My Computer Needs Help; trojan and worm found

[jholland1964]

Melissa, where is the HJT log?
Did you attempt to uninstall any of those on your list?

[MelissaY]

Melissa, where is the HJT log?
Did you attempt to uninstall any of those on your list?

hi judy, below is what i've noted as i've gone through the system from the beginning and its current status. thank you again melissay

i was able to remove everything thru normal mode>add remove programs except for this program: iden gps upgrade utility. the error message i receive is "the log file crogram files motorola iden gps upgrade utility uninst.isu is not valid or data is corrupt. uninstall will not continue"

i perused the system via 'windows explorer>search>my computer' in order to remove some of the things i recognize as the previous owner. 'ppsdkdistributable' was not found during the search. i cant uninstall or delete these files/folders: 'authentium antivirus sdk2' and 'radialpoint security services' - i receive the same error message for both; 'another installation is in progress.' - i'm instructed to finish the installation and retry.

i would like to remove these programs (safely and completely);
aim - removed via add remove programs, folders still in windows explorer, unsure if i can remove without compromising system

aol - removed via add remove programs, folders still in windows explorer, unsure if i can remove without compromising system

authentium antivirus sdk2 - removed via add remove programs, unable to remove via windows explorer

avast - removed via add remove programs. folders still in windows explorer, unsure if i can remove without compromising system

bearware - not in add remove programs list. in windows explorer, have not removed this, dont know what it is but looks suspicious

board games - removed via add remove programs. folders still in windows explorer, unsure if i can remove without compromising system

bonjour - not in add remove programs list. in windows explorer, have not removed this, dont know what it is but looks suspicious

epson - removed via add remove programs. folders still in windows explorer, unsure if i can remove without compromising system. also in prefetch file folder

funwebproducts - removed via add remove programs, want to ensure all elements of this program are removed

icq - not in add remove programs list. in windows explorer, have not removed this, dont know what it is, but looks suspicious

ipod - not in add remove programs list. can i remove in windows explorer? this belonged to previous owner

itunes - not in add remove programs list. can i remove in windows explorer? this belonged to previous owner

learn2 - removed via add remove programs. can i remove in windows explorer? this belonged to previous owner

limewire - removed via add remove programs and windows explorer. want to ensure all elements of this program are removed

m5shell (wurld media) - not in add remove programs list. can i remove in windows explorer? dont know what it is, but looks suspicious

macrogaming - not in add remove programs list. not sure what it is but think it's related to sweetim, if it is; want to ensure all elements of this program are removed

morpheus - not in add remove programs list. can i remove in windows explorer? dont know what it is, but looks suspicious

motorola - not in add remove programs list. removed via windows explorer. this belonged to previous owner

myjal (motorola ringtones) - not in add remove programs list. removed via windows explorer. this belonged to previous owner

mywebsearch - not in add remove programs list. want to ensure all elements of this program are removed

netzero - removed via add remove programs. folders still in windows explorer, unsure if i can remove without compromising system

nextpimpmedia - not in add remove programs list. removed via windows explorer. this belonged to previous owner

nokia - not in add remove programs list. removed via windows explorer. this belonged to previous owner

popswatter - not in add remove programs list. want to ensure all elements of this program are removed

pure networks - not in add remove programs list. can i remove in windows explorer? dont know what it is, but looks suspicious

radialpoint security services - removed via add remove programs, unable to remove via windows explorer

smileycentral - not in add remove programs list. want to ensure all elements of this program are removed

sweetim - removed via add remove programs on 05-03-08. program self re-installed on 05-05-08, want to ensure all elements of this program are removed

viewpoint - removed via add remove programs. folders still in windows explorer, unsure if i can remove without compromising system

c windows prefetch file - i want to ensure nothing can load from there. may i delete files from this section?

registry - i want to ensure no hidden spyware has re-registered and can tap into the pc. may i delete files from this section?

the access pc from a remote location also had a bunch of options selected. i dont know the default selections, or what's OK to change to ensure no one can access her pc remotely but that she still has her internet connection, etc. i unchecked a lot of aol entries, but dont know what else i can uncheck to ensure no remove access is gained

there is an error message upon pc startup that i want to remove;
'entry point not found: smartbridge alerts 'motivesb.exe' the procedure entry point 'getprocessingimage filenamew' could not be located in the dynamic link library PSAPI.dll' unsure how to fix. does PSAPI.dll need to be re-registered in order to fix? just a guess on my part.

[jholland1964]

Hi Melissa,
First of all for this error....

another installation is in progress

...this means that "something" didn't install correctly and so is trying to continue. What was the last thing installed by you on the computer? This is very possibly what is trying to install because it didn't install correctly the first time so it keeps trying. This either needs to finish it's install or be uninstalled. If you can narrow that down then maybe you can uninstall the program that keep giving you this message.
You can also try using the Windows Installer CleanUp Utility for programs which have used the Windows Installer. This too might work.

Now for the others;
We usually recommend that you use Search, Files and Folders and then do a search for each item...AOL, Avast,...etc.
Maybe a bit slower but this way generally all files named the same or containing the name will show up. Then just delete them. Will not harm system files.
Believe Bearware is a downloading website or program. Delete it.

board games should be no problems removing the folder

Bonjour is often times installed by 3rd party software for printers, iPod and those type of devices. Bonjour uses multicast Domain Name System service records to locate devices such as printers, as well as other computers, and the services that those devices offer.

Epson is fine to remove. Won't compromise anythng.
icq is a messaging service like AIM. Removing is fine.
IPod, ITunes, Learn2, Limewire can all be removed.
m5shell (spyware WurldMedia is a browser plug-in that logs visits to known sites and redirects them through a third-party server in order to take the affiliate fees, and steal fees from other websites when you click on their advertisements. They even steal the fees from other webmasters when their links are used.)

macrogaming...this is your sweetim..I will give more instructions in my next post about this junk.

morpheus...a file sharing program. Needs to go
netzero..previous owners internet hook up, get rid of it.
viewpoint...remove it.

c windows prefetch file - i want to ensure nothing can load from there. may i delete files from this section? Absolutely, just empty the file.
registry - i want to ensure no hidden spyware has re-registered and can tap into the pc. may i delete files from this section? As long as you make a backup first and also know exactly what you are doing.

'entry point not found: smartbridge alerts 'motivesb.exe' the procedure entry point 'getprocessingimage filenamew' could not be located in the dynamic link library PSAPI.dll' unsure how to fix. does PSAPI.dll need to be re-registered in order to fix? just a guess on my part.

Usually this is an error to do with some "broadband helper" software your ISP has installed on your computer and is easy to fix:

To work around this error:

Winkey+E
Navigate to the installation location for SmartBridge which should be something like:
C:\Program Files\your ISP Help\SmartBridge

Now find the file PSAPI.DLL and rename it to something like PSAPIOLD.DLL

Do Not Delete it

Now reboot the computer.

The program will find the new PSAPI.DLL in the C:\Windows\System32 directory and function normally...
If you look in all those folders found by you in Windows Explorer with names of programs you have removed the chances are these folders, or some of them anyway, are empty. There is NO PROBLEM deleting them.

[jholland1964]

Download and install CCleaner
DON'T run it yet. Do the following first.

Now Disconnect from the internet, actually unplug the cable to the computer, to do these next ones so you should write down or print this out

Here are the instructions for your sweetim and all the other junk connected with it;
Open My Computer, Drive C, and double-click on the Program Files folder

Right-click and delete the folders for the following if there, if not then don't be concerned:

My Web Search
My Way Speedbar
Fun Web Products
Smiley Central
Cursor Mania
My Mail Stationary
My Mail Signature
PopSwatter
Popular Screensavers
Webfetti
My Way website portal
My Total Search
sweetim
macrogaming

For pure networks do the following and right click and delete folder noted in RED; Remember JUST that single folder if found.
Go to C drive and look for the following;
C:\Documents and Settings\All Users\Application Data\Pure Networks
C:\Program Files\Pure Networks

Now run CCleaner using the Windows settings. Once complete then click the Tools TAB and you get an unistall list and see if your error producing programs are listed there;

authentium antivirus sdk2
radialpoint security services
PPSDKRedistributables

Try and and see if CCleaner will remove them. You can try this via Safe Mode if normal mode doesn't do the trick.

When you have completed all the above then shut down, plug internet cable back in, reboot and run a new HiJackThis scan and post the log here. I really, really, REALLY will need to see a new scan log after this.

[MelissaY]

Dear Judy,
I've sent you a private message. I appreciate all of the expertise and look forward to getting this done! :-)
Have a nice and safe Memorial Weekend.
We are having thunderstorms and rain in Southern California! I cant believe it!
It's usually sunny and hot...what the heck? :-s
Take care and kindest regards. MelissaY

[jholland1964]

Received your message Melissa. Whenever you can get back with requested info I'll be here. Have a safe happy holiday.
Judy