i know for a fact i have the google redirect virus. i have tried downloading and using both hjt and malwarebytes. but google is killing them and wont let them load. abotu a week or so ago i had another virus that was showing as loading a.exe. and then b.exe and c.exe. and so on. i got rid of that myself by hand just deleting those files and what i thought was connceted with it. so its been just redirects now that i have been putting up with. i think it has soemthing to do with my you tube account i recently opened. i hate google. so today i was readign more about this on another site and it was saying something about uninstalling it. no such thing but anyway. when i hovered on control panel from my start menu. my icons and start menu bar disappeared. and i could not go back and restore from any date. so fasr i read on here to download and run win32diag.exe. i have it ready to post. and will do so in the next post. thank you for your post and please excuse my spelling i type too fast sometimes. i did finally get my icons and start menu bar back. after the restore failed.
Running from: C:\Documents and Settings\user1\Desktop\Win32kDiag.exe
Log file at : C:\Documents and Settings\user1\Desktop\Win32kDiag.txt
WARNING: Could not get backup privileges!
Searching 'C:\WINDOWS'...
Found mount point : C:\WINDOWS\$hf_mig$\KB968389\KB968389
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\addins\addins
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Config\Config
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Debug\UserMode\UserMode
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Drivers\Intel\Graphics\Graphics
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ftpcache\ftpcache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\chsime\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imejp98\imejp98
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\ime\shared\res\res
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\classes\classes
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\java\trustlib\trustlib
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Minidump\Minidump
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\msapps\msinfo\msinfo
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\mui\mui
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\UserDumps
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\BATCH\BATCH
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Config\CheckPoint\CheckPoint
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\HelpFiles\HelpFiles
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\InstalledSKUs\InstalledSKUs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\System_OEM
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PCHEALTH\HELPCTR\Temp\Temp
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\PIF\PIF
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Registration\CRMLog\CRMLog
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\security\logs\logs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\AuthCabs
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\Download\555558d2c7916b118ad5baef62b18136\backup\backup
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\EventCache\EventCache
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\SoftwareDistribution\SelfUpdate\Registered\Registered
Mount point destination : \Device\__max++>\^
Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment
Mount point destination : \Device\__max++>\^
Cannot access: C:\WINDOWS\system32\eventlog.dll
[1] 2002-08-29 04:40:52 49152 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)
[1] 2008-04-14 06:41:54 61952 C:\WINDOWS\system32\eventlog.dll ()
[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\system32\logevent(2).dll (Microsoft Corporation)
[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\system32\logevent(3).dll (Microsoft Corporation)
[2] 2008-04-14 06:41:54 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)
[2] 2008-04-14 06:41:54 56320 C:\System Volume Information\_restore{921B7F7C-86BD-4328-84F1-FBA1287D34DD}\RP338\A0072120.dll (Microsoft Corporation)
[2] 2008-04-14 06:41:54 56320 C:\System Volume Information\_restore{921B7F7C-86BD-4328-84F1-FBA1287D34DD}\RP338\A0072121.dll (Microsoft Corporation)
Cannot access: C:\WINDOWS\system32\hkcmd.exe
[1] 2004-06-06 12:41:34 118784 C:\WINDOWS\system32\hkcmd.exe ()
[1] 2004-06-06 12:41:34 118784 C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\hkcmd.exe (Intel Corporation)
Cannot access: C:\WINDOWS\system32\igfxtray.exe
i also read in the other thread to try and rename hjt. but i cant get it to do anyhting and the bug shuts me down. i dont have access to it to rename it. please help me. i cant loose the files i have on the computer right now. any other tiem would be fine. not right now though. i have been emailing stuff off to get copies but i still cant lose soem of them that are to large for email.
i did a manual virus scan last night and came up with this spyware. generic.ce
"Spyware"
"File";"Infection";"Result"
"\\?\globalroot\Device\__max++>\5C2184BC.x86.dll";"Spyware Generic.CE";"Potentially dangerous object"
"\\?\globalroot\Device\__max++>\5C2184BC.x86.dll";"Spyware Generic.CE";"Potentially dangerous object"
"\\?\globalroot\Device\__max++>\5C2184BC.x86.dll";"Spyware Generic.CE";"Potentially dangerous object"
"\\?\globalroot\Device\__max++>\5C2184BC.x86.dll";"Spyware Generic.CE";"Potentially dangerous object"
"\\?\globalroot\Device\__max++>\5C2184BC.x86.dll";"Spyware Generic.CE";"Potentially dangerous object"
"C:\Program Files\Java\jre6\bin\jqs.exe (2032)";"Spyware Generic.CE";"Potentially dangerous object"
"C:\Program Files\Outlook Express\msimn.exe (852)";"Spyware Generic.CE";"Potentially dangerous object"
"C:\WINDOWS\system32\LEXPPS.EXE (1368)";"Spyware Generic.CE";"Potentially dangerous object"
"C:\WINDOWS\system32\spoolsv.exe (1352)";"Spyware Generic.CE";"Potentially dangerous object"
"C:\WINDOWS\system32\svchost.exe (860)";"Spyware Generic.CE";"Potentially dangerous object"
i am pretty literate with htis kind of stuff but i need help to finish this thing off. so lets go i am ready.