Posts by dlh6213

Follow the instructions here to install XP:

http://www.daniweb.com/techtalkforums/thread6632.html

Probably a hardware error, some possibilities are listed here:

http://support.microsoft.com/?kbid=329284

I don't see anything in your HijackThis log that would cause this behavior. My first thoughts would be:

Note: Use appropriate precautions to prevent damage via static electricity when working inside your computer.

Overheating --
You mentioned having three fans, but are you sure they are all operating properly (the CPU fan in particular)?
Has the case interior been cleaned lately?

RAM problems --
Have you added any RAM recently? There could be an incompatibility issue.
Could be a bad RAM slot, try moving the RAM to other slots (if you have any available).
Or, your RAM could be going bad, in which case you would need to replace it.

To fix the Task Manager, you can try an in-place upgrade (aka repair installation) for XP; instructions can be found here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;315341&Product=winxp

Follow these steps to remove LimeWire:

Open the LimeWire folder.
Open the folder UninstallerData.
Double click the Uninstall LimeWire icon (or something similar).
Follow the on screen prompts to uninstall the program.
Go to C:\Program Files and delete the LimeWire folder.

Set a System Restore Point, to prevent trouble if you make a mistake.
Go to Start, Run, type regedit in the box, and hit Enter.
At the top of the Registry Editor window, click on File, and then Export. In the Export range panel (at the bottom), click All, give the file a name, and then Save your registry as a backup to a location where you will be able to locate it easily if necessary.

Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\limeshop, delete it and reboot the machine immediately.

Remove these registry items (if present) with RegEdit:
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\limeshop preferences
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9e11dbbf317d89b4f92af7d63ab22d26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a8cebe6cec02c7d40a450c6455a6ad2e
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\c0da82cffcfbb79419d1189c955ee262
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\limeshop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bet.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\browserpage.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.jar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\money.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\root\magnet10\options.js
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limeshop.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limewire
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\microsoft\internet explorer\menuext\limeshop preferences
HKEY_USERS\s-1-5-21-725345543-1078145449-1343024091-500\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire
Exit Regedit.

Remove these directories (if present) with Windows Explorer:
…

Thanks, Cat, that helps :) But I still liked the 'Advanced Search' we used to have.

I don't see a 'Search Forum dropdown,' how do we access the 'Advanced Search' option now?

I didn't change anything when it started happening, nor did I make any changes when it went back to normal several hours later. I'm not sure what happened, but thanks for letting me know about that 'Display Modes' button, I never noticed it before.

You still need to get the Windows Updates for XP and IE, at least SP1.

Scan with HijackThis and have it fix the following:

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Close any open windows, other then HijackThis, and hit Fix checked.

Go to C:\WINDOWS\web and delete related.htm

Reboot, close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

Hi Speshul_K, welcome to DaniWeb :D

It looks like you've already done a lot of the right stuff. Go to Add/Remove programs in your Control Panel and remove (if present):

Kontiki
Viewpoint (or Viewpoint Toolbar, ViewBar, Viewpoint Manager, ViewMgr, or something similar)

Reboot into Safe Mode and do a complete system scan with Ewido (even if you've already done so). Note: you will be posting the log from this scan with your next reply.

Still in Safe Mode, have HijackThis fix the following entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.red.clientapps.yahoo.com/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.red.clientapps.yahoo.com/...//www.yahoo.com
O2 - BHO: ZIBho Class - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Kimmy\LOCALS~1\Temp\sysnet.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
If you didn't put this in your Trusted Zone yourself, have HJT fix this O15 entry --
O15 - Trusted Zone: http://www.gamesville.lycos.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 …

Hi Valiant_aleksei, welcome to DaniWeb :D

I'm surprised the shop that worked on your computer didn't install any updates for XP or IE, but that should be the first thing you do.

Follow the recommendations in the links below to help you get your system cleaned up a bit; download Ewido (link in the Cleanup link), scan with it in Safe Mode, and post the log in your next reply along with a new HijackThis log.

Sorry I missed the stb.exe; I saw it there but forgot to include it I guess.

If qlink32.dll comes back again, follow the instructions in post #6 of this thread:
http://www.daniweb.com/techtalkforums/thread28196.html

If it remains after that, try the removal instructions here:
http://www.symantec.com.br/avcenter/venc/data/adware.linkmaker.html
(Be sure to backup the registry first as recommended.)

Thanks for posting your 'solution,' maybe it will help someone else :)

You should get the latest updates for XP and IE (at least SP1). Check out the links below for more tips on keeping your system clean.

Please don't do this (see attachment). I totally avoid sites that do this because it is so cumbersome to review threads.

I would find this helpful as well :)

Sorry you've been getting overlooked :(

Go to Add/Remove Programs in your Control Panel and remove (if present) SurfSideKick (or something similar).

Reboot into Safe Mode.

Run a full system scan with Ewido, allowing it to fix whatever it finds (note: you will be posting the log from this scan with your next reply).

Still in Safe Mode, scan with HijackThis and have it fix the following entries:

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\rsyszx2d.exe DO0605
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rsyszx2d.exe
O4 - Startup: Zstart.lnk = C:\Documents and Settings\shane\Local Settings\Temp\zxinst12.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/W...e/bridge-c3.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.c..._ap1001_sp2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...b?1122254108140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/active...free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/i...561/mcfscan.cab
O20 - AppInit_DLLs: repairs.dll

Close any open windows, other then HijackThis, and hit Fix checked.

Delete the C:\Program Files\SurfSideKick 3 …

Old thread merged with new one; please keep replies to your original post within this thread to help avoid confusion and prevent duplication of our efforts. Thanks :)

You can follow either my previous suggestions (in post #2 above), or DMR's (post #4), and then post a new HijackThis log along with the Ewido log.

Glad to hear your system is working properly again :)

Have a look through the links below to help keep it that way.

I don't know if it will help with your problem, but there are a few things that should be fixed there.

Go to Add/Remove Programs in your Control Panel and remove Viewpoint (or Viewpoint Manager, ViewMgr, or something similar).

Scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8l.hpwis.com/
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Close any open windows, other then HijackThis, and hit Fix checked.

Go to C:\Program Files, and delete the Viewpoint folder.

Empty your Recycle Bin, reboot, close any open browser windows, scan with HJT, and post a new log; let us know if there's any improvement.

Note: I deleted your thread in the other forum because all HijackThis logs are to be posted in this forum.

You're welcome :)

Your HijackThis log looks clean, by the way.

Hi Justme1957, welcome to DaniWeb :D

Please follow the recommendations and instructions in the links below to help protect your PC, start the cleanup process, and some basic info on HijackThis (such as using the most recent version :) ).

When you get to the third one, go to posts #5 & #11 and follow the instructions there.

After you've done that, please post a new HijackThis log (using version 1.99.1).

All of the links are valid, but some of them you may need to run from IE instead of Firefox.

Free Online Scans

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

Do a search on your computer for Antix and let us know the location(s) of anything found.

Hi Nelson, welcome to DaniWeb :D

I don't see Aurora in your log, but you do have some other things to clean up.

Go to Add/Remove Programs in your Control Panel and remove (if present):

Aprps
Ebates_MoeMoneyMaker (or something similar)
A program that starts with FLAWON
And...
Window Search
Window Searching
Lop.com
LOP SEARCH
Browser Enhancer
Ultimate Browser Enhancer
You may be given a code to insert, do so and reboot when done.
If the ones listed in the second batch are not there, run this uninstaller:
http://members.rogers.com/rjmac/new_uninstall.exe

Now, reboot into Safe Mode and run a full system scan with Ewido (even if you've already done it, please do so again). Note: you will be posting the log from this scan with your next reply.

Still in Safe Mode, scan with HijackThis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - …

The last link in my signature below can give you some basic info on HijackThis and it's use. Take a look at that, and then post your log and we'll have a look. :)

You may wish to review the other links in my sig as well.

There has been an update to Spybot that will fix the bug it contains regarding the DSO exploit; make sure you have the latest version of Spybot (1.4) -- you can get it from here:

http://www.download.com/3120-20_4-0.html?qt=spybot&tg=dl-20&search.x=17&search.y=6

upload what file?

Sorry about that, I must have somehow got your thread mixed up with another one. :o

Why hasn't anyone suggested a virus scan yet?

This worm disables anti-virus programs. However, an online virus scan may work, try one (or more) in the 'Cleanup' link below.

What kind of problem are you having?

Have the file scanned at http://virusscan.jotti.org/
(Upload the file and click Submit to have it scanned); let us know the results.

Your log looks a lot better now :) Just a couple more things. Scan with HJT and have it fix:

O2 - BHO: Class - {EE72118D-405B-F80E-60FC-ABE4266F3C23} - C:\WINDOWS\WINLV.DLL (file missing)
O19 - User stylesheet: (file missing)

Close any open windows, and hit Fix checked.

Go to C:\WINDOWS and delete WINLV.DLL (if it won't delete, try Safe Mode).

Empty your Recycle Bin and reboot. Let us know if you're still having any problems.

You can try 'Last Known Good' on XP too:

Reboot your computer, press F8 during the boot process, use the arrow keys to highlight Last Known Good Configuration, and then press ENTER.

Little joke there from Dave it appears -- “Problem Exists Between Keyboard And Chair"

you have XP

System Restore allows you to go back to any date, go back to the day before it happened

Not 'any' date; any date that a 'snapshot' was taken :)

Hammy, use the most recent Restore Point before you got this infection.

whats it restoring? will i loose all my infromation from the point after when i restore?

The registry and some dynamic system files, you shouldn't lose any of your own data.

Here's some info on System Restore:
http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.

On the Welcome screen, click Restore my computer to an earlier time, and then click Next.

On the Select a Restore Point page, select the date from the calendar that shows the point you'd like to restore to.

I didn't know you were having a problem.

I searched for antix, instead of antix.c; .c is most likely a variation of .a and .b since the symptoms are the same.

Have you tried System Restore yet?

Here's some info on Antix:

"An MSN Messenger worm that spreads through a message that tries to get the target user to download a new Messenger update by following a link. What is downloaded is "kernel32.exe", which can disable security related programs and be used to download additional malware. (Sophos)"

http://facetime.com/impactcenter/threatdetail.aspx?id=1091

http://www.sophos.com/virusinfo/analyses/w32antixa.html

http://www.esecurityplanet.com/alerts/article.php/1031_3527531

http://reviews.cnet.com/5208-6142_7-0.html?forumID=32&messageID=1362195&threadID=119994

Never mind booting into Safe Mode, that won't work either.

Use System Restore to set your system to a time before you got this.
(Note: after using System Restore, you may have to again deal with the other problem you had recently -- http://www.daniweb.com/techtalkforums/thread30034.html)

Never mind starting a new thread in the Virus forum, I'll move this one there.

Reboot into Safe Mode and scan with HJT. Try to warn as many people as you can about this before they get infected!

Whatever you got, you managed to pass on to your brother (said he got if from you in an IM). You'll probably find the same thing happens if you try to open Services (in Administrative Tools).

Between the two of you, maybe we can figure out what it is and how to get rid of it.

Scan with HijackThis and post your log in the Virus forum (not in this thread).

Please run option #2 of the lm2fix.

Then run the following tools to assist in removing this infection:

WinPFind
Right-click the Zip Folder and select "Extract All"
Extract it somewhere you will remember (like your Desktop)
Don't do anything with it yet!

Track qoo
Again, save it somewhere you will remember, like your Desktop

Reboot into Safe Mode.

Doubleclick WinPFind.exe
Click "Start Scan"
It will scan the entire System, so please be patient.
Once the scan is complete, go to the WinPFind folder and locate WinPFind.txt;
Place those results in the next post.

Reboot back to Normal Mode.

Double Click on "Track qoo.vbs"

Note - If your Antivirus has Script Blocking, you will get a Pop Up Window asking you what to do. Allow this Entire Script to run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in your next post along with the results of WinPFind.

Hi H4H, welcome to DaniWeb :D

Hope you enjoy the site!

If you can still boot up, this program may work:

http://www.snapfiles.com/get/restoration.html

If you can't boot up, you can put the drive in another computer as a slave and use the same program to retrieve the data.

What was the problem? Your solution may help someone else :)

My Virus and firewall protection (Mcafee) is continually being turned off. I keep on re-installing the programs as, the registries are either missing or have been moved.
Am I infected with a Virus or trojan?
How should I proceed form here?
Wallace Tait.

Hi Wallace, welcome to DaniWeb :D

Please follow the recommendations and instructions in the links below. When you get to the last one, you will find instructions for getting and using HijackThis; please post the log from your HijackThis scan.

Please follow the directions in post #2 here:
http://www.daniweb.com/techtalkforums/thread28196.html

You should be good to go then. And keep your cookies and Temp folders cleaned out :)

Hi Kintak,

I'm afraid it's against forum rules to assist with P2P / file-sharing (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Note: HijackThis logs are to be posted only in the Virus forum, but I don't see anything in your log to indicate a problem.

Issue 1.) Does this problem occur with both IE and Firefox?

Have you tried cleaning out your cookies, Temp files, cache, etc.?

How much RAM does your system have?

Issue 2.) Not sure about this, I'll see what I can find out.

Issue 3.) Let us know if you work it out.

Hi Lisawild3, welcome to DaniWeb :D

I'm afraid MikeandIke is right, it's against forum rules to assist with P2P / file-sharing (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

For that reason, this thread is being closed.

Hi Jessykah,

Lisa didn't say anything wrong, she was just trying to help; after all, we're all here to either help or be helped -- in many cases both :)

Try this to stop the Messenger service:

Go to Start, Settings, Control Panel. Double-click on Administrative Tools, and then Services. Scroll down to Messenger and right-click on it. Select Properties, and then under Service status:, click the Stop button. Now click on the drop-down arrow to the far right of Startup type: and select Disabled. Click OK and then close the Services and Administrative Tools windows. Windows Messenger shouldn't bother you anymore.

If this doesn't work, let us know.

Hi JGZ, welcome to DaniWeb :D

Please follow the recommendations and instructions in the links below to help prevent reinfection -- during and after the cleanup process (don't skip the Windows Updates), help you do some basic cleanup yourself, and give you some general advice on the use of HijackThis.

When you get to the last one, follow the instructions in Post #5.

If you need help with any of this, please don't hesitate to ask :)

When you're done, please post a new HijackThis log along with the Ewido log.

Any O16 entries are safe to fix with HijackThis, the legitimate ones will come back next time the site is visited. I generally prefer to have HJT fix all of these just to clean up the log :)

Go to Add/Remove Programs in your Control Panel and remove:

Viewpoint (or Viewpoint Manager, ViewMgr.exe or something similar)

Scan with HJT and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie...//www.yahoo.com
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {00C0A1F2-D492-4DBA-A8E2-76CB1B791724} (TNPLDownloader Control) - https://dtwx2.accuweather.com/tnpl_...LDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1096081851429
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yah...utocomplete.cab

Close any open windows, other then HijackThis, and hit Fix checked.

Go to C:\Program Files and delete the Viewpoint folder.

Empty …