Mixi DJ toolbar can't be removed

[biltman]

 

[Jack]

Hi and welcome to the malwaretips.com forums!

I'm Jack and I am going to try to assist you with your problem. Please take note of the below:

• I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
• The fixes are specific to your problem and should only be used for this issue on this machine!
• The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
• If you don't know, stop and ask! Don't keep going on.
• Please reply to this thread. Do not start a new topic.
• Refrain from running self fixes as this will hinder the malware removal process.
• It may prove beneficial if you print of the following instructions or save them to notepad as I post them.

Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.


Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

---

STEP 1: Run a scan with AdwCleaner

<ol><li>Download AdwCleaner from the below link.
<><a href="http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner" target="_blank">ADWCLEANER DOWNLAOD LINK</a></> (This link will automatically download AdwCleaner on your computer)</li>

<li>Close all open programs and internet browsers.</li>
<li>Double click on <>adwcleaner.exe</> to run the tool.</li>
<li>Click on <>Delete</>,then confirm each time with <>Ok</>.</li>
<li>Your computer will be rebooted automatically. A text file will open after the restart.</li>
<li>Please post the contents of that logfile with your next reply.</li>
<li>You can find the logfile at <>C:\AdwCleaner[S1].txt</> as well.</li>
</ol>
<hr/>

STEP 2: Run a scan with Junkware Removal Tool

1. Please download Junkware Removal Tool to your desktop from the following link:
   JUNKWARE REMOVAL TOOL DOWNLOAD LINK (This link will automatically download Junkware Removal Tool on your computer)
2. Double-click to run the tool. For Windows Vista or 7 users, right-click the file and select Run as Administrator
3. The tool will open and start scanning your system
4. Please be patient as this can take a while to complete depending on your system's specifications
5. On completion, a log (JRT.txt) will be saved to your desktop and will automatically open
6. Post the contents of JRT.txt into your next reply

---

What's next?

Add the following logs to your next post (You can find here details on how to use the Attachment System):
1.AdwCleaner log
2. Junkware Removal Tool log
4.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>

 

[biltman]

I've run both program and posted the logs below. Because my laptop was also infected, I've run the programs on it as well. After AdwCleaner rebooted both computers, Chrome opened without the Mixi DJ toolbar. I decided to do this simultaneously because I thought that signing into my Chrome account from a cleaned computer might somehow allow the computer to contract the virus from the other. This was obviously wrong: both computers seemed 'clean', so I logged into my Chrome account on my laptop only. Immediately after doing so, I closed Chrome then reopened it to see if the Mixi DJ second tab was opening on start-up, and it was. So it seems that signing into my Chrome account somehow infects me. Obviously I don't want to be infected, but I would also like to use my Chrome account. What can I do?

Thanks in advance.

# AdwCleaner v2.304 - Logfile created 07/05/2013 at 08:25:32
# Updated 03/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ReBunkman - REBUNKMAN
# Boot Mode : Normal
# Running from : C:\Users\ReBunkman\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\ReBunkman\AppData\Roaming\Mozilla\Firefox\Profiles\v83ifj77.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\ReBunkman\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.3064] : urls_to_restore_on_startup = [ "hxxp://www.google.ca/", "hxxp://search.conduit.com/?ctid=CT32[...]

*************************

AdwCleaner[R1].txt - [1101 octets] - [05/07/2013 08:24:55]
AdwCleaner[S1].txt - [987 octets] - [05/07/2013 08:25:32]

########## EOF - C:\AdwCleaner[S1].txt - [1046 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by ReBunkman on 05/07/2013 at 8:40:55.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{129626B8-3274-4C4B-B573-81CA9E35EEB6}



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Successfully deleted: [File] "C:\Users\ReBunkman\AppData\Roaming\mozilla\firefox\profiles\v83ifj77.default\extensions\DivXWebPlayer@divx.com.xpi"
Successfully deleted: [Folder] C:\Users\ReBunkman\AppData\Roaming\mozilla\firefox\profiles\v83ifj77.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
Emptied folder: C:\Users\ReBunkman\AppData\Roaming\mozilla\firefox\profiles\v83ifj77.default\minidumps [11 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/07/2013 at 8:45:19.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[Jack]

Hello biltman,
When you login into your Chrome account, you sync back all the extensions, and because we have used some utilities to remove the MixiDJ extension, this come back. Nevertheless, this is not something to worry, and can easily be fixed.
Can you please login into your Chrome account, then Click the Chrome menu button on the browser toolbar, select Tools and then click on Extensions.

Next, in the Extensions tab, can you please write back here what extension do you have installed on your Chrome.
Alternatively, you can just take a screenshot:
How to take and post screenshot:
Press the "PrtSc" (Print screen) key (upper right part of keyboard)> open Paint (Start > All programs > Accessories) > Edit > Paste, File > Save as (jpeg or png, Not bmp). Open your browser > Go here > Select browse > click once to select file > Open > Upload > Reply whit the link.

 

[biltman]

Hi Jack,

I've got:

Adblock Plus 1.4.1

DivX Plus Web Player HTML5 <video> 2.1.2.172 (not enabled. This was deleted by one of the cleaners, but reinstalled itself when I signed back into Chrome)

Google Analytics Debugger 2.6

and

Zotero Connector 4.0.8.2

Thanks,

Justin

 

[biltman]

Hmm, that didn't post correctly.I've got: Adblock Plus 1.4.1, DivX Plus Web Player HTML5 <video> 2.1.2.172 (not enabled. This was deleted by one of the cleaners, but reinstalled itself when I signed back into Chrome), Google Analytics Debugger 2.6, and Zotero Connector 4.0.8.2.

Thanks,

Justin

 

[Jack]

Click on the Trash Can next to DivX Plus Web Player HTML5 to remove this extensions from your web browser. Did you install the Zotero Connector and Google Analytics Debugger extensions?
Next, click again on Chrome menu button, then select Settings, and in the On Startup section, put the check mark on One the New Tab page.

 

[biltman]

Ah! You're brilliant. I wish I'd noticed that 'On startup' setting. I've removed the DivX player and the Google Analytics Debugger. I installed Adblock Plus and Zotero for sure.

Thanks for your help!

 

[Jack]

Great. Now, lets run a scan and a quick fix, and we're done.
I've noticed that you also have some unwanted lines added to your Windows Hosts files, so lets reset it to its default settings.

STEP 1: Reset the Windows Hosts file back to its default settings
To reset the Hosts file back to its default settings, we will run Microsoft Fix it 50267.

1. Download Microsoft Fix it 50267 from the below link.
   MICROSOFT FIX IT 50267 DOWNLOAD LINK (This link will automatically download Microsoft Fix it 50267 on your computer)
2. Double click on MicrosoftFixit50267, then follow the prompts to reset your Windows Hosts file.
   
   

---

STEP 2: Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility from the below link
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET ONLINE SCANNER DOWNLOAD LINK</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>

---

Please add in your next reply:
1.ESET log
2.Let me know if you had any problems with the above instructions and also <>let me know how things are running now!</>