Posts by jholland1964

Ok looks better the Symantec listings are gone.
Now run HJT again and place a check mark next to the following entries;
O15 - Trusted Zone: http://*.sbs.co.kr
O16 - DPF: {68253470-5D4F-4CDF-8D9C-353C14A2F013} (SVPorsche Control) - http://img.yahoo.co.kr/multi/2005/to.../SVPorsche.cab
O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB
O16 - DPF: {A5F3B5CF-A05F-479E-B684-13AA512A7B93} (YGLauncher Control) - http://kr.pubbase.yahoo.com/gamesetup/YGLauncher2.cab
O16 - DPF: {BD6BB450-7C69-43B8-96F3-689CAE57AB51} (SBSWebPlayer Class) - http://netv.sbs.co.kr/object/player/SBSWebPlayer.cab
O16 - DPF: {C9F2C949-1D30-43BF-A712-2D21048EFE1B} (SBSWebStudio Class) - http://netv.sbs.co.kr/object/editor/SBSWebStudio.cab
O16 - DPF: {CEE326E8-7571-4086-B347-3C0ACA9A9DE8} (PcubeSet Class) - http://muzic.sbs.co.kr/player/aod/dll/p3sbsset.cab

When you have the check marks in place then click the Fix Checked button.
Exit HJT.
Reboot the computer and run one more HJT scan so we can be certain everything is cleaned up.
Judy

girlfriend tried to sign onto her sn.

Do you mean sign onto her account or something else?

I will keep my fingers crossed. You can mark this thread solved now if you feel all is back to normal.
Judy

First you should UNINSTALL that combofix that you have on there now.
Do it this way.
Click START then RUN
# Now type Combofix /u in the run box and click OK. Note the space between the X and the U, it needs to be there.
When shown the disclaimer, Select "2"
Reboot the computer.
Now if it indeed has removed that rootkit, and we really don't know at this point but this seems to have become a common problem with this rootkit, we had another thread going here with the same happenings you are experiencing. When rebooting you might get a message about a missing file, don't worry about that right now. What would be missing would be the combofix.

Once you have uninstalled it then try downloading from HERE
Then try running it.
If you can't download it to your computer do you have another computer where you could access the file, save it and take it to your computer? This will work well also.
If you get it to run post the log, it WILL take awhile to start and finish, just give it time.
If it doesn't run, then Update MBA-M and run it again and let it fix everything found and post that log.
Judy

There is a Symantec folder under the "Program" directory on the C drive with some files but I did not find an "uninstall program".

Go ahead and manually delete that folder. Also go to Start, Search, Files and Folders and look for Norton. If you find anything, delete it.
Reboot the computer. Run a new HJT log and post back with it.
Judy

Try once more with Combofix If it tries to reboot, please allow it to do so.
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will …

P.S. Google does not redirect anymore but my laptop is alot slower than what it use to be before this infection.

Ok, hopefully we can speed this up somewhat. Several things could be causing this.
First of all you need to go into Spybot and TURN OFF TeaTimer. It can interfere with any fixes we may choose to do with HJT.
To do this open the program. Click Mode at the top and choose Advanced.
Then at the bottom click Tools. When the list of tools opens on the left side click the Resident Button. When that opens take the Check Mark OUT of TeaTimer. Close the program and Reboot the computer.

One thing I see is you have at least a portion of Part of Norton AntiVirus 2004 running on the computer, did you use this at one time?
In Running Processes, which were the processes running at the time of the last HJT scan I see this entry;
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe>>>this is Part of Norton AntiVirus 2004
and it is starting as a service as shown by this entry;
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Services are programs that are loaded automatically by Windows on startup.
This portion of the Norton program could be part of the cause for the slowdown.
Did you have Norton Anti-virus on the computer at one time in the past? How did you …

Please print these instructions as they will be needed later when Internet access is not available.

Download SDFix
and save it to your desktop:
Now, double-click on the SDFix icon that should now be residing on your desktop. If a Open File - Security Warning box opens, click on the Run button.
A window will open asking where you would like to install SDFix to.
Do not change anything and press the Install button. This will install the program into the default location of C:\SDFix. At this point, you should not run SDFix, but instead continue to the next step where you will reboot into safe mode.
1. Restart your computer

2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3. Instead of Windows loading as normal, a menu should appear

4. Select the first option, to run Windows in Safe Mode.
Once the computer has booted to Safe Mode, do the following;

Click on the Start button, click on the Run menu option, and type the following into the Open: field:

C:\SDFix\RunThis.bat

Then press the OK button.
The SDFix window will open containing some brief info and a disclaimer on the use of the tool.

If you want to continue, please press the Y key on your keyboard and then press enter. Otherwise, you can press the N key to exit …

Please download RootKit Revealer from Live.Sysinternals and save it to your desktop.

Start RKR, wait about 10 seconds, click Scan, then leave computer untouched until it completes. An idle machine will minimise the possibility of false positive reports caused by changes to the system during the scan. Background processes may still make intermittent changes, but resulting discrepancies tend to be obvious from their registry or filesystem branch; on a re-scan many may not recur.

* Save the discrepancy list to text file as needed.

Using the File->Save dialog, select Desktop for easy location.
Post back here with that log.

Try this; Shut down the computer. DISCONNECT from the internet, completely, actually pull the plug from the computer so it cannot connect or even attempt to connect. Then reboot the computer and try combofix again.
Judy

Go into Safe mode and see if you can delete it.

Download HostXpert
* Unzip HostXpert to your Desktop
* Open up the HostXpert program.
* Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.
* Click Create Back Up
* Then click on Restore Microsoft's Host Files
* Close the HostXpert program

Download ComboFix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.
Once the download is complete you will see the Combofix on the desktop.

*Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.
Doubleclick the combofix icon on the desktop to run the program.

Windows will issue a prompt asking whether you wish to run the program, click Run
You will then see a Disclaimer screen asking you to agree to the disclaimer. Press the number 1 key to accept the disclaimer.

Now just sit back and allow the program to run

Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.

…

Yea that was the one. How are things running? Ok?
If so you can mark this one solved.
Judy

Then things look good to me. How do you think things are going? Ok? If so you can mark this solved.
Judy

Happy to help Jim. I will do some research on the Antivir working ok with other AV's
Though wonder, IT may work ok but what about the other AV?
If you feel all is corrected then you can mark this as solved.
Judy

P.S. sorry, two more fixes needed with HJT.:icon_redface:

Put check marks next to these and then click the Fix Checked Button and exit HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.myidentitydefender.com/smallsearch.html
O3 - Toolbar: (no name) - {BAB8F6DC-41B1-440F-A066-AAC224906880} - (no file)

Happy to help Jim. I will do some research on the Antivir working ok with other AV's
Though wonder, IT may work ok but what about the other AV?
If you feel all is corrected then you can mark this as solved.
Judy

Looks good Mike, were you able to locate that file?
Judy

Looks MUCH better. Keep that AVG on there, updated and scan at least weekly with it.
Do you feel things have been corrected and are working all right?
If so please click the Solved button.
Judy

Hi Tony,
Doesn't look too bad, though I do see references to BitComet which is a P2P file sharing program which is actually somewhat dangerous, can be illegal and can lead to infections.
Do you use this on a regular basis? This is definitely NOT something we encourage here

Hi Azzy77 and welcome to daniweb.
Let's begin with Malwarebytes' Anti-Malware.
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with that log along with a NEW scan log done by HJT
Judy

Mike,
Go into Safe Mode and look for the following;
C:\Program Files\Internet Cleaner\
If you find that entry, delete it.

Reboot to normal mode and then can you run HJT again and put a check mark next to the following entries;

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: Internet Cleaner - {45819E58-6E84-4A5D-BD65-A706981E5BE8} - C:\Program Files\Internet Cleaner\ICleaner.exe (HKCU)
O23 - Service: Window Image Worker (windownetpker) - Unknown owner - C:\Program Files\Internet Explorer\svchost.exe (file missing)

Once you have place the check mark click the Fix Checked button.
Exit HJT.
Reboot and run a new HJT scan and post that log here.
Judy

Ha! I used a firle recommended on another thread called malwarebytes anti-malware, and poof! everything that was messing up my computer is gone, and the internet is working faster. Thanks a lot guys. This was endlessly frustrating. When I'm not a hurricane evacuee, I'll definitely be donating to the site.

Yes this is a marvelous program firebat but I would recommend that you not assume everything is gone until you post that MBA-M log AND delete that OLD HiJackThis version 1.99 and run a new scan with the newest version HiJackThis v. 2.0.2 and post back here with those two logs. This way you can be certain.
Judy

Ok then run a new HJT log and post it back here.
Judy

Please run a new HJT scan and post that log.
Judy

Ok Jim, here is what I think. First of all Antivir IS starting as a service on the computer as are portions of AVG8...BAD idea. You absolutely MUST make a decision on which one you are going to use, AVG 8 or Antivir, you just should not run two real tune monitoring av's at the same time.

When you install most anti-virus programs they often automatically install and enable their real-time monitors.
Now you have attempted to turn off Antivir but as you see, one place you didn't turn it off was Services. Services are programs that are loaded automatically by Windows on startup. These services are loaded regardless of whether or not a user logs on to the the computer and tend to be used to handle system wide tasks such as Windows operating system features, antivirus software, or application servers.

Running two or more real-time anti-virus monitors at the same time is very likely to cause a conflict. That conflict could result in error messages, crashes of the anti-virus programs, or other types of failure....one being allowing infection into a computer. I have seen it happen time and time again. They conflict with each other and then miss something coming into the computer.
It is ok to have more than one anti-virus program installed, and it makes sense to run a scan using a different program from time to time, but you must make sure you only have one real-time monitor enabled at a …

Judy:
I see ZONE ALARM and WINDOWS FIREWALL is turned off. Does it mention what the other one is?
Jim

System Mechanic also has a firewall and an antivirus program with it.
I am going through the Uninstall list and will get back with you after I research some of these listings.

The log doesn't look so good...WHY? Because there is no anti-virus program or firewall.
Where is your anti-virus program? Where is your firewall? You came here because of infection, but you are not running an anti-virus program or a firewall so I can tell you that you WILL be re-infected.
You Uninstall list also does not show an anti-virus program installed on the computer. I asked you in my very first post where these were and you never responded. Where are they and why don't you have these on the computer?

by da way anyone know what cause this error stop:0x0000007e(0xc0000005,0xf89e618e,oxf8b1e850,0xf8b1e54c) ???

This has been answered in your other thread about the same computer. Please stick to one thread and make it that one.

Spywareblaster doesn't run in the background so there should be no conflict there at all.
Run a new HJT scan and post it and I will take another look. Part of the slowness still could be because the drive is so full, not sure.

Have you done a defrag lately? Remember lots of files were moved around during this clean up. Have you emptied your temp files lately? Use ATF-Cleaner to get rid of those.

Then try this free defrag program Auslogic Defrag it works quite well and is faster than the built in defrag.
Don't download anything else but that. Try it and see if that helps. It is also free.

Not a problem we would rather not have to open attachments anyway.
Can you run a new MBA-M scan and fix anything found and then post that log?
Judy

Well I don't see anything ares listed there, but it IS still showing in the log.
You will have to manually look for it to be certain it isn't on the computer.
First look in Start, All Programs and see if you see any of the following.
Ares
Ares Vista
Ares Ultra
If you see any of those look to see if there is an Uninstall listed.
If you don't find them there then look in C:\Program Files\
If you don't see any of them there then those are listings with can be fixed with HJT.
But first see if you can find NoAdware v5.0 in Add/Remove. If you find it Uninstall it.
Then run HJT again and put check marks next to
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\Ares.exe" -h
O4 - HKCU\..\Run: [ares ultra] "C:\Program Files\Ares Ultra\AresUltra.exe" -h
Once you have placed those check marks click the Fix Checked button.
Exit HJT.
Reboot.
Run and new HJT scan and post back here with the log.
Judy

Boy! I will tell you what ces2, you have a very badly infected computer. Some stuff I have honestly never seen before.
Lanfilt.b Trojan>>># Allows its creator unauthorized access to a compromised computer.
# Attempts to disable some antivirus, firewall, and system-monitoring programs by terminating processes.
Troj/MailBot-CE>>>The Trojan may be used to send unsolicited emails from an infected computer.
VideoAccessCodec adware.
Peltodgx Toolbar>>the latest toolbar infection from the zlob group and like its infectious predecessors it has very similar characteristics to all the previous toolbars. Peltodgx Toolbar displays fakes alerts, warnings and links to rogue anti-spyware products.
Alcan Worm.
You also have starting as a service something called Boonty Games which is quite scary really.
Read this from their Privacy Policy

"We also may share payment information with third parties who provide payment services and share aggregate data regarding the type and number of videogames you download, your age, gender, occupation, education level, geographic location, computer equipment data and on-line and video game interests, activities and practices to game publishers. In addition, we share e-mail addresses with third party e-mail carriers who assist us in sending out our e-mails to many of our customers at the same time. Subsidiaries and controlled affiliates are not viewed as third parties for the purpose of data transfers, and hence personal information may be shared within those subsidiaries and affiliates without obtaining additional consent."

Ok, let's try this;
Download
- Pocket Killbox
- ComboFix by …

Looks somewhat better, though you have a lot of unnecessary items running at start up, PLUS I see parts of several antivirus programs in there...which one is your ONBOARD antivirus program?
I see the following;
The Shield Deluxe 2008
ewido security suite
Symantec
So which is it? Pick ONE, and UNINSTALL the others totally.

Do another scan with MBA-M. Be sure to update first then do the scan and have it fix everything it finds. Save that log. Reboot.
Then run HJT again and post that log along with the MBA-M log
Judy

Are you running Smitfraudfix in Safe Mode as directed?

Please re-adjust spacing in your HJT log. It should be single spaced for easier reading.
Please Download ATF-Cleaner.exe by Atribune
Put it on the desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Have you been able to run Smitfraudfix?

Try the MBA-M again after using ATF-Cleaner.

Ok.

After you run that Smitfraudfix, post me a new HJT scan log too please.
Judy

Is this the same computer that you are talking about here in this other thread you have going?
http://www.daniweb.com/forums/thread145175.html

If so, do you have two antivirus programs installed because on that one you said you used avast but this one you note panda, or was that an online scan?
If this is the same computer you shouldn't have two posts going about the same problem on the same computer. Gets confusing for all involved and mistakes can occur.

Looks much better but those Ares listings are still in the start ups but they don't show as running.
Before we run a fix with HJT give me an Uninstall List using HJT.
To do this do the folloiwng;
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file.
Post that back here.
Judy

This is a smitfraud infection. The warning is false but it is caused by an infection.
Download SmitfraudFix (by S!Ri)
Open the file and it will extract the contents (a folder named SmitfraudFix) to your Desktop.
Do Not Run It Yet.

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.

Shut down the computer.

Reboot your computer into Safe Mode.
This is done by rebooting Windows and pressing F8 at boot/Windows startup, usually right after the beep.
Then select Safe Mode from the list.
Open the SmitfraudFix folder again.
Double-click smitfraudfix.cmd.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will …

Did you actually reformat the computer or just install Windows XP "on top of" Windows XP
This error can be caused by any of the following as noted on the Microsoft website;

• If this issue occurs after the first restart during Windows Setup, or after the Setup program is finished, the computer may not have sufficient hard disk space to run Windows.
• If this issue occurs after the first restart during Windows Setup, or after Setup is complete, the computer BIOS may be incompatible with Windows.
• Incompatible video adapter drivers.
• A damaged device driver or system service.
• If the issue is associated with the Win32k.sys file, it may be caused by a third-party remote control program.

To do a reformat and have all these items appear on the computer makes me wonder if either a full reformat/reinstall was done, which should have wiped the drive and taken it back to how it came from the factory or if it was just a repair install which left some nasty items on the computer to leap forward again. OR the programs downloaded were not from the home web sites but shared programs containing infection.

true sword spyware remover

Did you PURCHASE this program? If not then where did you get it? Where did you get the avast av program? Did you download it from the program makers website?
If so why didn't you instead follow the steps given HERE?

HOLY COW Jim! I don't honestly know how you are even able to surf at all!
Well, this log presents an entirely different picture than we have seen before.
I notice several things that really should go.
First of all I see Cyber Defender. This program at one time was listed as a Rogue anti-virus/anti-spy process because of it's false positives and the fact when something was found you would be prompted to download another pay for application for removal of these items. In checking recent reviews it still doesn't get good reviews, plus now it also adds the Ask.com site to search the web. Ask.com "may be"ok for searches, I don't use it myself, but by having this added by a program without your permission this is considered foist wear.
Second item I see is the ZoneAlarm SpyBlocker, included with the Zone Alarm Firewall which ALSO adds the Ask.com site, foist wear again.
I also see System Mechanic Popup Blocker with also says it is part of System Mechanic Pro v.6
The pro version of this program also includes an anti-virus program, a firewall some anti-spy portions and a registry cleaner.
EVERYTHING ABOVE THIS LINE NEEDS TO BE UNINSTALLED IMMEDIATELY
**********************************************************************
Besides all those I also see, running on the computer, AVG 8, an anti-virus program and also AntiVir PersonalEdition Classic another anti-virus program
So....I see at least portions of 4 antivirus programs running on …

Hello YLC12 welcome to daniweb.
You definitely have some serious malware issues showing in your log.
Since you are unable to access Add/Remove or "C" drive (believe me it isn't gone, it just doesn't show right now thanks to these nasties)
First of all please run the Microsoft® Windows® Malicious Software Removal Tool

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

* DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt.
Post back here with the log.
Judy

How do you know it is win32 worm netbooster ?

Ok Mike, there is obviously more working here than shows in any of the logs.
There are a couple "odd" entries, that supposedly are legit listings but I have never seen before in any log that I do question.

Did you place the restrictions shown in this entry? This isn't one of the odd ones, I have seen this before but need to know if YOU did this.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Did you reboot the system IMMEDIATELY after running MBA-M?
Where are you located?
Are you familiar with the following;
Tax Administration of the Republic of Slovenia. ?

I DO need the answers to those questions.

Download Smitfraudfix to the desktop.
* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Double-click SmitfraudFix.exe
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. Go ahead and allow the system to reboot. The …

Looks pretty good Mike.
Did you set the restrictions shown here in your HJT log?

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

I would advise that you download and run ATF-Cleaner by atribune to remove all your temp files.
Download it to your desktop for easy access.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK

If you use Firefox browser, do this also:

* Click Firefox at the top and choose Select All from the list.
* Click the Empty Selected button.
* NOTE : If you would like to keep your saved passwords, click No at the prompt.
Your Java is out of date and definitely should be updated.
Download the OFFLINE install from HERE and save it to the desktop.
Once you have it downloaded then go to Add/Remove and Uninstall ALL previous versions of Java found there.
Reboot your computer.
Then click that Java install icon on the desktop to install the newest version.
Once the install is complete then go back to the Java Download page and on the right side you will see Verify Now. Click that to verify that the installation was complete.
I would recommend that you also download and install a MUST have security program called SpywareBlaster from javacoolsoftware. An EXCELLENT and FREE program …

Hi, I need to see that HiJackThis log. Make sure it is a NEW scan and that it is run with the newest version available. You can obtain that newest version HERE
Be sure that you DELETE or Uninstall ALL older versions of HiJackThis from your computer before using this new one.
Judy

I would advise that you follow the steps given HERE, ignoring the use of DSS and substituing instead a scan with HiJackThis AFTER the first removal steps are complete
Judy

TonyG., you missed the KEY sentence in the instructions for MBA-M

Be sure that everything is checked, and click Remove Selected.

Which I again reiterated in MY instructions yesterday

Be sure to have it Remove everything found.

As you noted, the scan can take a very long time to run, this is why, especially with MBA-M you are instructed to definitely FIX what it finds.

You do NEED to do this ASAP. The longer you wait the more chance of getting more infections on the computer because several of the noted items found by the scan are Trojans
Here is a simple definition of an internet trojan from PC Magazine, note the words that I have bolded.

A program that appears legitimate, but performs some illicit activity when it is run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy programs or data on the hard disk. A Trojan is similar to a virus, except that it does not replicate itself. It stays in the computer doing its damage or allowing somebody from a remote site to take control of the computer. Trojans often sneak in attached to a free game or other utility.

Judy