Inactive [InActive] Google re-direct problem.

Hello, I have a Google re-direct problem! Every time I search Google it sends me to download an anti-spyware program or another search site- the url's in the search results don't match the page description. I have tried and failed with Norton antivirus, and I use Mozilla. My system runs fine otherwise. Please can you help? Here are the DDS logs.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Mum & Dad at 19:22:47.51 on 21/02/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.411 [GMT 0:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Keyboard Driver\PS2USBKbdDrv.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\lxbscoms.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\TalkTalk\TalkTalk SNU5630NS 05 Wireless USB Adapter Utility\TTUSBBGMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Mum & Dad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Packard Bell
uSearch Bar = hxxp://format.packardbell.com/cgi-bin/redirect/?country=UK&range=AD&phase=6&key=SEARCH
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7

\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Editor plugin: {87d3fc39-31ba-415e-9f4e-3f5737de9a1b} - smuhdd.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe "
uRun: [kdx] c:\program files\KHost.exe -all
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe "
mRun: [DetectorApp] c:\program files\sonic\digitalmedia le v7\mydvd le\DetectorApp.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [OmniPass] c:\apps\softex\omnipass\scureapp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 "
mRun: [ACTIVBOARD] c:\apps\aboard\ABoard.exe
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WireLessKeyboard] c:\program files\keyboard driver\StartAutorun.exe PS2USBKbdDrv.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\talkta~1.lnk - c:\program files\talktalk\talktalk snu5630ns 05 wireless usb adapter

utility\TTUSBBGMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: OPXPGina - c:\apps\softex\omnipass\opxpgina.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\mum&da~1\applic~1\mozilla\firefox\profiles\20g9ki57.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1002000.007\SymEFA.sys [2009-2-21 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2009-2-21 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2009-2-21 362544]
R1 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\ipsdefs\20080826.006\IDSxpx86.sys [2009-2-21 274808]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2009-2-21 115560]
R3 CPTWGU(TalkTalk);TalkTalk SNU5630NS/05 Wireless USB Adapter(TalkTalk);c:\windows\system32\drivers\CPTWGU.sys [2007-3-10 408064]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-21 99376]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090220.048\NAVENG.SYS [2009-2-20 89104]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20090220.048\NAVEX15.SYS [2009-2-20 876144]
R3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S3 EraserUtilDrv10741;EraserUtilDrv10741;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10741.sys --> c:\program

files\common files\symantec shared\eengine\EraserUtilDrv10741.sys [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-2-18 33752]

=============== Created Last 30 ================

2009-02-21 09:24 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-02-21 09:24 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-21 09:24 <DIR> --d----- c:\program files\Symantec
2009-02-21 09:23 <DIR> --d----- c:\windows\system32\drivers\NIS
2009-02-21 09:23 <DIR> --d----- c:\program files\Norton Internet Security
2009-02-21 00:05 <DIR> --d----- d:\docume~1\alluse~1\applic~1\PCSettings
2009-02-21 00:05 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Norton
2009-02-21 00:03 <DIR> --d----- d:\docume~1\alluse~1\applic~1\NortonInstaller
2009-02-21 00:03 <DIR> --d----- c:\program files\NortonInstaller
2009-02-21 00:00 <DIR> --d----- d:\documents and settings\all users\Symantec Temporary Files
2009-02-18 17:39 0 a------- C:\p3.bat
2009-02-05 00:14 2,845 a------- c:\windows\WAVEFIX.INI
2009-02-05 00:14 377 a------- c:\windows\GLIDER.INI
2009-02-05 00:14 90 a------- c:\windows\GLIDERCD.INI
2009-02-05 00:14 <DIR> --d----- C:\GLIDERCD

==================== Find3M ====================

2009-02-21 09:24 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-21 09:24 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-02-21 09:24 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-02-12 10:00 3,480 a------- d:\docume~1\mum&da~1\applic~1\wklnhst.dat
2008-12-13 06:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 -------- c:\windows\system32\dllcache\srv.sys
2008-12-05 17:24 31 a------- d:\documents and settings\mum & dad\jagex_runescape_preferences.dat

============= FINISH: 19:23:39.26 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 27/12/2006 16:08:07
System Uptime: 21/02/2009 14:57:12 (5 hours ago)

Motherboard: Packard Bell BV | | Cuba MS-7301
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2793/200mhz
Processor: Intel(R) Pentium(R) D CPU 2.80GHz | Socket 775 | 2793/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 30 GiB total, 11.684 GiB free.
D: is FIXED (NTFS) - 111 GiB total, 75.318 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 21/02/2009 12:58:44 - System Checkpoint
RP2: 21/02/2009 13:01:45 - Removed Adobe Reader 7.0.9

==== Installed Programs ======================

4oD
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Shockwave Player
Adventure Rock 1.0
AGEIA PhysX v7.07.09
Apple Software Update
ArcSoft VideoImpression 2
Bang! Howdy
BBC iPlayer Download Manager
BBC Mountainbike Challenge 08
Bob the Builder - Bob Builds a Park
Dig'nRigs
Disney Pirates of the Caribbean Online
Empire Earth
Empires Dawn of the Modern World
Fokker C.V-M26 for FSX and FS2004
Google Earth
Google Updater
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Keyboard Driver
LEGO Digital Designer
Lexmark 810 Series
LimeWire 4.18.8
Macromedia Flash Player 8
Macromedia Shockwave Player
Medal of Honor Airborne
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Flight Simulator X
Microsoft Flight Simulator X Photo Scenery Display Update
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
Norton Internet Security
NVIDIA Drivers
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PC CIF Camer@
Pivot Stickfigure Animator
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roblox for Mum & Dad
Rome - Total War
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sheep
Shockwave
Short Solent for FSX or FS2004
Skulduggery Hollowmen
Skypeâ„¢ 3.5
SmartSound Quicktracks Plugin
Sonic Encoders
Sonic Express Labeler
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
System Requirements Lab
TalkTalk Assist & Go
TalkTalk SNU5630NS/05 Wireless USB Adapter
The Battle for Middle-earth (tm)
Tonka Search and Rescue
Ulead DVD DiskRecorder 2.1.1
Ulead PhotoImpact 10 SE
Ulead VideoStudio 9.0 SE DVD
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP
Windows Genuine Advantage Validation Tool
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB914548

==== Event Viewer Messages From Past Week ========

18/02/2009 19:29:54, error: Service Control Manager [7023] - The KService service terminated with the following error: Unspecified error
18/02/2009 17:16:36, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
18/02/2009 09:35:44, error: System Error [1003] - Error code 10000050, parameter1 e748186c, parameter2 00000000, parameter3 bf8303d3, parameter4 00000001.
16/02/2009 21:17:59, error: System Error [1003] - Error code 10000050, parameter1 f1b9d004, parameter2 00000000, parameter3 f3b83bfb, parameter4 00000000.
16/02/2009 18:28:28, error: DCOM [10000] - Unable to start a DCOM Server: {FE0D8F60-5A07-40A1-85EC-4FFB7E0F2306}. The error: "%193" Happened while starting this command: D:\Documents and Settings\Mum & Dad\Local Settings\Application Data\RobloxVersions\version-8321c7356e354a40\RobloxApp.exe -Embedding
19/02/2009 08:21:49, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
19/02/2009 09:55:01, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0da: Windows XP Service Pack 3 (KB936929).
21/02/2009 00:05:54, error: PlugPlayManager [12] - The device 'COH_Mon' (Root\LEGACY_COH_MON\0000) disappeared from the system without first being prepared for removal.
21/02/2009 11:19:14, error: System Error [1003] - Error code 10000050, parameter1 b6ee846c, parameter2 00000000, parameter3 bf8084c0, parameter4 00000000.
21/02/2009 11:38:51, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/02/2009 11:38:57, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
21/02/2009 11:38:57, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2009 11:38:57, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2009 11:38:57, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2009 11:38:57, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/02/2009 11:38:57, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 ccHP eeCtrl Fips IDSxpx86 intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SRTSPX SYMTDI Tcpip
21/02/2009 14:59:58, error: PSched [14103] - QoS [Adapter {D2F6859C-70A5-4AD1-B553-459C356DE0FA}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================

 

Some more information; I have been unable to install an update for Norton Antivirus 2009 or install a downloaded update (SP3) for Windows, and I also cannot install Adobe Reader - which I had removed as the first symptom of the infection was PDF documents not opening. Hope this makes things easier for you, thanks.

 

Hi Richar.
Welcome to WindowsBBS.

Your computer has multiple infections, including a backdoor Trojan.
Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, collect confidential data and information from the computer, log activity on the computer and more.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would suggest you disconnect this PC from the Internet immediately, change all passwords using a Non-infected computer (Not this one) and refrain from any credit card or financial dealings until clean. If you do any financial dealings with this computer Contact any credit card or banks for possible fraud on your account.


Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can attempt to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Infostealer.Banker.D

This Trojan monitors for access to the targeted banking Web site login screens. When an access attempt is made, it injects its own HTML snippet into the HTML returned by the bank Web server. The HTML snippet injected causes the browser to display additional fields in the login form for the user to enter in details such as the PIN, Social Security Number, date of birth and so on.

Thanks
Geri

 

Hi Geri,
Many thanks for looking at my logs, I very much appreciate the advice. I will reformat for peace of mind. Thanks again,
Richard

 

Hi Richard
OK, you are welcome.

I think thats the best move.

Please look at this link for some preventive recommendations, It could keep you from ending up back here to the Malware and Virus Removal Forums.
http://www.windowsbbs.com/showthread.php?t=67958

Surf Safely
Geri