything or remove anything else without telling me.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirect,missing icons on start up

Unread postby drkilljoy » June 1st, 2010, 4:53 pm

I did the system restore point like you said, I choose 5/15/2010 but everything seems to be the same as it was yesterday, I still cant get to the internet either.
drkilljoy
Regular Member
 
Posts: 18
Joined: May 23rd, 2010, 2:20 pm

Re: Google redirect,missing icons on start up

Unread postby askey127 » June 1st, 2010, 7:19 pm

drkilljoy,
Your choice of Restore Point indicates it set back the system files and settings to a time that was even before you first posted on this website.
If it still won't connect to the internet, there are three possibilities for remedy:
1) Take the PC to a repair shop and find out what is wrong with the system.
2) Do a complete System recovery. Your boot menu (watch carefully, it goes by fast) has a function key you can hit during boot up to perform a complete system recovery. It will at least put your system back to the way it was when you bought the machine. This will work if there is nothing wrong with the hardware.
If there is a hardware problem, (motherboard, hard drive, etc.) the repair shop is the only way to fix.
3) You can Contact HP for a complete system disk to perform a Reformat and Re-Installation of windows. This will work if the hard drive is defective, and replaced.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 49 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware