Hi there!
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.
Stop Potentially Runnning Processes
Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Viewpoint Toolbar
Viewpoint Manager
WinFixer
WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.
WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below. For a safer alternative please see Herehttp://www.theweathernetwork.com/inter/weathercentre/index.htmhttp://www.theweathernetwork.com/inter/weathercentre/index.htm -Related entries will be also in orange-
Stop NT Service
Part1
Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R3 - Default URLSearchHook is missing
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ICQ Lite Messenger] ICQLITE.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [sm] C:\WINDOWS\sa_exe.exe
O4 - HKLM\..\Run: [Search Bar] C:\WINDOWS\taskbar.exe
O4 - HKLM\..\Run: [Mjjdcj] C:\Program Files\Abxrzq\Zuhxxit.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c5.cab
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Program Files\Viewpoint\Viewpoint Toolbar\
C:\Program Files\Viewpoint\Viewpoint Manager\
ICQLITE.EXE <--search for via "Start | Search"
C:\Program Files\WildTangent\
C:\WINDOWS\sa_exe.exe
C:\WINDOWS\taskbar.exe
C:\Program Files\Abxrzq\
C:\Program Files\WinFixer 2005\
C:\PROGRA~1\AWS\
C:\WINDOWS\svchost.exe <--Must be in the WINDOWS folder and NOT System32 folder
Reboot your system in Normal Mode.
Further Scanning
Please run a Scan at the Following site
Panda ActiveScan
Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here
Please post a fresh HijackThis log & the Log from Panda so that we can check if your system is clean.
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.
View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.
Stop Potentially Runnning Processes
Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
Viewpoint Toolbar
Viewpoint Manager
WinFixer
WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.
WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below. For a safer alternative please see Herehttp://www.theweathernetwork.com/inter/weathercentre/index.htmhttp://www.theweathernetwork.com/inter/weathercentre/index.htm -Related entries will be also in orange-
Stop NT Service
Part1
- Click Start>Run, type services.msc into the Open editbox and click the Ok button.
- Locate the " Power Manager " service and double-click on it to open the Properties dialog.
- Click the Stop button.
- In the Startup type dropdown select Disabled.
- Click the Apply button and then the Ok button.
- Close the Services window
- Click Start>Run, type cmd into the Open editbox and click the Ok button.
- Copy/paste the line below into the Command Prompt window and press the Enter key:
- sc delete PowerManager
- Close the Command Prompt window
Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)
R3 - Default URLSearchHook is missing
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ICQ Lite Messenger] ICQLITE.EXE
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [sm] C:\WINDOWS\sa_exe.exe
O4 - HKLM\..\Run: [Search Bar] C:\WINDOWS\taskbar.exe
O4 - HKLM\..\Run: [Mjjdcj] C:\Program Files\Abxrzq\Zuhxxit.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/M...e/bridge-c5.cab
O23 - Service: Power Manager (PowerManager) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
Please remember to close all other windows, including browsers then click Fix checked.
File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Program Files\Viewpoint\Viewpoint Toolbar\
C:\Program Files\Viewpoint\Viewpoint Manager\
ICQLITE.EXE <--search for via "Start | Search"
C:\Program Files\WildTangent\
C:\WINDOWS\sa_exe.exe
C:\WINDOWS\taskbar.exe
C:\Program Files\Abxrzq\
C:\Program Files\WinFixer 2005\
C:\PROGRA~1\AWS\
C:\WINDOWS\svchost.exe <--Must be in the WINDOWS folder and NOT System32 folder
Reboot your system in Normal Mode.
Further Scanning
Please run a Scan at the Following site
Panda ActiveScan
Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here
Please post a fresh HijackThis log & the Log from Panda so that we can check if your system is clean.