I notice that you are now running two antivirus programs:
Symantec
Avira
This can make the system more vulnerable. It can also slow it down. Please remove one of them.
To remove Symantec/Norton use the
Norton Removal Tool
To
uninstall Avira:
- Start> Settings> Control Panel> Add or Remove Programs
- Wait for the list of installed programs to load, then click on Avira.
- Click Remove next to the program's name
- Press Yes, to confirm the removal and then OK.
- . Click Next until Finish. The software is removed.
Be sure to reboot the computer after doing the uninstall
Please reopen HijackThis to
'do system scan only.' check each of the following if present:Optional Removal is in green:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
There are 2 identical entries for this process. I cannot identify any parts of the entry. Do you know what it is? If not, check for removal
O4 - HKLM\..\Run: [veimndef] C:\Documents and Settings\HP_Administrator.PC\Local Settings\Application Data\popkol\arycsftav.exe
O4 - HKCU\..\Run: [veimndef] C:\Documents and Settings\HP_Administrator.PC\Local Settings\Application Data\popkol\arycsftav.exe
O15 - Trusted Zone: .trymedia.com[/url] (HKLM)>> See Option 1
Option 1: Trymedia.
If you are a developers, publisher and portals/retailers and find is necessary for this to be in the Trusted Zone, leave it. I personally don't recommend anything be put in the Trusted Zone. Here is a description:
Trymedia Systems, Inc. is a division of RealNetworks that provides digital distribution services based on its proprietary ActiveMARK DRM and digital distribution technology.
Trymedia operates an online network of digitally distributed computer games. The network is integrated into Microsoft's digital locker service,[8] and provides white label online retail services to affiliates such as Electronics Boutique and GameSpot.
Close all Windows except HijackThis and click on
"Fix Checked."
Once you get the duplicate AV handled and these entries removed from HJT, rescan with HJT and I'll see what else needs to be done.
You have a great many Tracking Cookies. I recommend the following:
Reset Cookies
For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'>
CHECK 'accept first party Cookies'>
CHECK 'Block third party Cookies'>
CHECK 'allow per session Cookies'> Apply> OK.
For
Firefox: Tools> Options> Privacy> Cookies>
CHECK ‘accept Cookies from Sites’>
UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List