Very important: Before deciding whether to clean or reformat your system, read this thread and decide what you want to do.
If, after reading the above thread, you decide to clean your system, please do the following.
Boot into safe mode, under your normal user name (not the administrator account). See how HERE.
In Windows Explorer, turn on "show all files and folders, including hidden and system." See how HERE.
Go into Add/Remove programs in your control panel and remove anything relating to the following:
Viewpoint
MyWebSearch
SpyHunter<--this is a rogue anti-spyware program
You should also uninstall UltraVNC if you didn't install it yourself or if you don't use it. It's best not to have remote control software installed unless you actually use it.
Now delete the following
bold files and folders (if there):
C:\Program Files\
Viewpoint<--delete the entire folder
C:\Program Files\
MyWebSearch<--delete the entire folder
C:\Program Files\Enigma Software Group\
SpyHunter<--delete the entire folder
sinstaller.exe<--search your system for this file and delete all instances found.
C:\Program Files\
screensavers.com<--delete the entire folder (don't worry if it's not there)
Now have HJT fix these entries (if there):
R3 - URLSearchHook: ScriptInocUI Class - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm035YYUS
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Fix all of the O17 entries as well,
only if they don't belong to your ISP.
Now reboot into normal mode and rehide your protected files.
I see that you set AVG Anti-spyware to ignore certain items. You need to have it set all elements to "recommended action."
HERE is a pictorial guide to AVG Anti-spyware if you need help with it.
Now post fresh HJT, ComboFix, and AVG Anti-spyware logs
as attachments into this thread. Also let me know if AVG Antirootkit finds anything.
Regards
This thread is for the use of diraek only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in the Security and the Web forum.