Hi,
You are running an outdated version of HijackThis.
You can obtain the latest version from the link in my signature. You should also rename the executable file to something like analyze.exe. This is because some malware are known to hide from HijackThis scans.
You may wish to copy and paste these instructions on notepad for easier reference later.
Boot into safe mode under your normal user name. See how
HERE
Next turn on "Show all files and folders, including hidden and system". See how
HERE
Go to start > run and type services.msc. Press the enter key.
Search for the following services. Double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.
Viewpoint Manager Service
ZTgServerSwitch
Go to start > Control Panel > Add and Remove Programs.
Remove anything related to the following:
Viewpoint Manager/Media etc
After that,
run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked"):
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O4 - Global Startup: PowerPanel.lnk = ?
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Close HJT.
Navigate in Windows Explorer and delete the following
files and
folders in
bold.
c:\program files\
support.com\
C:\Program Files\
Viewpoint\
Reboot into normal mode and rehide your protected OS files.
Thereafter, please post fresh HJT, ComboFix and AVG Antispyware logs from normal mode as attachments into this thread. The utilities can be downloaded from the links in my signature.
Regards,
Your friendly momok =)
This thread is for the use of Red Bokowski only. Please don't post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.