Hi,
*Click Start > Control Panel > Add or Remove Programs and uninstall the items I listed in bold if found.
Ewido
Ewido is now called AVG AntiSpyware. If you have the paid version of Ewido, I suggest that you upgrade it and use it to scan your system later. If not, please uninstall it and I'll ask you to download a newer version.
*Reboot
_________________
*Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
- Install AVG Anti-Spyware by double clicking the installer.
- Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
- On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
- Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
- Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update AVG Antispyware.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update. Do not use it yet!
*Download ATF Cleaner by Atribune
Do not use it yet.
_________________
*Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware.
If you decided to remove Viewpoint,
Please download Viewpoint Killer
- Save it to your Desktop
- Create a new folder in your desktop by right clicking on the background > New > Folder > name the folder Viewpoint Killer
- Unzip the contents of the zip file to the newly created folder.
- Open the Viewpoint Killer folder then run ViewpointKiller, and select File > Do All Killings.
- Follow the prompts, selecting Yes or No, depending on which selection you are most comfortable with.
- A logfile will be created in the folder you unzipped ViewpointKiller to, please copy and paste the contents of the logfile here.
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O4 - HKLM\..\Run: [MSConfigh] c:\temp\svchost.exe
O19 - User stylesheet: (file missing)
O23 - Service: Indexing Helper (Indexingboxs) - Sydinar Software - c:\temp\svchost.exe
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
_____________________
You may want to print these instructions here or save them in notepad since you'll work offline.
Reboot into Safe Mode.
To enter Safe Mode..
Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.
*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type delservices.bat in the File name and save it to your desktop.
Code:
@echo off
sc stop Indexingboxs
sc delete Indexingboxs
Locate delservices.bat on your Desktop and double-click on it.
*Using Windows Explorer, find and delete these files:
c:\temp\svchost.exe
C:\DUP2.EXE
C:\tempsc\wzyyy.exe
C:\WINDOWS\SYSTEM\svchesta.exe
Delete the following foldeR:
c:\windows\uniq
C:\Program Files\TClock
delete the following folder if you uninstalled ewido:
C:\Program Files\ewido anti-malware
Empty your Recycle bin.
______________________
*Important: Make sure all your browsers are closed before running ATF Cleaner..
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
If you use Firefox browser
- Click Firefox at the top and choose:Select All
- Click the Empty Selected button.
- NOTE: If you would like to keep your saved passwords, please click
- No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
- Click the Empty Selected button.
- NOTE:If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
*Please run AVG AntiSpyware, and run a full scan as follow:
IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.- Launch AVG AntiSpyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
- Close AVG AntiSpyware.
- Reboot to normal mode.
On your next reply, please post a fresh HijackThis log, AVG antispyware log, viewpoint killer log and a description on how your machine is running.
Suspicious files on taskbar and hard drive
