Help! Trojan attack!

After several days of my AVG free edition catching files infected by Trojans, off & on, today I completed everything in the list found on the "How to: Spyware, Trojan And Virus Removal" thread. I have downloaded Hijack This, but have not ran it or posted it yet, as I believe the thread said to wait until I was asked to. The last 3 Trojans my AVG detected before running all the scans suggested by magorgeeks were Dropper.Agent.4.AH, Dropper.Small.12.S, & Downloader.Dyfica.3.R. What do I do next? Do I run AVG again since I finished everything else up to the point of HijackThis? Or do I run HijackThis now, just in case? Can I go ahead and turn my System Restore back on now?
As a side note: This is my son's computer, and he is constantly online chatting & playing RPG's. It runs Windows XP SP2, has a cable modem, has window's firewall & zone alwarm - AVG free - ad aware - & ccleaner. Need any more info? Which security, clean-up, anti-spyware things should I be sure to run on a daily/regular basis? He continues to have problems with Trojans on a regular basis!
Thanks so much for any suggestions/advice!

 

First, disable Windows Firewall if your are using ZA as running 2 firewalls will cause conflicts.

Dont turn System Restore back on until you are 100% clean!


http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

HijackThis logfile attatched. Thanks!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Media Access

Viewpoint

Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

MediaAccK.exe

ViewMgr.exe

MediaAccess.exe

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll

O4 - HKLM\..\Run: [l68f241d] C:\WINDOWS\system32\l68f241d.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c10.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Media Access ←–– Delete this whole folder if it exist!

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

C:\WINDOWS\system32\l68f241d.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Here's my latest HijackThis logfile after all suggestions completed. Not really sure how things are running yet at this point, as I've been trying to get suggestions finished. Should know here soon once my son gets back on here and starts surfing. Any other/further suggestions for improved security?
Thanks!

 

Your HJT log is clean!

Are you having any further problems?

 

bjgarrick Every thing is running great again all clean,Thank's for helping us out again ,I sent a email to you through tim (administerator) We would like you and all at Mg to know that You all are the greatest Chuck Thanks again.

 

Your Welcome!

You should see this article on How to Protect yourself from malware!