Desperate for help! looks like a safenavweb ...but not quite

[polonus]

Hi HibikiKano,


Let us try now the solution that oldman proposed:

Fix these in HJT


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: BDEX System - {1AC7107A-938F-4347-864C-C51E49EC586E} - E:\WINDOWS\dxpvqlmtqn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: The ensfolr - {3723900A-B26F-40EC-B606-B7B37132B83F} - E:\WINDOWS\ensfolr.dll


and use OTMOVEIT for these

E:\WINDOWS\dxpvqlmtqn.dll
E:\WINDOWS\ensfolr.dll

Then it will be gone into digital oblivion, as part of it already has,
then you can see if the registry things you found are still there,
and take these out as well,

polonus

[HibikiKano]

Yay! It seems to work well now and the toolbar is gone too ^^

i added the final Hijackthis log too.

ありがとごやいます!!!　^＿^　  （my japanese isnt good enough to read that you wrote before though im sorry T.T ）

[polonus]

Hi HibikiKano,

Your hijackthis logfile looks clean. The Japanese reads: "Your computer is clean".
Thank you for being with me in this malware cleansing routine,
Join our forum, and I wish you many a malware free day,

polonus

[HibikiKano]

Thank you alot for all your help ^^
Oh i wanted to ask one more thing when i go into my taskbar i always find ViewpointService and i dont remember putting it on. Shuld i try to get rid of it somehow too?

[polonus]

Hi HibikiKano,

Is this another toolbar:
Overview:
ViewPoint Toolbar will hijack your search queries and also transmits non personally identifiable information back to their servers (It's still data therefore spyware as far as I'm concerned.) Here is a quote from the download.com review.

"This free toolbar offers a way to save bookmarks in visual form, as well as a fairly capable pop-up blocker. The Viewpoint Toolbar has an attractive, compact interface that quickly expands when necessary. For example, if you want to view screenshots of bookmarks, you simply click a button to scroll through all images. Though the thumbnails are rather small, they are big enough to give you a general overview of a page's contents. The thumbnails have as annotation text from the search results, so you can quickly understand what a page is about. The pop-up blocker was mostly effective in our tests, except with floating ads, though its performance seemed a bit slow. You can specify whether to allow ads from a certain site and whether to display an icon and play a sound when the toolbar blocks ads. You'll also find a basic search function powered by Yahoo's engine. Since it offers a rather unique way to store bookmarks and doesn't cost a dime, we can see how Viewpoint Toolbar makes a beneficial addition for many Web surfers."

Unlike a lot of the crap we see around here this does offer something that is somewhat useful.

This program does have an uninstaller under add/remove programs. Please use that as your first option.

End Processes (may or may not exist):
mtsaxinstaller.exe
viewmgr.exe

Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a search by the name of the file to see if they're on your system.
A while back I wrote a guide to Register/remove DLL or AX files which you will need if you don't know how to unregister these files.

Each file is in several locations so you'll need to search for them and unregister + delete them in every location you find.

axmetastream.dll
swfview.dll
viewbar.dll
viewbarbho.dll

Remove Directories:
%programfilesdir%\viewpoint\
%profiles%\application data\viewpoint\

Or came it bundled with a Viewpoint Media Player, search for the following files:
AxMetaStream.dll, ComponentMgr.dll, MetaStreamID.ini, MtsAxInstaller.exe, npViewpoint.dll, npViewpoint.xpt, JpegReader.dll, Mts3Reader.dll, SceneComponent.dll, SreeDMMX.dll, SWFView.dll, WaveletReader.dll

If it is the toolbar you know how to get rid of it now,

polonus

P.S. I log out shortly from now, to have a good night's sleep, to-morrow we try to clear these remnants of adware from your computer, OK? Goodnight to you as well,

pol

[HibikiKano]

Waa thank you alot !!

I'm sorry i kept you awake this long though.
And thank you again for all your help!

[polonus]

Hi HibikiKano,

Everything is all-right, I like to do this, so you did not wake me up too long. People learn a lot doing these things, so to-morrow we go on, look for all the files I mentioned, and report back to me to-morrow,

polonus

[HibikiKano]

waaa  sorry about the long wait i had a few exams 

[polonus]

Hi HibikiKano,

Didn't you had any of the ViewPoint adware files on your computer. Did you search for them?

polonus

[oldman]

Hi polonus and HibikiKano

You can find uninstall instructions and info about viewpoint here

http://www.pchell.com/support/viewpoint.shtml

[polonus]

Thank you "oldman", we will take that in consideration, whenever HibikiKano checks in with his search results,

pol

[HibikiKano]

Hello Polonius,

I am so sorry but this week is a rather busy one and I am very sorry i don't reply enough 
I will try that with the viewpoint thank you oldman.

Can i ask about the sqmdata files again? how can i safely remove those? And also lately when someone is sending me a file on windows live messanger, it tells me that it will take a virus scan. It was messanger, not NOD or any other antivirus program but messanger does a scan...I do remember that it did that the first time when i got that whole thing on my computer. Is that a new thing they put in ? Or is it something suspicious?

Oh one more thing. How can i remove the hiberfil.sis safely? i know where to turn hibernate mode off but I am a little frightened to just delete hiberfil.sis with brute force. 

I am so sorry i am making you wait this much eventhough i asked for your help.

-Hibiki

[Lisandro]

I am a little frightened to just delete hiberfil.sis with brute force. 

Just turn off hibernation and you'll be able to delete that file.
I will be recreated again when you enable hibernation again.

[polonus]

Hi HibikiKano,

We do not have to rush this, but tell me what of the ViewPoint files or processes did you find on your computer?

Run a couple of cleaning programs as well, like for instance ATF cleaner from here:
http://www.atribune.org/ccount/click.php?id=1

Concerning the sqm files:
These files are created by the Customer Experience Improvement Program of Windows MSN Live Messenger.
If you are very sure that you don't want to help Microsoft in making WMLM just a little better you can disable it..

"To stop these files being created, you will need to turn off the option in MSN. You can do this in the options menu, selecting the help section, and then selecting 'Customer Experience Improvement Program'. Tick the 'I don't want to participate right now' and press OK."

And concerning removing hiberfil.sys, read here:
http://www.jmu.edu/computing/news/archive/issues/hyberfil.shtml
(Hi, Tech, you have beaten me to it by a sec, but I give him the instructions and pictures as well in my link, Damian)

There is also a more permanent solution:
what you need to do is open the file “autoexec.bat” on your C drive with notepad.

Then add the following two lines to it:
del /q /a sqmdata*.sqm
del /q /a sqmnoopt*.sqm

Save the file, and that’s it, you’re done. Now whenever you start your computer up, it will remove all of the annoying .sqm files cluttering up your C drive.

polonus