Virus and or malware??

I'm having a problem with my dad's computer. IE and Firefox won't connect to the internet, the only thing that I can connect with is AOL. I was trying to remove the existing anti-virus that was originally provided by his ISP (Norton) and upgrade to McAfee. I'm currently stuck with no Antivirus package, the firewall settings have been greyed out so I can't make any changes there. I've tried to restore the system to an earlier date. The problem still exists.

I've run Malwarebytes, Adaware and Spybot S&D, they've cleaned out some junk but the problem still exists. I found and removed Malware protect 2009.

I'm trying to avoid reformatting the hard drive and or bringing the computer to a pro. Can you help me?

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Can I down load it to disc from another PC. I thing it's blocking me from downloading?

Sure.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:31 PM, on 4/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/storefront/user/home.jsp?p_contact_id=791681518&p_checksum=6058888d1232c9deab5c5d852e484053&p_vendor_id=001&p_vendor_tag=7PBHC51&p_cversion=241
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PrimaLauncher] C:\WINDOWS\System32\Launcher.exe
O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {07A7ED15-4730-560E-A7BC-3D9C5AB0294C} - http://85.255.115.229/1/gdnUS250.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - http://85.255.115.229/1/gdnUS250.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {77949A88-0994-1AA4-D973-192668BA29A9} - http://85.255.115.229/1/gdnUS250.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\PROGRA~1\Symantec\isPwdSvc.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 12237 bytes

Hello.
Bad news.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

• Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  
• Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  
• Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  
• From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
  

Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

What kid of effort will it require to try to fix this mess? Would it be easier to go to a local pro?

Hello.
No, a local tech will probably charge you, we do this for free. I was just warning you that some malware showing from your Hijack This log are backdoor IRC-bots.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
  O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
  O4 - HKLM\..\Run: [rock] rock.exe
  O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
  O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
  O16 - DPF: {07A7ED15-4730-560E-A7BC-3D9C5AB0294C} - http://85.255.115.229/1/gdnUS250.exe
  O16 - DPF: {77949A88-0994-1AA4-D973-192668BA29A9} - http://85.255.115.229/1/gdnUS250.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/10/2009 6:34:14 PM
mbam-log-2009-04-10 (18-34-14).txt

Scan type: Quick Scan
Objects scanned: 88139
Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

DDS (Ver_09-03-16.01) - NTFSx86
Run by marino limauro at 19:41:38.67 on Fri 04/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.542 [GMT -4:00]

AV: Norton Security Online *On-access scanning enabled* (Updated)
FW: Norton Security Online *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\Launcher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\WINDOWS\system32\rundll32.exe
E:\LaunchU3.exe
C:\Documents and Settings\marino limauro\Application Data\U3\2845000EC5C2E7F1\Intro\U3Introduction.exe
F:\dds.scr
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?p_contact_id=791681518&p_checksum=6058888d1232c9deab5c5d852e484053&p_vendor_id=001&p_vendor_tag=7PBHC51&p_cversion=241
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\searchsuggest\YSearchSuggest.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {C17590D2-ECB4-4B15-8820-F58798DCC118} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.2.911.3380\GoogleToolbarNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [PrimaLauncher] c:\windows\system32\Launcher.exe
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [HostManager] c:\program files\common files\aol\1182108996\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TomTomHOME.exe] "c:\program files\tomtom home\TomTomHOME.exe" -s
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [YOP] c:\progra~1\yahoo!\yop\yop.exe /autostart
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\progra~1\symantec\osCheck.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - hxxp://85.255.115.229/1/gdnUS250.exe
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2007-1-10 108648]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\PPSIO2.SYS [2005-8-24 22400]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-4-10 38496]
R3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2008-10-3 1174664]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20090208.016\naveng.sys --> c:\progra~1\common~1\symant~1\virusd~1\20090208.016\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20090208.016\navex15.sys --> c:\progra~1\common~1\symant~1\virusd~1\20090208.016\NAVEX15.SYS [?]

=============== Created Last 30 ================

2009-04-10 17:14 --d----- c:\program files\Trend Micro
2009-04-10 09:55 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-10 09:55 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-10 09:30 208,744 a------- c:\windows\system32\muweb.dll
2009-04-10 09:30 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-09 22:56 --d----- c:\program files\Spybot - Search & Destroy
2009-04-03 12:31 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-02 19:46 --d----- c:\program files\Mozilla Firefox(2)
2009-04-02 19:20 -cd----- c:\windows\ie8(2)
2009-04-02 18:14 --d----- c:\documents and settings\marino limauro\IECompatCache
2009-04-02 18:09 --d----- c:\documents and settings\marino limauro\PrivacIE
2009-04-02 18:06 --d----- c:\documents and settings\marino limauro\IETldCache
2009-04-02 18:00 --d----- c:\windows\ie8updates
2009-03-24 18:18 --d----- c:\docume~1\marino~1\applic~1\Malwarebytes
2009-03-24 18:18 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 18:18 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-23 12:11 79 a------- c:\windows\delay2.reg
2009-03-23 11:46 35,262 a------- c:\windows\marino limauro000.acl
2009-03-13 20:28 410,984 a------- c:\windows\system32\deploytk.dll

==================== Find3M ====================

2009-04-09 21:18 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-09 21:18 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-03-23 12:11 124,464 ac------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-23 12:11 60,808 ac------ c:\windows\system32\S32EVNT1.DLL
2009-03-23 12:11 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-23 12:11 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 07:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 21:07 3,698,584 a------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 22:35 3,594,752 -------- c:\windows\system32\dllcache\mshtml.dll
2008-04-05 17:04 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-01-18 00:27 0 ac------ c:\docume~1\marino~1\applic~1\Install.dat
2006-11-05 14:36 560 ac------ c:\program files\Global.sw
2008-09-29 19:46 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat

============= FINISH: 19:42:14.23 ===============

Hello.
DDS looks good, lets see what's installed.

• Open HijackThis.
  
• When Hijack This opens, click "Open the Misc Tools section"
  
• Then select "Open Uninstall Manager"
  
• Click on "Save List..." (generates uninstall_list.txt)
  
• Click Save, copy and paste the results in your next post.
  

Ad-Aware
Adobe Acrobat Reader 3.01
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Shockwave Player
AOL Instant Messenger
AOL Toolbar 5.0
AOL Uninstaller (Choose which Products to Remove)
AppCore
AT&T Yahoo! Applications
AV
Broadcom Management Programs
BroadJump Client Foundation
ccCommon
Dell Solution Center
Dell Support Center (Support Software)
DellSupport
dMC Power Pack
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Product Detection
HP Solution Center & Imaging Support Tools 5.3
HP Update
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Protection Center
Primax Colorado 600p/1200p (CD required)
QuickTime
RealPlayer
Rhapsody Player Engine
Security Task Manager 1.7f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Skype 3.6
SPBBC 32bit
SymNet
TomTom HOME
TomTom HOME
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Viewpoint Media Player
Windows Defender Signatures
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinZip 11.2
Yahoo! Search Suggest Add-on for IE7

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

• Adobe Acrobat Reader 3.01
  
• J2SE Runtime Environment 5.0 Update 3
  
• Java 2 Runtime Environment, SE v1.4.2_03
  
• Java(TM) 6 Update 5
  
• Java(TM) 6 Update 7
  
• Viewpoint Media Player
  

Then download and install Adobe Reader 9.1

How is the machine running now?

adobe reader won't download
internet explorer opens momentarily the shuts down
i also can't open internet options

i'm suspecting a firewall issue?

I doubt a firewall issue.
If it was the firewall, IE would stay open but just say it can't find a connection.

I'm suspecting a rootkit hidden deep down.
Note: If Norton warns you of a "C:\cleanup.exe" trying to run on reboot, please allow it to do so. It's part of the avenger.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

• Click on Avenger.zip to open the file
  
• Extract avenger.exe to your desktop
  

2. Now, start The Avenger program by clicking on its icon on your desktop.

• Leave the script box empty.
  
• Leave the ticked box "Scan for rootkit" ticked.
  
• Then tick "Disable any rootkits found"
  
• Now click on the Execute to begin execution of the script.
  
• Answer "Yes" twice when prompted.
  
  The Avenger will automatically do the following:
  
  
• It will Restart your computer.
  
• On reboot, it will briefly open a black command window on your desktop, this is normal.
  
• After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  
• The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
  

3. Please copy/paste the content of c:\avenger.txt into your reply.

Last edited by Belahzur on 11th April 2009, 1:28 pm; edited 1 time in total

I'm sorry, I can't seem to locate the script??

Sorry, my mistake. It was late last night when I put that post up. I've edited my post now.

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

Hello.
No rootkit.

I think you were right in the first place. Norton might be causing this.
This line is from your DDS log:

FW: Norton Security Online *enabled*

FW stands for FireWall, so lets try disabling the Norton Firewall (Note: Do not disable the AV, just disable the firewall)

Guide for how to do so in this link:

http://www.bleepingcomputer.com/forums/index.php?showtopic=114351&st=0&p=649845&#entry649845

Once it's disabled, let me know if you have internet access.

I can't access the firewall settings through Norton or control panel??

You can't get to it via opening Norton in the tray and clicking the "Norton Internet Security" tab?

If you can't, we can try the long way around and uninstall Norton all together and replace with Avira.

in Windows security center, under Windows Firewall it says:
"For your security, some settings are controlled by group policy"
all of the settings are greyed out.
My other computers are not like this!!

Try this [second method] on this page:
http://windowsxp.mvps.org/resetfwpol.htm

I had to use the first method because I don't have XP Pro,
It worked I know have access to the firewall settings.

I tries to run IE and it still shuts down as soon as it opens up.

That's windows firewall. It's the Norton firewall that might causing the problem.

I went to Norton firewall access button, nothing happens after clicking.

Want to try uninstalling Norton and see what happens?

Lets do it!!

Completely Uninstall Norton software using:

• SymNRT.exe
  

Instructions

1. Please download and save SymNRT.exe to your desktop.
   
2. Close all programs and double click on the tool.
   
3. Follow the on-screen instructions.
   
4. Restart the computer if asked.
   
5. Then delete the SymNRT.exe tool from your desktop.
   
6. Open the Program Files folder on your local disk ( normally C: )
   
7. Find and delete the following folders (if present):
   [list]
   
8. Norton AntiVirus
   
9. Norton Internet Security
   
10. Norton SystemWorks
    
11. Norton Personal Firewall
    

Note: Do not browse the net after this, because you won't be protected. Just let me know if IE stays open.

Ok IE opened for about 45seconds then it closed, after that I tried again, just as soon as the Google page appears it shuts back down.

Hmm.

Please install Avira antivirus otherwise you won't be protected.

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.

Please run a GMER Rootkit scan:

Download GMER's application from here:
http://www.gmer.net/gmer.zip

Unzip it and start the GMER.exe
Click the Rootkit tab and click the Scan button.

Once done, click the Copy button.
This will copy the results to your clipboard.
Paste the results in your next reply.

Warning ! Please, do not select the "Show all" checkbox during the scan.

If you're having problems with running GMER.exe, try it in safe mode.
This tools works in safe mode. Other rootkitrevealers don't.
The log might be huge, if so, please upload it to mediafire.com for me.

I think it maybe easier to use Firefox rather than Internet Explorer, if this next tool doesn't find anything then IE maybe damaged by the malware.

• Download combofix from here
  Link 1
  Link 2
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV. (Avira)
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-04-04.01 - marino limauro 2009-04-11 19:17:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.601 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\marino limauro\Application Data\Install.dat
c:\program files\msmovies
c:\program files\msmovies\p.zip
c:\windows\system32\drivers\fad.sys
c:\windows\system32\launcher.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.

2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\windows\LastGood
2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\program files\Avira
2009-04-11 14:01 . 2009-04-11 14:01 d-------- c:\documents and settings\All Users\Application Data\Avira
2009-04-11 14:01 . 2009-02-13 11:31 55,640 --a------ c:\windows\SYSTEM32\DRIVERS\avgntflt.sys
2009-04-10 19:41 . 2009-04-11 19:15 d-------- c:\documents and settings\marino limauro\Application Data\U3
2009-04-10 17:14 . 2009-04-10 17:14 d-------- c:\program files\Trend Micro
2009-04-10 09:55 . 2009-04-06 15:32 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-04-10 09:55 . 2009-04-06 15:32 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-04-10 09:30 . 2008-10-16 14:06 268,648 --a------ c:\windows\SYSTEM32\mucltui.dll
2009-04-10 09:30 . 2008-10-16 14:06 208,744 --a------ c:\windows\SYSTEM32\muweb.dll
2009-04-09 22:56 . 2009-04-09 22:58 d-------- c:\program files\Spybot - Search & Destroy
2009-04-03 12:31 . 2008-10-16 14:06 27,496 --a------ c:\windows\SYSTEM32\mucltui.dll.mui
2009-04-02 19:46 . 2009-04-10 09:23 d-------- c:\program files\Mozilla Firefox(2)
2009-04-02 19:36 . 2009-04-10 09:23 d-------- c:\program files\Windows Live Safety Center
2009-04-02 19:20 . 2009-04-10 09:23 d----c--- c:\windows\ie8(2)
2009-04-02 18:14 . 2009-04-02 18:14 d-------- c:\documents and settings\marino limauro\IECompatCache
2009-04-02 18:12 . 2009-04-02 18:12 d-------- c:\documents and settings\LocalService\IETldCache
2009-04-02 18:09 . 2009-04-02 18:09 d-------- c:\documents and settings\marino limauro\PrivacIE
2009-04-02 18:06 . 2009-04-02 18:06 d-------- c:\documents and settings\marino limauro\IETldCache
2009-04-02 18:00 . 2009-04-10 09:24 d-------- c:\windows\ie8updates
2009-04-02 16:41 . 2009-04-02 16:57 d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-03-24 18:18 . 2009-04-10 09:55 d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-24 18:18 . 2009-03-24 18:18 d-------- c:\documents and settings\marino limauro\Application Data\Malwarebytes
2009-03-24 18:18 . 2009-03-24 18:18 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-23 12:11 . 2003-04-17 20:26 79 --a------ c:\windows\delay2.reg
2009-03-23 11:46 . 2009-03-23 11:46 35,262 --a------ c:\windows\marino limauro000.acl
2009-03-13 20:28 . 2009-03-13 20:27 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-11 17:32 --------- d-----w c:\documents and settings\marino limauro\Application Data\Skype
2009-04-11 17:09 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-11 17:07 --------- d-----w c:\program files\Norton AntiVirus
2009-04-11 17:07 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-11 01:08 --------- d-----w c:\program files\Java
2009-04-11 01:08 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-10 13:26 --------- d-----w c:\program files\AOL 9.1a
2009-04-10 13:25 --------- d-----w c:\program files\Yahoo!
2009-04-10 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-10 01:18 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-04-10 01:18 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-04-10 00:45 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-04-09 23:34 --------- d-----w c:\documents and settings\marino limauro\Application Data\skypePM
2009-02-09 11:13 1,846,784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2009-01-17 02:35 3,594,752 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-04-05 21:04 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-11-05 18:36 560 -c--a-w c:\program files\Global.sw
2008-09-29 23:46 32,768 -csha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008092920080930\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-01 21898024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AOL Fast Start"="c:\program files\AOL 9.1a\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"HostManager"="c:\program files\Common Files\AOL\1182108996\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-03-14 3770024]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-13 185896]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"YOP"="c:\progra~1\Yahoo!\YOP\yop.exe" [2007-10-26 509224]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-23 66864]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-07-11 61440]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1182108996\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\AOL 9.1a\\waol.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-11 108289]
R2 ppsio2;PPDevice;c:\windows\SYSTEM32\DRIVERS\PPSIO2.SYS [2005-08-24 22400]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ANTIVIRSCHEDULERSERVICE
*NewlyCreated* - ANTIVIRSERVICE
*NewlyCreated* - AUJASNKJ
*NewlyCreated* - AVGIO
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
*NewlyCreated* - SSMDRV
*Deregistered* - ATWPKT2
*Deregistered* - aujasnkj

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4ebbd0d-5bd0-11dc-9a58-00038a000015}]
\Shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Yahoo! Pager - c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe
HKLM-Run-PrimaLauncher - c:\windows\System32\Launcher.exe
HKLM-Run-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://renewalcenter.symantec.com/storefront/user/home.jsp?p_contact_id=791681518&p_checksum=6058888d1232c9deab5c5d852e484053&p_vendor_id=001&p_vendor_tag=7PBHC51&p_cversion=241
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - hxxp://85.255.115.229/1/gdnUS250.exe
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-11 19:19:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-04-11 19:21:53
ComboFix-quarantined-files.txt 2009-04-11 23:21:12

Pre-Run: 55,153,799,168 bytes free
Post-Run: 55,557,574,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

171 --- E O F --- 2009-04-11 02:41:57

Any better now?

ie opens momentarily then closes, so i'd say no better.

I tried to install Firefox, it won't download. ????
Something holding it up.

Hello.
Please post a new Hijack This log, there's a few things I want to try.

Thanks for your valiant effort!!!!!!!!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:58:12 PM, on 4/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AOL 9.1a\waol.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AOL 9.1a\shellmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/storefront/user/home.jsp?p_contact_id=791681518&p_checksum=6058888d1232c9deab5c5d852e484053&p_vendor_id=001&p_vendor_tag=7PBHC51&p_cversion=241
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Yahoo! IE Suggest - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\SearchSuggest\YSearchSuggest.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - http://85.255.115.229/1/gdnUS250.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

--
End of file - 7940 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://renewalcenter.symantec.com/storefront/user/home.jsp?p_contact_id=791681518&p_checksum=6058888d1232c9deab5c5d852e484053&p_vendor_id=001&p_vendor_tag=7PBHC51&p_cversion=241
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182108996\ee\AOLSoftware.exe
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
  O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
  O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
  O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
  O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
  O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
  O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1a\AOL.EXE" -b
  O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
  O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
  O16 - DPF: {5440FCEA-B8F7-235F-D8BE-03BD0794AE9E} - http://85.255.115.229/1/gdnUS250.exe
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.
Your startup should be quicker, but we've also killed 2 lines that have effects on Internet Explorer.

Let me know how it is after a reboot.

ie still shuts down and Direfox will not load???

Hello.
Just to clarify, you can access firefox.com, but not download it?

Find both of these folders in bold:

c:\program files\Mozilla Firefox(2)
c:\windows\ie8(2)

Right click each and remove the (2).
Any luck now?

Yes, I can access firefox.com, but nothing happens when i try to download.

I'll try finding those files and give it a try.

New idea.

Go to Start > Run. In the run box, copy and paste this in:

ipconfig /flushdns

Hit enter.

• Now open a new notepad file.
  
• Input this into the notepad file:
  

  
  Windows Registry Editor Version 5.00
  
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
  [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
  [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges]
  [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains]
  
  

  
  
• Save this as fix.reg, save it to your desktop.
  
• DO NOT run it yet.
  

Now disconnect from the internet. If you are on a router, pull the cable out temporarily.

Back on the Desktop, double-click on the fix.reg file you just saved and click on Yes when asked to merge the information.
Now try connecting to the internet again.

Connect to the internet again.

Hello.

If that doesn't work, try this.

Go to C:\Program Files\Internet Explorer
look for ieproxy.dll
Move it to the system32 folder - C:\Windows\System32

Now go to Start > Run and type in:

regsvr32 ieproxy.dll

and press Enter.
Now try launching IE7 now.

i don't see c:\Windows\System32

the closest folder is c:\Windows\System

I tried to open internet options via the control panel and it won't open.
That's got to play into this mess somehow.

I'm sorry my very helpfull friend, but I need to get some sleep.
I guess we'll try again tomorrow.

You've been a great help. Thank you!!

Hi!! I've been very busy today with family over for the easter holiday.
I really would like to try to fix this mess for my dad.

If you're still interested in helping, I'll pop back on tomorrow evening.

Thanks again, you've been a great help.