I was able to run MBAM on my desktop and here’s the log. I’ll have to post it in a few sections since it’s entirety exceeds the 10000 limit.

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6367

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15/04/2011 14:03:31
mbam-log-2011-04-15 (14-03-31).txt

Scan type: Quick scan
Objects scanned: 164601
Time elapsed: 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 760
Registry Values Infected: 32
Registry Data Items Infected: 7
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) → Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) → Quarantined and deleted successfully.

On second thought, there were 806 infected items (I think) and the log was 53 pages long in Word. If you really want to see it all I will post it, but otherwise I’m not sure it’s worth the time and effort.
Thanks!

Wooo Hoooo !

What a list. 8)

I see you had MBAM delete everything. Okay. Save the log to disk in case essex wants it to take a look.

Did you run MBAM in Safe Mode or in Normal Mode?
If you can run it in Normal Mode, please run it again - and again post the log, please. Should be somewhat shorter now.

I restarted the computer normally and ran the program again. It didn’t find anything. Here’s the log:
Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6367

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/04/2011 18:12:50
mbam-log-2011-04-15 (18-12-50).txt

Scan type: Quick scan
Objects scanned: 167075
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

However, I still can’t run Firefox. I keep getting that same pesky message.

Well, the log is one point for us. ;D

What is the message?

About the proxy?

Check FF settings, make sure they look like the screenshot.

However, even if we manage to get you online again: still follow essexboy’s instructions and come back here! I’m no expert on malware, and it is vital to close this thread with essexboy! (Many users just vanish too early and we’ll see them back here in a week or two and start all over…)

Doing well ;D The IFEO’s were a major part of the problem with programmes not running properly

I should imagine there are still some miscreant folders hiding in the user folders

Thanx…

YEAH!!! That did it. We can now get on the Internet using Firefox! As you suggested, I’ll run the other 2 programs essexboy suggested. Thanks again!

Team effort Boyo ;D

OK, essexboy, here is the log from Roguekiller:
RogueKiller V4.3.8 by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRKgmailcom
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Judith&Yuda [Admin rights]
Mode: Scan – Date : 04/15/2011 22:21:09

Bad processes: 0

Registry Entries: 3
[PROXY IE] HKCU[…]\Internet Settings : ProxyEnable (1) → FOUND
[PROXY IE] HKCU[…]\Internet Settings : ProxyServer (http=127.0.0.1:25384) → FOUND
[HJPOL] HKCU[…]\Explorer : DisallowRun (1) → FOUND

HOSTS File:
127.0.0.1 localhost

OK you still have a bad proxy in IE - I will remove that using OTS

Looks like we made one man happy.
I am very strongly tempted to change my nick to “Flash Gordon (Saviour of the Universe)”… ;D

I am very strongly tempted to change my nick to "Flash Gordon (Saviour of the Universe)"...

Well, Judith and Yuda,
once we’re through with this, I strongly recommend that you setup a second restricted user account for everyday work & fun.
Also pay a little more attention to where you surf and what you click on.
Don’t follow any links that were sent to you by email by clicking on them, even if you know the person the mail is coming from. Be careful when you are sent any attachements via email (especially .pdf and of course .exe and .com and .bat), if you are not 100% sure about the origin of the attachement.

Keep Avast up to date at all times.

…there is this “aka”-thing in the nick. ;D You should be able to handle it.

The OTS log is too long to post - over 9000 words. Is there another way I could send it to you?

Even better: attach as .txt file.
Click on “additional options” in the post editing screen to upload.

Yep attach it is much easier (for me ) ;D

This is Susan. Someone who once worked on our computer set up the Judith & Yuda user names…
Steven, please be more specific about setting up a second, restricted user account. How do I do this? Should we ever access the Judith & Yuda account? When? Should we delete it?
Also, why are .pdf files so dangerous?

Hi Susan - if you do not use those accounts then they can just be deleted

We will discuss limited user accounts once we are sure you are clean ;D

Could you attach the OTS log please - do you know how to do that ?