Superantispyware, and Malwarebytes did pretty good job....
*** You need to update Java:
http://java.sun.com/javase/downloads/index.jspJava Runtime Environment (JRE) 6 Update 6Uninstall all previous versions of Java through Add\Remove.
*** Go
Start>Control Panel>Add\Remove, and...
Uninstall any of the following programs associated with
Viewpoint:
*
Viewpoint Manager *
Viewpoint Media Player *
Viewpoint Toolbar*** Download, and run
CTFMON-Remover:
http://www.gerhard-schlager.at/en/projects/ctfmonremover/The CTFMON-Remover helps you removing the annoying CTFMON.EXE from your Windows operating system. The program is easy to use and displays whether the CTFMON.EXE is installed and running or not. If it was found then you can remove it within seconds. Just in case that you need the CTFMON sometime in the future there is also an option to restore the original one.Note:The CTFMON.EXE is among other things responsible for changing the language schema of your keyboard (e.g. for switching between the German and English keyboard layout).
So in case you are using this feature you shouldn't remove or disable the CTFMON.EXE!*** Download, and run
QuickTime Killer:
http://www.softpedia.com/get/System/Launchers-Shutdown-Tools/QuickTime-Killer.shtmlQuickTime Killer will remove QuickTime from start up and kill any running QuickTime processes. This application runs silently at start up and closes itself as soon as it takes care of QuickTime
1.
Print this post out, since you won't have an access to it, at some point.2. Close all windows, except for HijackThis.
3. Put a checkmark next to the following HijackThis entries (
some entries will be checkmarked to disable unnecessary startups; in those cases [marked with *], no actual program will be removed):
- O2 - BHO: {9d5c3da4-4580-23c8-fce4-18d79467ea71} - {17ae7649-7d81-4ecf-8c32-08544ad3c5d9} - C:\WINDOWS\system32\rnwmdk.dll (file missing)
- *O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
- *O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
- *O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
- *O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
- *O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
- *O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
- *O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
- *O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- *O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
- *O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
- *O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
- *O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
- *O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
- O20 - Winlogon Notify: awtusqND - awtusqND.dll (file missing)
- O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
4. Click on
Fix checked button.
5. Restart computer in
Safe Mode (keep tapping F8 key, when your computer starts, until menu appears)
6. Open
Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to
Show hidden files, and folders.
7. Delete following files/folders (
if present):
-
Viewpoint folder from C:\Program Files
8. Restart in Normal Mode.
9. Post new HijackThis log.