Please run Combofix again
after you removed one of the antivirus programs. Please note that we ask that all security be disabled when running Combofix> that means antivirus, firewall and antimalware programs. One the program is on your desktop, you can safely go offline to run it without the security programs running.
Please reopen HijackThis to
'do system scan only.' Check each of the following if present:
C:\Program Files\Viewpoint\Common\ViewpointService.exe
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll
O4 - S-1-5-18 Startup: PowerReg Scheduler V3.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: PowerReg Scheduler V3.exe (User 'Default user')
(Note: The PowerReg Scheduler is added by the PowerReg
adware program.)
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Optional:
GoToAssist allows their support personnel to "Instantly view and control customer computers with secure, easy-to-use GoToAssist® remote-support technology."
Since you are posting the problem on a free internet computer forum, it would appear that you do not use this service and do not need it to run. This is a legitimate entry and removal is optional. If you o decide to stop oit, the Service Startup[ entry should be disabled.
Close all windows except for HijackThis and click on
"Fix Checked."
=========================
Run Eset NOD32 Online AntiVirus Scanner HERE
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the Active X control to install
- Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
- Click Start
- Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
- Click Scan
- Wait for the scan to finish
- Re-enable your Antivirus software.
- A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
====================================
Regarding file sharing programs and malware: it only takes one time to have the system get infected. As ling as
uTorrent and BitLord are installed on your system, you are vulnerable,
I notice you have an entry in Documents and settings for Application Data\PopCap. You should know that the PopCap games have a high record of leaving malware on systems.
=========================
If you find the system slow, take all of the media programs off of Startup. then call the program up as you need it.
Real Player
Cyberlink
MusicMatch
WinAmp
Samsung Media
Picassa
iTunes
HP Imaging
Kodak camera
iPod
Nero
Sonic
QuickTime
Please leave the new Combofix report and Eset online scan log in your next reply.