Task manager missing

Your son is what we commonly call a Spyware Collector. He has a load of problems.

First go to Add/Remove programs and uninstall
Viewpoint Manager
Viewpoint Toolbar
Kazaa or Kazaa K++
P2P Networking
Grokster or Grokster Wiseupdt
HOTLLAMA MEDIA
MaxSpeed
WeatherBug

And also consider uninstalling (and not using the other P2P applications) like Ares Lite. Many of your sons problems more than likely came from downloading using these P2P applications.

Now run this to remove more of the malware Kazaa has installed: Kazaa Spyware Removal

Do you know what the below is:
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe

 

After doing what was in my last message (and answering questions too) continue here.

Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to windows update ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

windows update

Now exit HJT but do not reboot when it tells you it needs to. We will do that further down after running HJT again to fix some other items.

Make sure viewing of hidden files is enabled (per the tutorial).

Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.
C:\WINDOWS\system32\w1nupd.exe
C:\WINDOWS\System32\cfgmgr32.exe
C:\WINDOWS\System32\msmsgsz.exe
C:\WINDOWS\System32\mstc.exe
C:\WINDOWS\System32\r?ndll32.exe
C:\WINDOWS\System32\msmsgsz.exe

After killing all the above processes, click "Back".
Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ghdbwehtbicbrtlwvzwudqgh.com/jR7uxu0y/kbpOT4pc40r1Bpc7ISC_3rMXxz5HQF8LiXRGk_2O24dwOOXx4ddaVbt.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.popupsearches.com/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bzmusjzawtlth.com/jR7uxu0y/kYYCT8O2Ef39z/qp1Wwg70om4Gkw1J2Wsk.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
F2 - REG:system.ini: Shell=explorer.exe w1nupd.exe
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O2 - BHO: ohb - {285B5CCD-C3F0-4EB6-9632-7D0A3C3AF824} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O2 - BHO: (no name) - {F03ECA7F-F826-B0DD-D829-D0A0DDC007E1} - C:\DOCUME~1\CHRISG~1\APPLIC~1\ACEDEB~1\AcidSend.exe
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [36b223e11bd9] C:\WINDOWS\System32\cfgmgr32.exe
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [Winsock2 firmware] SCVHOST.EXE
O4 - HKLM\..\Run: [Messenger Service] msmsgsz.exe
O4 - HKLM\..\Run: [Microsoft Domain Controller] C:\WINDOWS\System32\mstc.exe
O4 - HKLM\..\Run: [WindowsUpd] w1nupd.exe
O4 - HKLM\..\Run: [drive ante regs this] C:\Documents and Settings\All Users\Application Data\coal the drive ante\jugs lies.exe
O4 - HKLM\..\Run: [System Configuration] msconfig.exe
O4 - HKLM\..\RunServices: [Messenger Service] msmsgsz.exe
O4 - HKLM\..\RunServices: [System Configuration] msconfig.exe
O4 - HKCU\..\Run: [4 That] C:\DOCUME~1\CHRISG~1\APPLIC~1\SAFEME~1\sizeinside.exe
O4 - HKCU\..\Run: [areslite] "C:\Program Files\Ares Lite Edition\AresLite.exe" -h
O4 - HKCU\..\Run: [Aaou] C:\Documents and Settings\CHRIS G\Application Data\othb.exe
O4 - HKCU\..\Run: [Ddi] C:\WINDOWS\System32\r?ndll32.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Messenger Service] msmsgsz.exe
O4 - HKCU\..\Run: [Microsoft Windowsx DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [System Configuration] msconfig.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\RunOnce: [WindowsUpd] w1nupd.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA MEDIA\Player\WiseUpdt.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupdatednews.com/install/aun_0015.exe

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):
C:\Program Files\AWS <--- the whole folder
C:\Program Files\HOTLLAMA MEDIA <--- the whole folder
C:\Documents and Settings\CHRISG~1\Application Data\SAFEME~1 <--- the whole folder
C:\Documents and Settings\All Users\Application Data\coal the drive ante <--- the whole folder
C:\Documents and Settings\CHRIS G\Application Data\ACEDEB~1 <--- the whole folder
C:\Documents and Settings\CHRIS G\Application Data\othb.exe
C:\WINDOWS\services.exe
C:\WINDOWS\System32\w1nupd.exe
C:\WINDOWS\System32\ms.exe
C:\WINDOWS\System32\msconfig.exe
C:\WINDOWS\System32\mstc.exe
C:\WINDOWS\System32\D0CE0C16B1.DLL or D0CE0C16B1.EXE
C:\WINDOWS\System32\E6F1873B.DLL
C:\WINDOWS\System32\cfgmgr32.exe
C:\WINDOWS\System32\SCVHOST.EXE <--- be careful!!! This is scvhost.exe not svchost.exe. DO NOT delete svchost.exe
C:\WINDOWS\System32\msmsgsz.exe
C:\WINDOWS\System32\windir32.exe


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure to tell me how things are working now. Can you get online? If so, run the Panda Active Scan now and attach a log.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Just continue with the rest of message # 3. We can come back to the others later and they may be removed easier once those steps have been finished.

 

Okay so know see if you can do the below which we tried to do before. Some of these may not be in Add/Remove programs. Just tell me which ones you find or do not find and which uninstalled successfully. You still have a LOP infection.

First go to Add/Remove programs and uninstall
Viewpoint Manager
Viewpoint Toolbar
Kazaa or Kazaa K++
P2P Networking
Grokster or Grokster Wiseupdt
HOTLLAMA MEDIA
MaxSpeed
WeatherBug

And also consider uninstalling (and not using the other P2P applications) like Ares Lite. Many of your sons problems more than likely came from downloading using these P2P applications.

Now run this to remove more of the malware Kazaa has installed: Kazaa Spyware Removal

 

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wvsrfwcwhqppthfzawx.com/jR7uxu0y/kbpOT4pc40r1Bpc7ISC_3rMXxz5HQF8LiU4PREnpJRfROOXx4ddaVbt.php
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] "C:\Program Files\Kazaa K++\kpp.exe" "C:\Program Files\Kazaa K++\Kazaa.kpp" /SYSTRAY
O23 - Service: windows update - Unknown owner - C:\WINDOWS\services.exe (file missing) <---- Let me know if you get an error about fixing this line

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Viewpoint <--- the whole folder
C:\WINDOWS\System32\P2P Networking <--- the whole folder
C:\Program Files\Kazaa K++ <--- the whole folder
C:\WINDOWS\services.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST). While CCleaner is open also click on Tools and then make sure Uninstall is selected. The locat the Viewpoint Toolbad and select it. The click Run Uninstaller. If that does not uninstall it, click Delete Entry. Let me know if this worked.

Now we need to Reset Web Settings:
1) If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2) Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3) If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.
Make sure you tell me how things are working.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You should try again using CCleaner to Uninstall or Delete Kazaa from the Add/Remove programs list.

Do all user accounts on this PC have the same problem with internet connectivity and the Start button missing?

 

We missed on entry from Viewpoint to fix with HJT:
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

Let's see if the below fixes you Taskbar issue
Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Boot in safe mode and use the Administrator account (not your sons) and see if there is a Taskbar. Then also try logging into your sons account in safe mode (his account will only appear in safe mode if it is an account with admin priviledges). If you can login in safe mode to his account, is the Taskbar present?

 

Have you checked the wireless setup to make sure everything is setup properly? The Channel, the encryption keys etc?

Is the wireless card getting an IP address assigned from the router?

 

Also you may want to read this link:

Taskbar Is Missing When You Log On to Windows

 

I really don't think at this point that you are having issue with malware and you may have to start asking questions in the Software Forum. But first look to see if you can find any of the below files:

C:\Program Files\Common Files\Media\Otms.exe
C:\Program Files\Common Files\Media\OTDock.dll
C:\Program Files\Common Files\Media\Otglove.dll
C:\Program Files\Common Files\Media\Otupdate.exe
C:\Program Files\Common Files\Media\Winsrvc.dat
C:\Program Files\Common Files\Media\Winsrvc.exe

 

You should also do this:

Click Start, Run, and enter cmd and click Ok. This opens a command prompt window. At the command prompt enter the below command. Tell me if it finds any problems. It may ask for you Win XP CD.

sfc /scannow

 

Which process is using all the CPU time? If you are going to tell me System Idle Process, that is not a process. It is measure of free CPU time.

Is your McAfee AV upto date with definitions?

 

You HJT log is clean (to be expected since we remove the baddies earlier). However you can do the below.

Look in Add/Remove Programs for the below and uninstall if found:
wintools
MyWay

Use Windows Explore to navigate to the below (these are from the Panda log) and delete them:
C:\Documents and Settings\CHRIS G\Favorites\GIFTS FOR HER\Fredericks Of Hollywood Holiday Deals.url
C:\Documents and Settings\LocalService\Application Data\SafeMealRoam\sizeinside.exe
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar[isearch.js]
C:\PROGRAM FILES\COMMON FILES\Totem Shared
C:\PROGRAM FILES\MyWay
C:\WINDOWS\SYSTEM32\cache32_dsktptr
C:\WINDOWS\system32\desktrf-bundles-hightrafficmedia2.exe
C:\WINDOWS\system32\dun.exe
C:\WINDOWS\INF\satmat.inf
C:\WINDOWS\kwv2.dat
C:\WINDOWS\switpc.dat
C:\WINDOWS\cdmxtras
C:\WINDOWS\inst
C:\TEMP\salmau.dat

 

You're welcome! Now that you are clean, you should work thru the below link:

How to Protect yourself from malware!