Teenagers Strike Again - More malware!

Please use add/remove programs to uninstall:
Java 2 Runtime Environment, SE v1.4.2

Reboot and install:
Java Runtime 6

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

After clicking fix, exit HJT.

The shadow around your mouse is probably set in your mouse properties ...go to the control panel and click on mouse and change it.

How are things running now?
What problems are you still having?
Attach a new HJT log.

 

Let's try resetting your browser ....
Please copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Tell me if that helped.

 

You may uninstall Counterspy as it is a trial application.

You said the registry patch merged successfully but you still can not use the internet in normal mode ...what exactly happens? Or doesn't happen?

Try running
IEFix.

Run HJT in safe mode and attach the log.

 

You have start pages in safe mode but not in normal mode...attach a Get Run log from both normal and safe modes ...
Did you do any registry "cleaning" prior to posting here?

Have you tried uninstalling Firefox and re-installing?

One other question ....have you compared your IE and Firefox settings between safe and normal modes? Esp. security settings.

 

What do you have set as your homepage in normal mode? If it will not stick:
In IE, click on Tools>Internet Options>Advanced tab, and scroll down to the 'Browsing' section.
Uncheck the box next to "Enable third-party browser extensions (requires restart)"> 'OK'.
This will disable all IE extensions, toolbars, browser helper objects (BHO's)- some of which you might want to keep. You can re-enable the wanted ones later.(Note that your HJT log in normal mode shows no BHO's).
Close all instances of IE, then restart it.
See if you can now reset your homepage to the URL of choice, using the standard method.
If you can, and the Homepage you want 'sticks' after subsequent restarts, then one of the IE extensions that you disabled is responsible. To determine which one, you will have to disable them selectively, one by one, til you find the guilty party.

The other possibility is that Spybot is stopping any changes:
Open Spybot>Mode>Advanced Mode>Tools>IE tweaks. Uncheck the 2 boxes next to the entries that begin "Lock IE..." Reboot

Or your Firewall is doing the same.

The items from your Panda and Bitdefender scans have been taken care of ...you are malware free ...

Yes...try setting your security back to default. And it wouldn't hurt to uninstall Firefox and reinstall to see if that makes a difference.

Also, please click Start, and then click Run.
In the Open box, type regedit, and then click OK.
In Registry Editor, locate the following subkey, if it exists:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
See if the ResetWebSettings value or the HomePage value exists in this key,

 

That would do it .....
If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
* Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
8. If you are running Windows XP or Windows ME, do the below:
* go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
* Then reboot and Enable System Restore to create a new clean Restore Point.
9. After doing the above, you should work thru the below link:
* How to Protect yourself from malware!