Trojan's have breached the walls

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 6
Now install the current version of Sun Java from: Sun Java Runtime Environment

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=????
F3 - REG:win.ini: run=????
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O2 - BHO: (no name) - {35E2D7BF-5B72-4C27-9D59-9446420ECDE2} - (no file)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ss_cdt_setup.exe <--- Actually it would be best to delete all files in this Temp folder.:

Now run Ccleaner.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You MUST follow the directions in the READ ME. You have Spybot's Teatimer running which we specifically indicate that you must not use. Because of this, some items I asked you to fix did not get fixed.

Now Disable Spybot's TeaTimer

• Run Spybot and click Mode
• Select Advanced Mode.
• Then click Tools and select Resident.
• Now in the right window pane, uncheck TeaTimer.
• Also while this is open, in the left column now select IE Tweaks
• and then in the right pane make sure all the Miscellaneous locks are unchecked.
• Now quit Spybot!

In addition, you have SpywareGuard, Windows Defender and AOL Spyware Protection running. If you plan on keeping AOL Spyware Protection, you must uninstall SpywareGuard and Windows Defender. Only one of these three should be installed. So uninstall any two of these now before continuing. (I would recommend that you only keep either Windows Defender or AOL Spyware Protection which are more current).

Yes you did download it and you had it when you started the procedure. See your PandaActiveScan log. This is the file I had you deleting in my previous message.

Now run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: load=???
?
F3 - REG:win.ini: run=???
?
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - (no file)
O2 - BHO: (no name) - {35E2D7BF-5B72-4C27-9D59-9446420ECDE2} - C:\WINDOWS\system32\fxsp50.dll (file missing)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\Owner\LOCALS~1\Temp\2006101601917_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\200610160193_mcinfo.exe /insfin
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)m.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/05f6fa4c8d7b760f1d16/netzip/RdxIE601.cab


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete (if found):

C:\Program Files\Acceleration Software <--- The whole folder
C:\Program Files\AWS <--- The whole folder

Now run Ccleaner.

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode

Now attach the below new logs and tell me how the above steps went.

1. HJT
2. ShowNew

Make sure you tell me how things are working now!

 

A bunch of items I asked you to fix with HJT are still there:

You need to get these fixed. This time let's disable Windows Defender before fixing them. Perhaps it is getting in the way. So do the below first:

Disable Windows Defender:

• Open Windows Defender
• Click Tools
• Click General Settings
• Scroll down to Real Time Protection Options
• Uncheck Turn on Real Time Protection (recommended)
• Close Windows Defender

Once your log is clean you can re-enable Windows Defender Real Time Protection.

Then use HJT to fix the lines given above. Then reboot into safe mode and delete the below file:

C:\WINDOWS\system32\mljjk.exe

After reboot attach new logs from ShowNew and HJT.

I'm not sure that any of this is malware related especially whatever it is that you are referring to with online games.

 

These also do not sound like malware. They sound more like hardware or hardware driver related problems.

 

Probably because you did not really get the C:\WINDOWS\system32\mljjk.exe file deleted. It is still there. Look for yourself in the newfiles.txt log. Let's take another approach to deleting these files.

Yes but it may be a good idea to wait until we finisih removing any remaining malware to make sure symptoms do not change.


Download a tool we will need - Pocket KillBox

Extract it to its own folder somewhere that you will be able to locate it later.
Now run Pocket Killbox by doubleclicking on killbox.exe
Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
Then after it deletes the files click the Exit (Save Settings) button.
NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\mljjk.exe
C:\WINDOWS\system32\hlpbhn.dll

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.

If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).
If Killbox does not reboot just reboot your PC yourself.

Now attach the below new logs and tell me how the above steps went.

1. ShowNew

Make sure you tell me how things are working now!

 

Only files that are foud show in blue. This means the mljjk.exe file was not found and that something had deleted it already after you had posted the previous newfiles.txt log which still showed it.


Your log is clean. If you are not having any other malware problems, it is time to do our final steps:

1. If we used Pocket Killbox during your cleanup, do the below
   • Run Pocket Killbox and select File, Cleanup, Delete All Backups
2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
3. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
4. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
5. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
6. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
7. If you are running Windows XP or Windows ME, do the below:
   • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
8. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

A format was not necessary if you have your Windows boot CD. You could have just restored the file by booting to the Recovery Console.

Well if you did a format and reinstall, your malware and everything else is gone accept for what you reinstalled. We were basically done anyway accept for the final steps I gave you to cleanup all the temp stuff created during the removal process.

 

ShowNew is not a malware scanning tool! It is just a program to list new files that appear in a particular list of folders on your PC and it all lists installed programs from the registry. Simply using a log from ShowNew alone provides no guarantees as to whether a PC is free from malware. I will just state that in your log I see nothing of concern, but all that means is that from the things that it lists I did not see anything.

Since you have formatted, be sure to follow the steps in the below:

How to Protect yourself from malware!