K now do I reboot and send a new hijackthis log?
Hi HibikiKano,
Hai. That is yes. はい
polonus
Teehee thanks i knew that, i had some basic japanese :-[ but can’t study it further here.
un here is the new logfile but ensflor is still there.
Hi HibikiKano,
That one we gonna kill with Toolbarcop, download it from here:
http://www.majorgeeks.com/download4126.html
In toolbarcop fix the ensfolr toolbar like you worked the HJT entries,
then reboot and post a hijackthis log,
==========================================
The manual removal instructions for the ensfolr toolbar:
Ensfolr Toolbar manual removal instructions:
Delete Ensfolr Toolbar files. Disable and remove Ensfolr Toolbar dll’s:
dxpvqlmpdn.dll
ensfolr.dll
ampkfst.dll
bklgvsf.dll
Delete Ensfolr Toolbar registry subkeys:
HKCR\CLSID{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\Interface{6E9078DA-0C69-47B0-9637-2734104BD217}
HKCR\TypeLib{5328D226-7057-4B06-9E4A-7829BFA7CA78}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.bkwo\CLSID
{14E52265-CCA3-4F78-A21B-88F4EE6E78C1}
HKCR\ensfolr.ToolBar.1
HKCR\ensfolr.bkwo
If you do the latter, backup your registry first
polonus
The manual for toolwarcop is here:
http://www.winhelponline.com/tbchelp.htm
polonus
allright so far i only nanaged to find ensfolr.dll
i found a dxpvqlmtqn.dll is that the same as the dxpvqlmpdn.dll you told me ?
i cant find
ampkfst.dll
bklgvsf.dll
i also cant find any of those regkeys in ToolBarCop :-
Shuld i search for them in Regedit?
Ok this is what it gives me
Hi HibikiKano,
First try to delete all that is related with this toolbar as far as toolbarcop give it,
kill this dxpvqlmtqn.dll & ensfolr.dll
INFO says it is malware:
DXPVQLMTQN.DLL has been seen to perform the following behavior(s):
* Creation and Registration of a Browser Helper Object in Internet Explorer
* Enables an In Process Object/Server - Common with DLL Injections
* Registers a Dynamic Link Libray (DLL) File
DXPVQLMTQN.DLL has been the subject of the following behavior(s):
* Created as a process on disk
* Registered as a Dynamic Link Libray (DLL) File
* Enabled as an In Process Object/Server - Common with DLL Injections
* Deleted as a process from disk
* Registered as a Dynamic Link Library File
First delete the unwanted lines in Toolbar cop,
then put DXPVQLMTQN.DLL and remove with OTMoveIt,
You can take the registry items out, only those I gave, and exactly as given,
copy your registry first, so you can back it up if that should be.
See if the toolbar has gone, then your computer is clean again,
あなたのコンピュータはきれい今である。
polonus
HI guys, this might make it easier:
Fix these in HJT
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - E:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - E:\WINDOWS\ensfolr.dll
and use OTMOVEIT for these
E:\WINDOWS\dxpvqlmtqn.dll
E:\WINDOWS\ensfolr.dll
i cant find ampkfst.dll bklgvsf.dll
Those where removed earlier 
Hi oldman,
We could do that, we’d nearly arrived at that point anyway. Then HibikiKano can see whether his malicious toolbar has left his computer for good,
polonus
Alright i didnt find a single one of the keys you told me about.
i did find the
HKCR\ensfolr.brft
and
HKCR\ensflor.ToolBar.1
and they only key they have is the same and its in their CLASID{3723900A-B26F-40EC-B606-B7B37132BB3F}
Hi HibikiKano,
Let us try now the solution that oldman proposed:
Fix these in HJT
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - E:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - E:\WINDOWS\ensfolr.dll
and use OTMOVEIT for these
E:\WINDOWS\dxpvqlmtqn.dll
E:\WINDOWS\ensfolr.dll
Then it will be gone into digital oblivion, as part of it already has,
then you can see if the registry things you found are still there,
and take these out as well,
polonus
Yay! It seems to work well now and the toolbar is gone too ^^
i added the final Hijackthis log too.
ありがとごやいます!!! ^_^ (my japanese isnt good enough to read that you wrote before though im sorry T.T )
Hi HibikiKano,
Your hijackthis logfile looks clean. The Japanese reads: “Your computer is clean”.
Thank you for being with me in this malware cleansing routine,
Join our forum, and I wish you many a malware free day,
polonus
Thank you alot for all your help ^^
Oh i wanted to ask one more thing when i go into my taskbar i always find ViewpointService and i dont remember putting it on. Shuld i try to get rid of it somehow too?
Hi HibikiKano,
Is this another toolbar:
Overview:
ViewPoint Toolbar will hijack your search queries and also transmits non personally identifiable information back to their servers (It’s still data therefore spyware as far as I’m concerned.) Here is a quote from the download.com review.
“This free toolbar offers a way to save bookmarks in visual form, as well as a fairly capable pop-up blocker. The Viewpoint Toolbar has an attractive, compact interface that quickly expands when necessary. For example, if you want to view screenshots of bookmarks, you simply click a button to scroll through all images. Though the thumbnails are rather small, they are big enough to give you a general overview of a page’s contents. The thumbnails have as annotation text from the search results, so you can quickly understand what a page is about. The pop-up blocker was mostly effective in our tests, except with floating ads, though its performance seemed a bit slow. You can specify whether to allow ads from a certain site and whether to display an icon and play a sound when the toolbar blocks ads. You’ll also find a basic search function powered by Yahoo’s engine. Since it offers a rather unique way to store bookmarks and doesn’t cost a dime, we can see how Viewpoint Toolbar makes a beneficial addition for many Web surfers.”
Unlike a lot of the crap we see around here this does offer something that is somewhat useful.
This program does have an uninstaller under add/remove programs. Please use that as your first option.
End Processes (may or may not exist):
mtsaxinstaller.exe
viewmgr.exe
Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they’re on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don’t know how to unregister these files.
Each file is in several locations so you’ll need to search for them and unregister + delete them in every location you find.
axmetastream.dll
swfview.dll
viewbar.dll
viewbarbho.dll
Remove Directories:
%programfilesdir%\viewpoint
%profiles%\application data\viewpoint\
Or came it bundled with a Viewpoint Media Player, search for the following files:
AxMetaStream.dll, ComponentMgr.dll, MetaStreamID.ini, MtsAxInstaller.exe, npViewpoint.dll, npViewpoint.xpt, JpegReader.dll, Mts3Reader.dll, SceneComponent.dll, SreeDMMX.dll, SWFView.dll, WaveletReader.dll
If it is the toolbar you know how to get rid of it now,
polonus
P.S. I log out shortly from now, to have a good night’s sleep, to-morrow we try to clear these remnants of adware from your computer, OK? Goodnight to you as well,
pol
Waa thank you alot ^-^!!
I’m sorry i kept you awake this long though.
And thank you again for all your help!
Hi HibikiKano,
Everything is all-right, I like to do this, so you did not wake me up too long. People learn a lot doing these things, so to-morrow we go on, look for all the files I mentioned, and report back to me to-morrow,
polonus
waaa :-\ sorry about the long wait i had a few exams :-[
Hi HibikiKano,
Didn’t you had any of the ViewPoint adware files on your computer. Did you search for them?
polonus
Hi polonus and HibikiKano
You can find uninstall instructions and info about viewpoint here