Security Toolbat 7.1 Removal

[patdi_1]

Trying to remove Security Toolbar 7.1 with no success.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patdi_1]

Thanks for you assistance.

Here's where things are. I have ran everthing from the link Viruses/Spyware/Malware, primary removal instruction ran everything execpt Ad-Adware Personal se which would not execute in Safe mode.

Panda Antiroot kit did not provide any unknown rootkits. Attached are the requested results . PLease let me know what are the next steps.

 

[howard_hopkinso]

Delete all files in AVG Antispyware quarantine.

Go to add remove programmes in your control panel and uninstall anything to do with(if there).

Viewpoint
viewpoint toolbar
viewpoint manager.

Close control panel.

Click start/run and type services.msc into the run box and press the enter key.

When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

Viewpoint Manager Service

Close the services window.

Open notepad and copy/paste the text in the code box below into it:
NOTE* make sure to only highlight and copy what is inside the quote box nothing out side of it.
Also ..

Pay particular attention to this :-

Make sure the word File:: is on the first line of the text file you save (no blank line above it, & no space in front of it)
Code:

File::
C:\temp\VirtumundoBeGone.exe
C:\temp\ccsetup201.exe
C:\temp\aaw2007.exe
C:\temp\spybotsd15.exe
C:\temp\avgas-setup-7.5.1.43.exe
C:\temp\CFP_Setup_English_2.4.18.184.exe
C:\WINDOWS\system32\ljjkihh.dll.vir
C:\Program Files\setuplog.txt
C:\WINDOWS\msagent\pimoc.bak1
C:\WINDOWS\msagent\pimoc.bak2
C:\WINDOWS\system32\kbdcht.dll
C:\WINDOWS\system32\pmkjj.dll
Folder::
C:\VundoFix Backups
C:\qoobox
C:\Program Files\Viewpoint
C:\PROGRA~1\MYWEBS~1
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5429f471-878f-4521-9ef8-a82424f31642}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D0D758CD-DC95-4A30-86B1-818A457AD5E1}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmkjj.dll
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

Save this as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a fresh HJT log.

Regards Howard

This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patdi_1]

There was nothing quarantined in the AVG Antispyware to remove. Performed other tasks as requested. Please let let me know the next course of action. Thanks.

 

[howard_hopkinso]

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://media63.fastclick.net/w/safepop.cgi?mid=43232&sid=3063&id=107333&len=901& c=51&nfcp=1&fp=2

R3 - URLSearchHook: (no name) - {0026AD90-C86F-4269-97F3-DAB4897C6D06} - (no file)

O4 - HKCU\..\Run: [QdrPack9] "C:\Program Files\QdrPack\QdrPack9.exe"<Fix this if you don`t know what it is.

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm172YYUS

Click on the fix checked button.

Close HJT and reboot your computer.

Delete the C:\qoobox folder.

Go HERE, download and install the latest version of Java.

Once it`s installed, go to add remove programmes in your control panel and uninstall all previous versions of Java, except version 6 update 3. Close Control panel.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patdi_1]

Performed all of tasks as requested. The only thing I noticed was that occasionally at startup the Wireless Zero Configuration doesn't startup though set to automatic under Services (I thought that the porblems I was having with the WZC were related to toolbar issue). Attached is the HJT logg as requested. Please let me know the next course of action. Thanks.

 

[howard_hopkinso]

Your HJT log is now clean.

I`m not sure what the problem is with your Wireless Zero Configuration. maybe you should try a Windows repair as per this thread HERE. If that doesn`t help, open a new thread for this in our Windows OS forum.

Turn off system restore.(XP/ME only) See how HERE.

Now, turn system restore back on. This will have deleted all your old restore points and any nasties that are in them. It will also have created a new, clean restore point.


If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[patdi_1]

Everthings looks OK with no more pop-ups. Can I remove any of the things installed to remove the problem? The system is moving a tad slower than before. Also, which of the installed should be ran as regular maintenance?

Also, I would like to know how you determined what to get rid of, add and steps taken. I have friends that constantly ask for assistance and I would like to give them a hand. Thanks for your time and talent.

 

[howard_hopkinso]

Yes, you can uninstall/delete all the tools etc we used during clean up.

It would take far too long for me to explain why I asked you to get rid of certain things.

If you are interested in learning about malware removal, I suggest you consider joining the Malware Removal University. It`s free and you would receive expert tuition in all aspects of the same.

Regards Howard

This thread is for the use of patdi_1 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.