Posts by jholland1964

I asked you to

Please TURN OFF ALL unnecessary programs for now until we get this thing or things off of there.
PunkBuster
Steam
Quicktime
iPod
Windows Media Player
Spybot - Search & Destroy
Acrobat Reader
Windows Live Messenger

You obviously have not done this because they all are still running.

What is the full error given concerning the turn off of these various programs? Go to the Event Viewer and pick one of the most recent errors and give us the full report

Try turning off Sygate entirely and see if it keeps generating these messages. Did you purchase the program? If so do you have the install disk or install file?

Is the computer running any better? Update MBA-M and run another Full Scan and remove anything found. Reboot and do another HJT scan. Post back here with both logs.

You are using a very old version of HiJackThis. Uninstall it and download the newest version and run a new scan. Please make sure word wrap is turned OFF on your log before posting it as this log is nearly impossible to read.

How is the computer running now?
Update MBA-M and do another Full system scan. Reboot do another HJT scan and post both logs.

Run HiJackThis again and place check marks next to the following entries;

O15 - Trusted Zone: http://yooray.blogspot.com
O15 - Trusted Zone: http://coupons.smartsource.com
O15 - Trusted Zone: www.smartsource.com

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) - http://coupons.smartsource.com/download/cscmv5X.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/dow...in/actxcab.cab

Once you have placed the check marks then click the Fix Checked button.
Exit HJT and Reboot the computer. Try your mail and see what happens.

Please do the following:
download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press the enter key to continue.
ComboFix will create a System Restore point …

Try running MBA-M in safe mode

If you can't update MBA-M then run it without the update. Full scan.

For now don't run it again. I am having Crunchie look at this too. Did you download a NEW version of combofix before you ran it?
Just do the upload of files that I noted and post back with that info ok?

This log appears to be two years old. Did you have problems 2 years ago and run combofix? If so, why wasn't it removed back then? It isn't a program you normally keep on the computer.

Well you obviously have a hijacker on the computer for sure and likely other items. Obviously when Sygate alerts you to this access request be sure to block it.
Please TURN OFF ALL unnecessary programs for now until we get this thing or things off of there.
PunkBuster
Steam
Quicktime
iPod
Windows Media Player
Spybot - Search & Destroy
Acrobat Reader
Windows Live Messenger
Are the ones I see, any others you can think of do the same.

Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Update your MBA-M program.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the …

Run HJT again and place a check mark next to the following entries if they remain;

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://google.com/[/url]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing

Once you have placed the check marks click the Fix Checked button.
Exit HJT.
Reboot the computer.
Next do the following:
Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

• You will need to use Internet Explorer to to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scan log ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

Again Reboot the System.
Run a new HJT scan and save the log. Post back here with both logs.

You need to begin YOUR OWN thread, this one is six months old. To answer your question, if by going back to Factory Settings you mean actually wiping the drive and then installing, yes, infections would probably be removed but if by restore you mean just reinstall over present operating system then no, probably not.
I cannot say for sure why you cannot fully boot the machine without disabling the wireless hook up but honestly don't believe the Spybot run would have caused this.
Have you tried to boot in Safe Mode with Networking and see if that works?

To ALL EXCEPT original poster Inlovewithnight, you need to begin YOUR OWN threads and not hijack another person's thread. NO two computers are identical and even though problems may seem identical they rarely are. You can follow the instructions I give to Inlovewithnight but post the results on your OWN threads.

Inlovewithnight,
Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access
RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

You are running TWO anti-virus programs, AVG and Avira. Uninstall AVG completely. Reboot the system and see if that makes a difference.
Then run another HJT scan and post that new log.

First of all turn off that BitTorrent program and ALL OTHER P2P programs until the computer is clean, this may very well be how you got the infection.
Second, you only ran the Quick Scan with MBA-M. Please run a Full System scan now and Remove Everything found. Post back with that log.
Third, your HiJackThis is WAY out of date. The newest version has been available for well over a year. Uninstall your current HiJackThis and download the NEW version. Run a Full Scan with it and post that new log here.
Judy

I need to see the TOP of the log, the part that reads like this:
Malwarebytes' Anti-Malware 1.38
Database version: 2319
Windows 5.1.2600 Service Pack 3

06/21/2009 2:11:38 PM
mbam-log-2009-06-21 (14-11-38).txt

Scan type: Quick Scan
Objects scanned: 105155
Time elapsed: 7 minute(s), 56 second(s)

However, the Google redirect problem still exists.. What else can i try?

You have to give it time here, this is not the only step you will need to do. Run a new HJT scan and post the log

Why did you run combofix twice? Can you please post the log from the first time you ran it?
You need to go to http://virusscan.jotti.org/en
and upload the following files and allow them to be scanned there. It will give you a log for each file uploaded. Please post back with those logs. Here are the files you need to upload there.
c:\documents and settings\Scotty\Application Data\fllhwuii
c:\documents and settings\All Users\Application Data\AOL OCP\AIM\Storage\All Users\SUDS_BBC2683C\CACHE\4426.0.4\vwpt.exe
c:\documents and settings\MelMeL.DGYVC921\Local Settings\Application Data\fllhwuii
c:\documents and settings\MelMeL.DGYVC921\Application Data\fllhwuii
c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us.exe

Post back here with the info on each file from the scans at jotti and also please post that first combofix log for us.

Are you running an anti-virus program or a firewall? If so, disconnect from the internet and then try turning both off and try MBA-M.

Are things better?
Your Java is way, way out of date and should definitely be updated. To do this do the following: Go HERE Download the OFFLINE install and save it to the desktop.
Close all browsers. Go to Control Panel, Add/Remove and Uninstall ALL versions of Java that you find there. Once all are uninstalled then go to that install file on the desktop and double click to install the new version. Once that is complete go back to the download page and on the Right Side you will see Verify Now. Click that to go to the verification page to check to see if your install was complete and correct.
You also are running an old version of IE. I would strongly recommend that you update to IE7 NOT IE8 but IE7 You may be offered IE 8 but politely decline and put a check mark in don't offer this anymore.

Here is the suggestion from the MBA-M site.
Delete that install file, also do a search to be sure it has NOT been installed and just doesn't show.
Then do the following:

Please download Malwarebytes' Anti-Malware to your desktop and save.

In order to get MBAM to install on the PC it will have to be installed under safemode
Note**This is usually not advised as MBAM does not install to its full capabilities under safe mode but for the task in hand it will do the job required.
Once in safe mode and you have your desktop in front of you

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to the following:
* Launch Malwarebytes' Anti-Malware
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

If this does work, installing in Safe Mode and then also running in Safe Mode it is then advised that you again UNINSTALL MBA-M. Download it again and install it again only this time in Normal Mode. Then run another scan with it and have it remove …

That isn't what gerbil requested. HiJackThis was requested.

Run another HJT scan and post that log here.

Thought so, but had to ask. Obviously there is something else at work on there. Do the following:
Download ComboFix, You will get a prompt asking if you want to run or save the file. Choose SAVE and save it to the desk top. DO NOT RUN it YET
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:

* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
Windows may issue a prompt because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
ComboFix is now preparing to run and when it has finished you will see the Disclaimer screen you should press the number 1 key and then press …

I'd still like you to try installing MBA-M. See if you can install it via Safe Mode with Networking so you can get the updates.
Then reboot to Normal mode and see if you can run it.

You have at least one trojan on the system AND you are running TWO anti-virus programs, AVG and BitDefender. An absolute no-no. UNINSTALL one of these immediately.
Run HJT again and place check marks next to the following entries:

O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 security.microsoft.com
O1 - Hosts: 209.44.111.57 inetavirus.com
O1 - Hosts: 209.44.111.57 www.inetavirus.com

Once you have placed the check marks click the Fix Checked button.
Exit HJT.

Then do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Reboot the System.
Please Run the ESET Online Scanner and …

Are you rebooting BEFORE running HJT?

Know the MBA-M scan took a long time but look what it removed, some major infections.
Now you need to do the following;
First go to Add/Remove and Uninstall Viewpoint. This is foistware installed by another program.
Next you should download and install Mike Lin's StartUp Control Panel
Once installed you will find it in your Control Panel with a little computer icon labeled Start Up. Open the program and go through the various tabs you find there. Some will have listings, some will not.
These items listed below are unnecessary start ups which run all the time and consume unnecessary resources. All can be run manually if needed. If you see these remove the check marks from each one you find and then close the program and reboot.
Advanced SystemCare 3
MySpaceIM-this may have listings on more than one tab, remove check mark from all.
FlashPlayerUpdate-this may have listings on more than one tab, remove check mark from all.
Digital Line Detect
Windows Defender
Google Update
Microsoft Office

Next run HiJackThis again and place check marks next to the following entries if they remain:
O2 - BHO: (no name) - {D0E0A352-12AC-4B77-B8AF-EB1B36487C75} - c:\windows\system32\mnpovha.dll
O9 - Extra button: World Poker Exchange - {76028735-BBF1-4044-8DE2-5B90F0C7A77C} - C:\Program Files\WorldPokerExchange\GameClient.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O14 - IERESET.INF: SearchAssistant=
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode …

You definitely have a hijacker on the computer. Please do the following:
Run HJT again and put a check mark next to these entries:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 antivirsystem-pro.microsoft.com
O1 - Hosts: 94.232.248.66 antivir-system-pro.com
O1 - Hosts: 94.232.248.66 www.antivir-system-pro.com

There ARE others but for now just put the check mark in the above and click the Fix Checked button.
Exit HJT.

Do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

REBOOT the computer.
Run a new HJT scan and save the log. Post back here …

Did you reboot the system immediately after the MBA-M scan?
You haven't updated MBA-M since the 17th. The new version of MBA-M was released on the 17th so it is now at version 1.38 and database version as of today is 2317.
You need to update to this newest version and database version and then run a FULL scan. Anytime something is found using the Quick Scan then the "rule of thumb" is to remove all that is found, REBOOT and then run a Full System scan. The Quick scan does not scan all files so there would be a chance that an infected file wasn't scanned during the Quick Scan.
After every MBA-M scan when something is found it also is always advisable to make it standard practice to Reboot. If you note the notation about the file found on your system is Delete on Reboot...meaning it cannot remove until the early stages of the rebooting process.

Uh-oh, you are showing TWO anti-virus programs on the computer, Avira and McAfee. Absolute RULE only ONE anti-virus program should be running on a computer.
One of these must be completely UNINSTALLED ASAP. You choose. If you paid for McAfee you can leave it and uninstall Avira, however my personal choice would be keep Avira. But the choice is yours but absolutely one of these must go immediately.
Once you have done the Uninstall, reboot the computer.

Then update MBA-M and this time run a FULL Scan with it. Last one was only a Quick Scan, which, I am sorry to say, I failed to notice before. The rule to follow is if you are fairly certain you are infected then always run the Full Scan with the updated program. If you are just running a weekly scan then a Quick Scan is fine but if the Quick Scan finds something, Fix it and then immediately reboot, update the program and run the Full Scan.

MBA-M released a new version today so it is advisable that you update to this newest version and then do the Full Scan, be sure all items found are checked and then click Remove Selected. Reboot the computer.

Then run a new HJT scan and place check marks next to the following entries if they still show:
O15 - Trusted Zone: http://*.imlive.com
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload.ijjimax.com/game...Plugin7USA.cab
O16 …

andeethree, you need to begin YOUR OWN thread, stating exactly what problems you are experiencing and what steps you have taken to try to correct them. Just posting your log within somebody else's thread doesn't give us any information and can only lead to confusion.
Please state exactly what problems you are having.
Then somebody will be happy to offer some help.

You have at least one trojan on the system, maybe more. MBA-M should have found those. Update the program and run it again, a Full system scan. Be sure that everything is checked, and click Remove Selected.
Reboot the computer.
Run HiJackThis again and place check marks next to the following if they remain,
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll

O4 - HKCU\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe
O4 - HKUS\S-1-5-21-1935655697-1897051121-725345543-500\..\Run: [SystemManger] C:\Program Files\Internet Explorer\iexplorer.exe (User '?')
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:

Click the Fix Checked button. Exit HJT.
Reboot the computer.
Run a new HJT scan and post that log.

There is obviously something running at start up that is stopping this from running. Problem is with only being able to run HJT in Safe Mode we aren't seeing it.
Check in Scheduled Tasks. See if there are any unusual tasks there that you personally didn't schedule, especially those scheduled to run each time the computer boots up. If there are, delete them and reboot to normal again. Check in Task Manager for unusual processes running. If you find any, stop them. Then try the HJT in normal.

Did you reboot the computer? No way of knowing if infection has been removed completely yet. You need to run a NEW HJT Full System scan and post that log.

Ok, will wait for the normal scans...both MBA-M and HiJackThis

There is no reason to send files to Trend Micro. We are using these logs here so we are the ones who need to see them. Unless instructed by a helper here you wouldn't be sending files someplace else.

Let it run. But then DO try to run it in normal mode. In Safe Mode it will not scan all files which need to be scanned.

You really need to try to run these programs in normal mode if possible. I realize at first this was next to impossible but both MBA-M and HJT are created to be run in Normal Mode. If these infected files were removed then the programs should run in Normal Mode.

This program, FreeHDPlay is definitely infected. You need to get it off the computer.

You didn't do any fixes with MBA-M plus you only did a Quick Scan, instructions clearly say Full Scan. So you need to run it again, Full Scan, and follow the instructions given above:
* Be sure that everything is checked, and click Remove Selected.
Then REBOOT the computer. Then run another HJT scan, save the log and post back with both of those new logs.

Sorry, but am a bit confused here since you said this

Then I downloaded Hijack this but when I click on Analyze this, it takes me to an error page.

but then you posted two logs from HiJackThis, so you were obviously able to run the program.
As gerbil said, there is definitely malware on there and there are tools that must be run to remove it. Trying to do it manually may be next to, if not impossible as that can involve trying to track down multiple files in multiple locations on the computer. Leave just one of those files and the infections can rebuild themselves. Plus manual removal done the wrong way can render the computer useless.
You said you can download some programs did you download and run MBA-M? That one is key.

"Read me before posting a request for assistance" The instructions are quite clear that is why it is titled that way. Follow those steps.

I had the same thing happen to me, however none of the things you have listed are showed up when i ran Hijack This. Here's my logfile I'd appreciate it if you could pick out anything that might be causing the redirects

This gives us NO information whatsoever, the same as what, who? We need actual information before we can even suggest what the problem might be. You have to realize that threads don't stay together, if you are stating you have the same problem as somebody else. It depends on when threads are answered and what steps are given to the poster on where a thread shows at any given time. If you could please give us your exact symptoms and also the steps you have taken thus far to try and correct the problems. Remember NO TWO logs will ever be the same, even those from the same computer can be very different.
You have McAfee Anti-virus on your computer, have you run a full system scan with it and did you have it fix or quarantine whatever was found?

We also prefer that logs be copy/pasted and not attached so that we don't have to open a file from a possibly infected computer. I will copy/paste your log here so that others won't try to open it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:05 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Hello and welcome to daniweb,
Please do the following:
Please Download ATF-Cleaner.exe by Atribune(Windows XP, 2K, 2003 & Vista ONLY)

• You can put ATF-Cleaner on your Desktop for easy access.

RUN ATF-Cleaner.exe.

-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the Computer.

Download HiJackThis and run a Full System Scan and save the log. Post back here with the MBA-M log and the HiJackThis log.
Judy

will do ty prolly on weekend after last shift i should have some time, anyother suggestions are always welcome, tyty

Those would be the only suggestions probably anybody would have, your computer specs are very good so what has to be slowing things would be the unnecessary auto starting programs and services. Stopping those unnecessary auto starting programs that I noted earlier, which can very easily and quickly be run manually when you want to use them, having those run for convenience really is all it is and they DO slow the boot time of the computer without a doubt because they don't boot together they each would start up one at a time and then when they are finished starting up the boot process would be complete. Plus having those run all the time in the background consumes resources can then slow the actual running of the computer Then stopping the unnecessary services noted in the link I posted in my last post to you.
Other than that there really are no other suggestions except maybe change anti-virus programs. Norton/Symantec is a known resource hog and it does also slow boot time too.

Also, after you do all those uninstalls via Add/Remove, and Norton/Symantec has MANY in there, often under both names so read the list very carefully, then do a search on the computer for remaining files. Do it this way:
Start, Search, Files and Folders, Advanced Options, make sure there are check marks in Search System Folders, Search Hidden Files and Folders, Search Sub Folders. Then first list Symantec. Let the search happen then Delete anything found. Then do the same again for Norton. Delete anything found.

Also would you say its easier to get virus's if i use IE or would it be better to use firefox or some other program?

Firefox is generally considered a safer browser.
But....why do you now have two anti-virus programs on the machine?
Your HJT log shows BOTH Avira and Symantec/Norton running on the machine. If you want to reduce the security on the computer that is the way to do it. While the two anti-virus programs are both trying to protect the computer they are also fighting against each other which can let infection slip through.
Before installing Avira you should have totally Uninstalled Symantec/Norton.
I gave you instructions on uninstalling Symantec using Safe Mode. You absolutely HAVE to get that off the computer ASAP.
Boot to Safe Mode, then go to Add/Remove and Uninstall ALL Symantec/Norton. If you still have difficulty then download the Norton Removal Tool and use that following the instructions EXACTLY given on the link. You computer is at risk until you get that extra anti-virus program fully removed.

You are certainly right about that! I would recommend either Avira Free or Avast Free. Both are excellent and highly recommended. Both often rank much higher than McAfee.

I use Avira Free and love it. Only annoyance is a large pop-up that comes up each day when the program auto updates, nagging you to purchase the Pro version. All you do is "X" out of it. There is a registry "tweak" you can use to get rid of that but I hate to mess with the registry and it is only a slight annoyance that I have learned to ignore.

I love the program, not intrusive, not filled with bloat like McAfee. Works great! I know others who use Avast and like it well also. I tried both and chose Avira

You might take a look at the list available here.
It gives some insights and suggestions on proper settings for Vista 64bit systems to maybe help speed boot time somwhat, also Here. This guy is usually pretty "right on". But remember to consider what is on your system, what you want running, etc. His suggestions are only that, suggestions.

Frankly I think it is a good choice. I have some other security suggestions for you once you post your scans.