Delete all files in AVG Antispyware quarantine.
Go to add remove programmes in your control panel and uninstall anything to do with(
if there).
Viewpoint
viewpoint toolbar
viewpoint manager.
Close control panel.
Click start/run and type services.msc into the run box and press the enter key.
When the window appears, maximise it. Double click on the following services(
if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Viewpoint Manager Service
Close the services window.
Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..
Pay particular attention to this :-
Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:
File::
C:\temp\VirtumundoBeGone.exe
C:\temp\ccsetup201.exe
C:\temp\aaw2007.exe
C:\temp\spybotsd15.exe
C:\temp\avgas-setup-7.5.1.43.exe
C:\temp\CFP_Setup_English_2.4.18.184.exe
C:\WINDOWS\system32\ljjkihh.dll.vir
C:\Program Files\setuplog.txt
C:\WINDOWS\msagent\pimoc.bak1
C:\WINDOWS\msagent\pimoc.bak2
C:\WINDOWS\system32\kbdcht.dll
C:\WINDOWS\system32\pmkjj.dll
Folder::
C:\VundoFix Backups
C:\qoobox
C:\Program Files\Viewpoint
C:\PROGRA~1\MYWEBS~1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5429f471-878f-4521-9ef8-a82424f31642}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0D758CD-DC95-4A30-86B1-818A457AD5E1}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjj.dll
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
Save this as
CFScript.txt
Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.
Regards Howard
This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.