Yet another AxFreePorn dialer problem

I've skimmed through some other threads and it seems like this problem can only be dealt with on a case-by-case basis. I've been having this problem for a week or two now, and it's rather frustrating. Some help would be much appreciated

I've run the HijackThis program like other users have advised others to do, and here is the report:

 

Welcome to WindowsBBS pleiades

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

• Install AVG Anti-Spyware by double clicking the installer.
• Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
• On the main screen under Your Computer's security.
  • Click on Change state next to Resident shield. It should now change to inactive.
  • Click on Change state next to Automatic updates. It should now change to inactive.
  • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
  • Wait until you see the Update succesful message.
• Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

• Click on Scanner on the toolbar.
• Click on the Settings tab.
  • Under How to act?
    • Click on Recommended Action and choose Quarantine from the popup menu.
  • Under How to scan?
    • All checkboxes should be ticked.
  • Under Possibly unwanted software:
    • All checkboxes should be ticked.
  • Under Reports:
    • Select Automatically generate report after every scan and uncheck Only if threats were found.
  • Under What to scan?
    • Select Scan every file.
• Click on the Scan tab.
• Click on Complete System Scan to start the scan process.
• Let the program scan the machine.
• When the scan has finished, follow the instructions below.
  IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
  • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
  • At the bottom of the window click on the Apply all Actions button. (3)
• When done, click the Save Scan Report button. (4)
  • Click the Save Report as button.
  • Save the report to your Desktop.
• Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot. Post the contents of the AVG report.

Download FindAWF from the link below, saving to the desktop.

http://noahdfear.geekstogo.com/FindAWF.exe

Double click it to run and follow the prompts. Please post the contents of the AWF.txt log it creates.

 

Thanks for helping me out!

My report scan is:

and the second one looks like this:

 

Wow, AVG missed all of the following infected files.

C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe

Please create a new zip file, then place a copy of each of the above files into it and submit it to the following link.

http://www.bleepingcomputer.com/submit-malware.php?channel=22

Then check the processes tab of Task Manager to see if any of the above files are running. End Process on them if they are. Now go to each of the above directories and delete the file. You will find a bak folder in each directory that contains the original file(s). Copy (do not move or cut) those files from the bak folder into the original directory, effectively replacing the rogues you just deleted. If there are files other than the ones listed above in the bak folders, do nothing with them just yet.

If there is an Instant Access icon on the desktop delete it.
If there is an AxFreePorn connection in your network connections, delete it.

Download ATF Cleaner by Atribune and save it to your Desktop.

http://www.atribune.org/ccount/click.php?id=1

Double click ATF-Cleaner.exe to run the program.
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
Recycle bin


The rest are optional - if you want it to remove everything it can, check "Select All ".
Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.

If you use the Firefox or Opera browsers, you can use this program to clean out their temporary files as well.

When you have finished, click on the Exit button in the Main menu.

Reboot.

Run FindAWF again and post the log, along with a new HijackThis log.

 

Thank you so much for helping me out =D

 

Well done! Thank you for the files.
Just a few more to do. Copy the following files from the bak folders to their original folders (up 1 directory).

C:\WINDOWS\system32\bak\hkcmd.exe
C:\WINDOWS\system32\bak\igfxtray.exe
C:\Program Files\Analog Devices\Core\bak\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\bak\mcupdate.exe

Once done, you can delete all of the bak folders and their contents.

Scan again with HijackThis and place a check next to the following entries, close all other window and click Fix Checked.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - AppInit_DLLs:

Reboot and post 1 more fresh HijackThis log.

 

Done!

 

Looks good. Is your computer behaving properly now?

You should open the Java applet in the control panel and check for updates. Once updated, remove the older version (all old versions) from add/remove programs.

 

Yes, it is. Everything seems to be working okay, now! Thank you so much for all your help