Malware/Trojan problems continuing

[ninjakb]

Hi Little Eagle,
Side note: One thing I wanted to make sure I did correctly --
When i ran ATF cleaner, I did NOT delete Prefetch files or saved Firefox passwords as mentioned on the instructions page.

Here is what I just did:
I rebooted in safe mode w/networking and ran an HJT scan.
I restarted to see if computer would work and if maybe I could get you an HJT scan that way.

Here is how the computer acts when attempting to start in regular mode (I will explain the best I can but sometimes lack the words):
- very SLOW startup
- the desktop, icons and taskbar all show up but the cursor has an hourglass next to it. I can move the cursor over the desktop or taskbar but it still shows the cursor and hourglass icon
- I waited it out. The taskbar ends up disappearing and will not appear even when scrolling over it. The hourglass disappears and just turns to a plain cursor. I still can move it all over the screen.
- Once I attempt to click on any folder or item on my desktop, the cursor turns only to an hourglass and hangs. Nothing happens. I can still move the hourglass around.
- i waited for over 5 minutes before restarting. But I have to restart by pulling the battery and plug. Control, Alt, Delete doesn't work and the power button doesn't work.
- I restarted in safe mode w/networking and sent you the new HJT log.

Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:34 PM, on 3/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Shortcut to systray.lnk = C:\WINDOWS\system32\systray.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.5.1.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...lscbase370.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1154751377421
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_inst...syInstallX.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Venturi2 Client (Venturi2) - Fourelle Systems, Inc - C:\Program Files\Venturi2\Client\ventc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11646 bytes

Thank you,
Karen

[little eagle]

I'd like to see an Uninstall List.
Please open up HijackThis.
Click on Open the Misc Tools section button
Click on Open Uninstall Manager
Click on Save
A notepad document will open with a list of your installed programs.
Please copy that into your reply.

For now lets remove spybot and delete the folder.

[ninjakb]

HI!

Here is the uninstall list. (if I can remove some things, esp. on the antivirus/antispyware end, please let me know).
I am going to remove Spybot right now.

7-Zip 4.44 beta
ABBYY FineReader 6.0 Sprint
ABC Amber LIT Converter
Ad-Aware SE Personal
Adobe Photoshop 6.0
Adobe Reader 7.0.9
Adobe Shockwave Player
Adobe SVG Viewer
Ahead Nero Burning ROM
AIM 6
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoUnpack 4.4.4
Avanquest update
avast! Antivirus
AVG Anti-Spyware 7.5
AvPropPlugin 1.0.0.1
BitPim 1.0.4
Bonjour
Bounce Symphony from Dell Media Experience (remove only)
Briscola 5.1
Broadcom Management Programs 2
Brother HL-2070N
CatchPhrase (TM)
CDMaster32
Collab
Conexant D110 MDC V.9x Modem
Corel Paint Shop Pro X
Corel Photo Album 6
Crystal Maze (For Remote Control) from Dell Media Experience (remove only)
Crystal Maze from Dell Media Experience (remove only)
dBpoweramp Music Converter
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell PC Fax
Dell Photo AIO Printer 926
Dell Support 3.1
Digital Content Portal
Digital Line Detect
DING!
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab Decrypter 3.0.8.0
e+ 48U
EarthLink setup files
eBook Library by Sony
EducateU
ELIcon
Envisioneer Express 3.0
ESET Online Scanner
Exerlence Advisor
FL Studio 6
Flash Builder
Fourelle Venturi Personal Client 2.1.1
Free and Easy Biorhythm Calculator version 3.00
FreeFTP
Get High Speed Internet!
Google
Google Desktop
Google Toolbar for Internet Explorer
Health Assessment
Health Assessment (C:\Program Files\Health\)
HijackThis 2.0.2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Macromedia Dreamweaver Attain
Magic DVD Ripper V3.5
MagicDisc 2.5.79
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Access 2000 Runtime
Microsoft Calculator Plus
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Reader
Microsoft Streets and Trips 2005
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Motorola Driver Installation 3.4.0
Motorola Phone Tools
Motorola Software Update
Mozilla Firefox (2.0.0.12)
MP3 Recorder XP 1.90
mPfMgr
mPfWiz
mProSafe
MSN Music Assistant
mSSO
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
mToolkit
Musicmatch® Jukebox
mWlsSafe
mXML
MyEMR for Windows
Myst III: Exile
mZConfig
NetWaiting
NetZeroInstallers
NoteBurner 1.36
Nucleus Kernel Undelete Demo ver 4.02
Orbital from Dell Media Experience (remove only)
Overball from Dell Media Experience (remove only)
Palm
PixiePack Codec Pack
Polar Bowler from Dell Media Experience (remove only)
Power MP3 WMA Converter 2006, (ver 3.51)
Power MP3 WMA Recorder 1.01
Powerbullet Presenter 1.43
PowerDVD 5.5
Presilo 0.4.3.0
QuickSet
QuickTime
RealPlayer
Remove Labyrinth Society Screensaver
Riven
Rocket Piano Bonus Software
Rocket Piano eBooks
Rocket Piano MP3 Audio Files
RunAlyzer
Scopa d'Assi
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Skype™ 3.2
Slyder (For Remote Control) from Dell Media Experience (remove only)
Slyder from Dell Media Experience (remove only)
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Sonic Audio module
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SoundTaxi 1.2.5
Spybot - Search & Destroy
TextBridge Pro 8.0
The Crystal Key v11
TomTom HOME
Tradewinds from Dell Media Experience (remove only)
Trend Micro PC-cillin Internet Security 12
Tunebite
URGE
URL Assistant
VideoLAN VLC media player 0.8.6b
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
WD Backup
WD Firewire HID Driver
WebCyberCoach 3.2 Dell
Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
Windows Genuine Advantage v1.3.0254.0
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
WinRAR archiver
WordPerfect Office 12
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar for Internet Explorer
YAMAHA Digital Music Notebook
YAMAHA Launcher V1.0
ZoneAlarm
ZoneAlarm Spy Blocker

Thank you,
Karen

[little eagle]

You have avast! Antivirus you can remove Trend Micro PC-cillin Internet Security 12

You should remove DING! and EarthLink setup files

Be sure to keep SunJava, updated it is important to remove older versions as these are the ones with the holes in them.
Download Newest >>>> http://www.java.com/en/download/index.jsp
Once installed you can test to see that it is in fact installed >>>>
Sun Java Test

Remove these also
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1

These are junkware
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar

[ninjakb]

Hi Little Eagle,
Thank you for the info. I attempted to uninstall all of the programs you listed. I also attempted to download the new version of Java.
Unfortunately, since I am in safe mode, I kept getting the message that 'Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode... etc.'
I can't get the computer running in regular mode so didn't know how to accomplish this.

Help! :-)

On a side note, I was wondering if 'Ding!' was that important to remove. I could always reinstall it. But I travel quite a bit and it is for Southwest airlines cheap fares alerts. Can I keep it?

Also - the Java update - do I remove all existing versions from the machine BEFORE downloading the new version or is it ok to download the newest version and THEN remove the old versions?

Lastly, other than AOL IM, I don't use any other AOL service. Can I remove everything else AOL without removing AIMs functionality?

Sorry to bombard you with questions. Just want to make sure i do this right. Thank you once again.
Karen

[little eagle]

Also - the Java update - do I remove all existing versions from the machine BEFORE downloading the new version or is it ok to download the newest version and THEN remove the old versions?

I do not think it matters we just have them remove all of the older versions so they don't forget.

On a side note, I was wondering if 'Ding!' was that important to remove. I could always reinstall it. But I travel quite a bit and it is for Southwest airlines cheap fares alerts. Can I keep it?

It's not a trojan or virus so if you think you need it it's your choice.

Lastly, other than AOL IM, I don't use any other AOL service. Can I remove everything else AOL without removing AIMs functionality?

Yes I think you can the AIM is separate program.

[ninjakb]

HI Little Eagle,

Ok I will follow those instructions.

But back to the original problem - I don't know how to do any of the installs or de-installs in safe mode. I can't get the darn computer running in regular mode to make the changes either.

Can you suggest a way around that? ;-)

Karen

[little eagle]

Close all programs leaving only HijackThis running. Place a check against each of the following,

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8968] command /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1769] cmd /c del "C:\WINDOWS\wt\WDInUsePlugin.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2048] command /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2969] cmd /c del "C:\WINDOWS\wt\webdriver.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1842] command /c del "C:\WINDOWS\wt\info.txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6318] cmd /c del "C:\WINDOWS\wt\info.txt"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe

Click on Fix Checked when finished and exit HijackThis.

Then try to reboot with out going in to safe mode.
We can restore some of these later.

[ninjakb]

Hi Little Eagle,
I 'fixed' those files as requested. The only one that was not present was:
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

-- but you had me remove spybot before, so I wasn't concerned. I 'fixed' all others.

I am using my other OLD laptop so I could leave the one we are working on running.

Here is what happened:
- I restarted in regular mode. Again, SLOW startup. The desktop and the taskbar loaded. The cursor and hourglass next to it showed on the desktop for a bit, then changed to a regular cursor. But when i moved it over the taskbar, it turned to an hourglass.
- I waited it out and ended up with just a cursor over the desktop and taskbar. The taskbar is showing now but no system tray icons.
- I cannot click on any folder or icon on the desktop though. Nothing happens. The cursor still moves though.
- Also, I 'usually' have the taskbar set to autohide when I use the computer in general. It is not doing that.

Anyway, just trying to be thorough give you all the small details and subtleties. I did NOT restart it yet and have the computer running if there is anything I can do in this mode and you happen to get to this message this evening.

Thank you!

Karen

[ninjakb]

Hi Little Eagle,

OK, had to tell you this one.
I walked away to go take care of some other tasks and left the computer sitting. (again, it is in regular mode). I have been gone 15 minutes or so?

When i got back, all these windows are up on the desktop and in the taskbar it says '10 Windows Explorer' (like I have 10 Windows Explorer windows open). BUT - the windows that ARE open are just folders from my desktop and if I recall correctly, they are the last folders I tried to click on every time I tried to access them in the past in regular startup mode. So there is the folder to 'My Computer' and a folder I created on the desktop to keep all of the logfiles titled 'TO FIX COMPUTER' - there are 5 of each of these folders. Right now, the 'my computer' folder is open and the flashlight is going back and forth trying to access the folder.
- Also, the taskbar is loaded with a few system tray icons loaded as well.

I tried to click on the windows to close them but nothing is happening. I am waiting to see if anything will happen. If I see that it is locked up, I am going to just shut it down and await further instructions.

Just weird. Thoughts?

Karen