Cleaning System

First please remember to remain in ONE thread for your problems! I merged your two threads together so we would have all logs in one location.

Second you should NEVER post in pieces. You should complete ALL of the READ ME and then attach all logs. Doing what you did has cost you 3 days of waiting time because each time you added another message, you sent yourself to the bottom of the waiting queue. What you are doing is called "bumping". In this forum, bumping does not bump you to the top, it bumps you to the bottom.


Note: You did not follow the directions in step 7 to put yourself into Normal Startup mode. You are using MSconfig to control startups and you are in Selective Startup mode.

 

Okay let's continue!

You were supposed to uninstall the below in step 0 of the READ ME:
Viewpoint Manager (Remove Only)
Viewpoint Media Player

Uninstall them now. Also while in Add/Remove programs uninstall the below olde versions of Sun Java:
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment, SE v1.4.2_03

Now install the current version of Sun Java from: Sun Java Runtime Environment

You are also using SpywareBlaster v3.4 which is out of date. You need to install the current version and update it from: SpyWare Blaster


Now make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [diettdyf] C:\WINDOWS\System32\diettdyf.exe
O4 - HKCU\..\Run: [diettdyf] C:\WINDOWS\System32\diettdyf.exe

After clicking Fix, exit HJT.
Now copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\diettdyf.exe
C:\WINDOWS\system32\clcbt.exe

Also delete all files in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\Documents and Settings\Owner\Local Settings\Temp

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

You're welcome. Since you have reinstalled, you should work thru the below:

How to Protect yourself from malware!