Open HijackThis and select
Do a system scan only.
Place a check mark next to the following entries: (if there)
- R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
- O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeImportant: Close all windows except for HijackThis and then click
Fix checked.
Exit HijackThis.
----------
Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your systemDelete these files/folders, as follows:
1. Go to
Start >
Run > type
Notepad.exe and click
OK to open Notepad.
It
must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing
Ctrl+CKillAll::
File::
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
3. Go to the Notepad window and click
Edit >
Paste4. Then click
File >
Save5. Name the file
CFScript.txt - Save the file to your Desktop
6. Then drag the
CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below.
Important: Perform this instruction carefully!
ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.Note:
Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze