Posts by jholland1964

Try running Check Disk Repair. You will need your install disks and see if you can repair these using that.
Judy

First thing, the entry found and removed by MBA-M was in the System Restore, so it was obviously removed sometime earlier and this is the back-up. It is gone. The item removed was the Rogue.VirusHeat. This rogue does what other rogue "removers" do - plants malware and then pretends to detect it. It generates false positives and then makes you pay to remove them. As I said, this had obviously been removed earlier and what was removed with this run was the back-up from System Restore.

Secondly, the HiJackThis scan was done in Safe Mode, it should be done in Normal Mode so if possible I would like to see one done in Normal Mode. so I can see what is actually running during a normal boot.
The HJT log also shows that the java is out of date. It shows version 6 which is the correct version but the current version is version 6 update 10. So this needs to be updated.

Third, I am not well versed in Registry issues but it looks to me like the entries from the Rootkit Revealer are citing something installed on 11/8/2008 at 12:54 PM. Do you know what this was? The registry key points to the International Subkey in the Control Panel which is the subkey which stores options that are selected in Regional and Language Options in Control Panel. These entries determine how the system and programs display dates, times, currency, and other locale-specific notation. It shows …

To copy go to Edit, Select All, Copy, Paste.

Hi!
No, you don't leave MBA-M running. Just use it to scan and remove. If his surfing habits "stink" as you say then I would run it, at the very mimimum, weekly...maybe every three or four days even, always updating it first.
How about giving us some logs so we can maybe decide what might be "lurking" on the machine.
Run Avast, full system scan and let it remove whatever is found.
Then update MBA-M and also run it on a Full System scan and let it fix whatever is found.
Reboot the machine and then create a new folder on the desktop and name it HiJackThis.
Then download HiJackThis and save it to that new folder.
Then close all browsers, email programs, IM programs, music programs, etc., in other words everything unnecessary. Run a Full System scan with HJT and save the log.
Post back right here with the MBA-M log, the HJT log and, if you have it, the Rootkit Revealer log. Then we can maybe get a better idea of what is going on there.

Judy
P.S. Tell him just paying "big bucks" to hopefully protect a computer won't do a thing really if you don't watch where you surf. No security program is absolutely fool-proof, no matter how much you pay for it.....You know that old expression..."if you lie down with dogs you will get up with fleas" applies to computer usage too...;)
…

The two you noted are excellent and an absolute MUST ADD is Malwarebytes' Anti-Malware
To quote from their website;

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect.

This is absolutely true. It is a top of the line program and if you will go through most threads here it is definitely the ONE program we all have recommended. There is a paid version but the free version is truly just fine. It has frequent updates so it is always up to date with the current threats out there. You can't do better than MBA-M as far as I am concerned.

I would also recommend using another FREE program, SpywareBlaster. I would absolutely not run a computer without it.
To quote from their website;

Multi-Angle Protection

* Prevent the installation of ActiveX-based spyware and other potentially unwanted programs.
* Block spying / tracking via cookies.
* Restrict the actions of potentially unwanted or dangerous web sites.

One truly does NOT need to pay for excellent protection, all of the above are FREE and all of the above are top of the line.
If one wants to pay then all of those do offer paid versions, with the exception of SpywareBlaster, but if you go with all the free versions a computer is well protected.
Judy

i can try any other software from eset like the nod32, if you want.

You have done this, that was the ESET Scanner.

You need to go in and UNINSTALL all those extra programs you used; Combofix, vundofix, Avenger, SmitFraudFix. KEEP Malwarebytes Anti-Malware and Spybot. Also keep the ATF-Cleaner. Don't worry about the Microsoft® Windows® Malicious Software Removal Tool, for whatever reasons many cannot run this tool.
To uninstall combofix do the following;
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
I cannot stress enough here again for others who may be reading this that Combofix is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again.
One of the things that shouldn't be done is use this tool over and over, it should be used one time unless directed to do it again. When that is done it is usually recommended that the original be removed and a new copy downloaded if needed again.
Please remove it from your system.
VundoFix and SmitfraudFix are also infection specific tools, indicated when these two infections are present but not to be used for general cleaning of the computer.

These days Malwarebytes' Anti-Malware …

It is highly recommended that you boot up your PC in "Safe Mode" and perform "System Restore".

Please DON'T do a System Restore. This could restore any nasty that you have all ready removed. Leave the System Restore alone for now. We will take care of cleaning that out later.
System Restore is NEVER to be considered a way to remove an infection. An infection, depending on what it is, can embed itself onto various files on the computer and also make registry changes which cannot be fixed using System Restore. System Restore should not be counted on to REMOVE or disable anything, that is not it's purpose. System Restore does not replace the process of uninstalling a program. To completely remove the files installed by a program, INCLUDING Viruses, Trojans and Malware, you must ACTUALLY remove the program, whether it is a legitimate program you no longer want or some sort of infection. In Windows XP, files are backed up only from certain directories, it excludes any file types used for users' personal data files, such as documents, digital photographs, media files, e-mail, etc. It also excludes the monitored set of file types (.DLL, .EXE etc.)
System Restore is NOT the end all and be all of repair and should not be considered as such.

Here are the steps you need to follow.
First of all TURN OFF the Spybot TeaTimer as it can interfere with any fixes done.
To do this open …

Hi and welcome to daniweb.
First of all I must caution all who may be reading this that several of the programs you have said that you ran should NOT have been run without FIRST being told to do so by a helper or somebody assisting you with problems. The main one I am concerned about is combofix. This is a very powerful tool which produces a very long and complicated log after doing it's work. It takes quite awhile to read and interpret one of these logs. Since you didn't post any of the logs from the programs you ran and you say "they have found many things but not solve this issue" we have absolutely no idea what was found or what was removed OR where they were located on the system. We really are not certain what programs you did run really except for combofix, smitfraud and AVG Anti-Spyware 7.5, which is no longer available as a stand alone product so it cannot be counted on as doing the work anymore, and than you say "antimalware etc..." What "antimalware"?
Your auto starting program and auto starting services list is extremely small showing only graphics card software, realplayer update, your McAfee program and Viewpoint Manager Service (which is actually considered to be malware and should be removed). The running processes list you posted shows exactly the same thing as the Running Processes list from the HiJackThis log so there is nothing different or unusual there. We …

Sorry I have taken so long to respond. I have been out of town. No, this is not a new virus, in fact it has been around for several years, since 2005.
It is actually a Polymorphic Win32 virus which hides its presence from antivirus software.
It is known by different names really, depending on the anti-virus program used, one of which is W32.Virut.A
The W32.Virut.A Opens a back door on TCP port 65520 by connecting to the Proxima.ircgalaxy.pl IRC server on channel &virtu.
The back door allows an attacker to download files onto the compromised computer.
You also obviously had a Trojan on the computer since one was discovered and removed by MBA-M in your System Restore.
I would recommend that you run HJT again and place a check mark next to the following entry;This entry refers to AVG 8. Did you Uninstall it? If so then place that check mark.
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
Once you have placed the check mark then click the Fix Checked button.
Exit HJT

First, a very likely reason your computer may be slow is that you are running multiple anti-virus programs on it at the same time.
Your HJT logs show the following or parts of the following anti-virus programs running at the same time;
AntiVir PersonalEdition Classic
AVG8
McAfee
Symantec
Choose ONE and ONLY ONE and totally UNINSTALL the others. The absolute rule is only ONE anti-virus program should ever be running on a machine. By running more than one anti-virus program you are actually lessening your protection since multiple programs will conflict with each other and can then allow something to "sneak" onto the computer.
Second, you are running BigFix automatically at start up which means it is running all the time in the background. Should only be started manually as it's a resource hog. Turn it off and keep it from running at start up.
Third, you have a huge number of totally unnecessary programs running at start up, all of which can use necessary resources and can easily be run manually if needed.
Fourth, you have both AdAware Services and Spybot TeaTimer running. Neither are needed and both can interfere with any attempted fixes. These should be disabled.
Fifth, Your sunjava version is way out of date. Current version is update 6 version 10.
Sixth, You are running NapsterShell which is generally is considered to be malware related. It can cause definite system slowdowns and also connection difficulties.
Seventh, there are numerous instances …

Please follow crunchie's advice.

They may not be missing, just disabled. Would you have disabled these via msconfig?
Your java is out of date by the way, current version is 6 update 10.
Judy

Your logs look ok with the exception of these two items;
O23 - Service: Media Center Receiver Service (ehRecvr) - Unknown owner - C:\WINDOWS\eHome\ehRecvr.exe (file missing)
O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:\WINDOWS\ehome\mcrdsvc.exe (file missing)
Both of these files are essential to the running of Media Center.

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states …

First of all I see two anti-virus programs running at the same time on the computer;
Avast4 and AVG7. You MUST uninstall one of them. AVG 7 will expire in December. If you wish to use AVG then uninstall BOTH programs and download AVG8
You really also have too many security programs running at once;
Ad-Aware, Windows Defender, SpySweeper, SpybotSD TeaTimer. SpybotSD TeaTimer and AdAware Services should be turned off for good, neither really adds protection especially and both DEFININTELY interfere with fixes. Turn off Windows Defender and SpySweeper until fixes are complete. Turn off ALL of those programs, uninstall one of the anti-virus programs, update MBA-M and do another Full System Scan with it and allow it to fix whatever is found.
Post back then with a new HJT log and the MBA-M log.
Judy

You shouldn't be "playing" in the registry if you are not certain what you are doing.
If you just installed this then why do you want to remove it?
Go to Start, All Programs and see if there is a listing THERE for EScan. That is possibly where the uninstall is located.
Judy

Hello Gossamer0101, hope you are still "out there". I've been away for nearly two weeks and hopefully I can get back into the swing of things here.
I would like you to reboot the computer, if you have not done so. Then run a Full System scan with HiJackThis and post that log here.
Judy

You have a huge number of items running at start up which are unnecessary, which in turn can most definitely slow down the computer. I can give you a list if you wish and see if that helps with the slowness, it should. Adding more RAM is also a good, and generally inexpensive way, to speed the computer. What you have is not enough. Go to crucial.com and they have an online test to do which will tell you how much you can add and the cost to do so. Their prices are very reasonable, usually the cheapest you will find.
As far as the on/off button problem you may need to take that in and have it checked.
Judy

Hi and welcome to daniweb.
Your HJT log absolutely shows infections.
You need to TURN off the following programs while running all the programs you noted;
Lavasoft Ad-Aware Service
Windows Defender
SpyNoMore
Spyware Doctor
SUPERAntiSpyware
any or all of the above could interfere with proper scanning and removal of malware. Leave them off until told to turn them back on.
Turn the above OFF and then try updating MBA-M again. Run a FULL System scan NOT the Quick Scan, and have it fix everything found and post the log along with a new HJT scan.
IF and only IF MBA-M doesn't find anything on this next scan in NORMAL mode then reboot to Safe Mode and try it again.
Judy

Sounds like you don't have the correct version of comctl32.ocx.

Looks better, is the computer running ok?

Follow the instructions given HERE AFTER uninstalling one of those anti-virus programs. Ignore the instruction on the link concerning Deckard Scanner. It is not available. Do the MBA-M scan, the ATF cleaner and the ESET online scan. Allow these scans to FIX everything found.
Then post back here with the MBA-M log, the ESET scanner log and a NEW HJT scan log.

Stop the updates. Close the program. Re-open the program. Try again using a different source for updates. You can find that by clicking the arrow on that main update page and it will give you other sites for updates.

You are running two anti-virus programs on one computer. This is an absolute NO-NO. Please TOTALLY uninstall one of these.
What version of HiJackThis are you using? You didn't post that top line of the scan which tells us the version of HJT. Current version is 2.0.2 If you are running the older version then delete it and download the new one.
Also do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.

Please Run the ESET Online Scanner and attach the ScanLog with your post for assistance.

* You will need to use Internet Explorer to to complete this scan.
* You will need to temporarily Disable your current Anti-virus program.
* …

Happy to have helped Allan, even somewhat indirectly. You will definitely continue to be pleased with SpywareBlaster. Be sure to use the Restricted Sites portion of the program too.
Judy

Thank you for all the help in solving this problem, Judy and crunchie. Your expertise and patience has been very much appreciated.

I will make sure to run Spybot often to prevent this from happening again. I have a question though. It seems like ComboFix really did the trick for my problem. So if I were to get this problem or any other malware/spyware again, would you recommend firing up ComboFix first thing again? Or is this a last resort type of scan for some reason?

Thanks,
Matt

Combofix is a last resort type of scan. It is a powerful tool intended to be used under the guidance and supervision of an expert, not for private use. Using this tool incorrectly could adversely impact your system and prevent it from ever starting again. If your computer gets an infection again, hopefully it will not, but if it does then IF it is needed you would be advised to use it. But as stated it is really a last resort scan.
In fact you should actually now remove it from the computer and the removal will also take all the backups with it, which of course you don't need because those are the baddies removed.
To remove it do the following;
To uninstall ComboFix.exe And all Backups of files that it deleted
Click START then RUN type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs …

We rarely recommend registry tools. Many of the fix tools we note do correct registry problems when fixing. If you will note your MBA-M log registry problems WERE fixed and removed.
The warning you received from AVG notes this tool was not a good one and you were wise to follow the warning from AVG. Unless specific problems are noted which have not been fixed it is wise to leave the registry alone. Playing with the registry can very often cause major problems.

Quick check in from my daughter's home. Looks good to me also. You need to update your java. Current version is now version 6 update 10. This poster does have antivirus installed but those who don't must have ONE on the computer.
Judy

If you feel it is running well then I think you are ok. If you have other problems feel free to check back in.
Judy

Ok Dragewood, I have read through this entire thread from top to bottom tonight and see several things I either failed to notice or ignored.
First thing is the error and blue screen and stop error you reported in your second post.
This can be related to a hardware issue or some new software installed.
You stated you couldn't run ESET Scanner so you installed Chrome and tried to run it that way. ESET Instructions are VERY Explicit, you must use Internet Explorer to run it. This is why it wouldn't run.
I only warned you about installing new software during an attempted clean up, I should have told you to uninstall Chrome.
You ran MBA-M again and essentially found the same bad items, telling me NOW that I have finally read and re-read this thread that the "core" of this infection is not getting removed.
I apologize for not being more attentive to this.
I think, If you can do it, that you should try to do the following;

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper …

You couldn't have deleted Internet Explorer it is a key part of the Windows Operating system. You may not have used it but it was there. Do the following;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with that log.

The version I have also has anti-virus. I am going to check out the ones you suggested as well. Thx!

So, you are running the Zone Alarm Security Suite? It doesn't show in your logs at all as running, in any of the logs.
If it is expired then by all means get something else. If it is not expired since it is a paid program totally Uninstall it and reinstall it and then make sure it is running.
But no matter which you do, be sure you only have ONE anti-virus and ONE firewall running on the computer.
Judy

Go ahead and do the HJT and post both logs here. Then install the AVG and attempt to update. Even if you cannot update please do a full scan with it and fix everything found. Please note name and location of anything found by the AVG scan.

i tried running vundo to help with some problems i was having with my computer, namely freezing, but now i can't even start up my computer without hitting the blue screen of death, even in safe mode, anyone know what i can do to fix this? Thanks!

Not sure what you mean by running vundo. Vundo is an infection not a program. If you were running Vundofix then that would mean you were trying to remove a vundo infection on the computer but how did you know the computer was infected with vundo.

There are any number of reasons a computer might freeze and many of them have nothing to do with infections. You could have too many programs running at one time, not enough memory or not enough remaining hard drive space.

One should never run specialized tools like that one unless you are certain the infection is present and are directed to do so by a helper in a forum really. What you should have run is something like MBA-M which would also remove vundo infections and many others but generally not key system files.
It sounds like maybe some key files were removed when you ran this program. You may need to do a reinstall.

Ok. I understand. You do need an anti-virus program on there. Go with either the Norton or one of those free ones. The McAfee is a paid program and she would have to pay to use it, even if you all ready have the disk the program on the computer would have to be licensed and in order to do that she would have to pay.
It would be very unusual for an anti virus program to start in Safe Mode except for scanning. It won't start for protection in Safe Mode so I must assume you mean it wouldn't scan in normal mode.

Zone Alarm is not an anti-virus program, it is a firewall.

But WHY did you Uninstall Norton?
Go ahead and run the MBA-M in safe mode WITHOUT networking. You DO NOT NEED to be ONLINE to run MBA-M or actually ANY cleaner unless it is an online antivirus program.
Fix everything found.
Reboot to NORMAL mode and then run a HJT scan and post both the MBA-M log and also the HJT log.
We really need to see HJT from Normal Mode.
Why did you Uninstall Norton I ask again.

Not sure where you received instruction to run SDFix and Smitfraudfix, which is ok this time because they were needed but must caution others that these are not always required to be run and folks should wait until instructed to do so, especially since no HiJackThis log or symptoms were posted in the beginning of this thread so I had no way of knowing if these were required or not. I requested the MBA-M be run along with HJT. In this ONE instance these other programs were warranted but much of the time they are not.

That said, please do the following;

Run HJT again and place a check mark next to the following entries;
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')

Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Update MBA-M again and run another Full Scan. Fix any items found and save the log.
Run a new scan with HJT and save the log.
Post back here with these two logs.
Judy

Hi, can I ask why you removed the Norton Anti-virus program? This means you are no longer protected and since you all ready have infections this can mean that more will enter the computer as you are noting in this statement;

while i am in safe mode with networking some virus's still come out. like ex. a pornovid setup thing trying to get me to install it. i click cancel everytime though

I would advise that you immediately reinstall that Norton program. One thing you must realize is that NO anti-virus program will remove everything and many do not even touch trojans at all, this is why we recommend additional tools like MBA-M. You must either reinstall, update and enable the Norton program OR install another anti-virus program IMMEDIATELY.
If the Norton license is current I would recommend the reinstall of that one, if it is expired then install one of these;
Avast, Antivir and AVG are all good, all FREE. Pick one, download, install, update and enable. Update it often, scan with it weekly at least.

Stop the MBA-M scan. Turn off the computer. Disconnect the internet cord from the computer so that it cannot get online.
Reboot the computer in normal mode and then do the FULL SCAN with MBA-M.
Allow it to FIX EVERYTHING found.
Shut down the computer. Re-attach the internet cord. Reboot in normal mode and let us know what happens.

The log looks pretty good EXCEPT two things;
#1 you are not running an onboard antivirus program. This is an absolute MUST.
There are several very good FREE ones out there.
Avast, Antivir and AVG are all good, all FREE. Pick one, download, install, update and enable. Update it often, scan with it weekly at least.

#2 The other thing is your java program is way out of date and should definitely be updated.
First go HERE and download the Offline Install to your desktop. Once you have done that then go to Start, Control Panel, Add/Remove and Uninstall ALL past versions of Java showing in the list. A reboot may be necessary. Once you have uninstalled all old versions then double click that java install program on the desktop and install that newest version. Once it has installed then go back to that download page and on the right side you will see Verify now. Click that and verify that the install of the new version was successful. A note here; One thing that may be downloaded with this version of Java is a yahoo toolbar, it is included in the install UNLESS you REMOVE the checkmark which gives permission to do so. So if you DO NOT WANT the yahoo toolbar be sure to REMOVE that check mark during the java install.
Keep the MBA-M program and update it frequently. Scan with it at least …

Try downloading a new copy of the driver. Save it to the desktop, don't install it yet.
Then go into the Device Manager and Uninstall the card. Reboot the computer, it should find the card and then when it tries to install the driver have it install that new copy you downloaded.

Intel 82845G/GL/GE/PE/GV Graphics Controller

You might check here for the latest driver.

Run HJT again and place a check mark next to the following entries;
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O20 - AppInit_DLLs: karna.dat
Once you have placed the check marks then click the Fix Checked button.
Exit HJT.
Reboot the computer.
Run HJT again and post that new log.
Judy

What video card is installed on the system?

The new HJT got rid of them, thanks lots
Joal

I have been using HJT for years to get rid of BHO's and some malware with no ill effects.
Today was the first time I tried Killbox.

Joal I will say this, you are very lucky. Doing it this way is dangerous.

I post this mainly as advise to others. This is NOT the way to do things. I say again, HJT is NOT a removal program. It MIGHT remove HJT log entries showing which point to malware, spyware, viruses and trojans but it WILL NOT remove the infection.
Don't follow this poster's example. If you feel there is infection on your computer begin HERE. Then start a new thread here stating your problems, programs run in an attempt to correct these problems and include all logs. END by running a Full Scan with HiJackThis and post that log too. Don't attempt fixes with HiJackThis, just use it for scanning until directed to do fixing with it.

There is nothing wrong with either of these files. Which file is it that you cannot remove?
I also just noticed, you are using an out of date version of HiJackThis. You are using the Beta version 2.0.0 which was a TEST version.
Delete this version. Download the newest version which is version 2.0.2 from HERE

Not certain what you mean by this;

still unable to figure out how to remove the second after I click on it, and it comes up

Click on it WHERE? What comes up?

All of the above said, I have to ask WHY are you using HiJackThis and Killbox? I cannot find any post of yours which gives a reason why you are using these two programs, in fact your last thread here was in Feb. 2007 which actually was never completed and showed an incorrect assumption on your part concerning an entry in the HJT log posted. But you never returned or really stated what the problem was in the first place.

HiJackThis is NOT a fixer or removal program essentially, it is a scanner program to see what is or may have been on the computer at sometime. HijackThis is a utility that produces a listing of certain settings found in your computer. HijackThis should only be used if your browser or computer is having problems AFTER running Spybot or another Spyware/Hijacker removers like MBA-M, using anti-virus programs, uninstalling unnecessary or unwanted programs and cleaning out temp files. It should definitely NOT be used for general maintenance or clean up ever. That is not the purpose of this program. One should NOT fix entries using HijackThis without consulting an expert on using this program. HijackThis is an advanced tool, and therefore requires advanced knowledge about Windows and operating systems in general. Interpreting these results can be tricky as there are many legitimate programs that are installed in your operating system with similar file names and in a similar manner that Hijackers get installed. If you delete items that …

explain how to manually remove these ?
thanks
Joal

You will have to navigate to the location of each file and then delete it.
C:/Documents and Settings/Administrator.HART-8DA2801E47/My Documents/My Pictures/Pictures Downloaded from AOL/SavedFromMail/10_animMA17697484-0010.gif

This one appears to be a link on your desktop so you should actually see it there and be able to delete it.
O24 - Desktop Component 1: (no name) - http://auto.search.msn.com/response....prov=aols&utf8

The O24 entries are Windows Active Desktop Components. Active Desktop Components are local or remote html files that are embedded directly onto your desktop as a background.
When fixing these entries, HijackThis will only remove the Desktop Component in the registry. The actual HTML file being referenced, though, will not be deleted. You must actually have to MANUALLY remove them.

Hello Nel and welcome to daniweb.

So first step is to download HJT ? Then post a log ?

No, that is actually the last step after running some clean up programs. Update your antivirus program, run a Full System Scan with it and fix everything found.
Then do this;
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Reboot the computer.

THEN, download HiJackThis
Perform a Full System Scan and save the log.
Post back here with the log from your anti-virus program, the MBA-M log and the HiJackThis log.
Judy