Completed Guide, Desktop problems and balloons on taskbar, log files

You need to attach the log from BitDefender online scan as requested in the READ ME. Then continue on with the below instructions.


Uninstall the below software:
Java 2 Runtime Environment, SE v1.4.1_02
Viewpoint Media Player <-- should have been uninstalled in step 0 of the READ ME

Make sure you reboot after uninstalling the above!

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


Now fownload this file - combofix.exe

1. Double click combofix.exe & follow the prompts.
2. When finished, it will produce a log for you. Attach this log to your next reply

Note:

Do not mouseclick combofix's window while it is running. That may cause it to stall.


Now attach the below new logs and tell me how the above steps went.

1. GetRunKey
2. ShowNew
3. HJT
4. and the ComboFix log

Make sure you tell me how things are working now!

 

If CounterSpy is the free trial version from the READ ME, uninstall it now since you don't need it anymore.

Also if you had just installed SuperAntispyware when these problems started, you can also uninstall it to help speed things up.

Okay now you need to re-run AVG Antispyware and Quarantine or Delete everything it finds. You Ignored everything last time and there is no sense in running the scans unless you fix the problems. Attach a new log from AVG AS after this new scan. Then continue with the below steps (some of the items given below may no longer be found after running AVG AS again).



Run HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {30693F88-D76F-F8ED-1863-8D8DB922D5EE} - C:\WINDOWS\System32\gnhmjimi.dll (file missing)
O2 - BHO: (no name) - {9F3CB831-3ABE-4912-AD94-8F532FB89689} - C:\Program Files\Messenger\mexoba83122.dll (file missing)
O2 - BHO: (no name) - {E26CEADA-67B0-4543-BE8B-307F00265118} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\System32\regscan.exe
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {DD8C9372-35FD-4F7D-8CE4-909ABCFAB2C5} - ms-its:mhtml:file://c:\\nores.mht!http://adxtnet.net/code/chm/xpre.chm::/xpreload.ocx

After clicking Fix, exit HJT.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Check the 'Input script manually' box.
• Click on the magnifying glass icon.
• Copy everything in the Quote box below, and paste it in the box that opens:

• Now click the 'Done' button.
• Click on the traffic light icon and OK the prompt.
• You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt

Now run Ccleaner!

Now attach the below new logs and tell me how the above steps went.

1. Avenger
2. GetRunKey
3. ShowNew
4. HJT

Make sure you tell me how things are working now!

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 8 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

All protection software will have an effect of system performance. It is a necessary evil. While AVG Antispyware is in its trial period, it provides active realtime protection. Once the trial is over, it is only a scanner unless you buy it. Are you planning on buying Ad-Aware 2007? If not it is a resource hog that is not worth having.

You forgot 2 logs:

1. the new AVG Antispyware log
2. the new ShowNew log

Also did you forget to fix the below line with HJT? Or did it come back?
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

 

You still have not attach the requested logs.


My final steps will give you free tools to use and there are firewalls in the list too. But I need to see the last two logs to be sure you are clean.

You also need to fix the below line from HJT. I did not notice on my quick look last time. I also asked you to fix this previously.
O2 - BHO: (no name) - {9F3CB831-3ABE-4912-AD94-8F532FB89689} - C:\Program Files\Messenger\mexoba83122.dll (file missing)

You should make sure this and the O2 - BHO line from message # 9 are fixed then attach a new HJT log so I can be sure.