Problems started with Google Toolbar Notifier

I've followed the instructions within http://forums.majorgeeks.com/showthread.php?t=35407 to the best of my ability.

Here is the situation. I turned the computer on (Windows XP Pro SP2) one morning about 2 weeks ago and the computer started an automatic download. One of the items downloaded was "Google Toolbar Notifier for Internet Explorer." I normally use Mozilla as my primary browser.

After this "update," the computer developed 3 problems.

Problem 1) Every shutdown or reboot required me to cancel a non-responding program. By looking at the information in the title-bar, I was able to determine the non-responsive program was the Google Toolbar Notifier. I went into "Add/Remove Programs" and removed the "Google Toolbar Notifier." After that removal, I could reboot and shutdown without any further action on my part.

Problem 2) Perhaps just coincidence, but my DVD drive has stop working. I've gone into Device Manager and there are no yellow exclamation marks associated with the CD or DVD drive.

Problem 3) Random EXTREMELY slow response. For instance, when I tried to open device manager, it took about 1 minute and ultimately failed ("Program Not Responding.") Also have noticed a lack of smooth mouse movement, etc.

I've attached the bdscan file and the Panda scan file. The bdscan has some kind of porn newsgroup infection and the Panda shows "Sidestep" and "Tribal Fusion." One item of note. I tried to run the Panda scan in safe mode but it kept terminating my connection to the Internet and thus made it impossible to save the report file. I tried several times and ultimately had to run the scan in normal mode. I don't know if this will matter.

I'll create a second post and attach the runkey and newfiles files.

Everything else (CCleaner, Ad-aware, Spybot, Microsoft Malicious Software Removal Tool, and Windows Defender) ran w/o detecting any issues.

Thanks in advance!

Tipsy

 

Additional file attachments.

Tipsy

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Please look in Add/Remove Programs for the following and uninstall them if found:

Viewpoint

Please make sure the Viewing of Hidden Files & Folders is enabled per the READ ME.

Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

ViewMgr.exe

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Viewpoint ← Delete this whole folder if it exist!

Next, run CCleaner to clean up cookies and temp files.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\Downloaded Program Files\SbCIe028.inf into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above, REBOOT and proceed with the rest of this fix...

Reset Web Settings & Default Security Settings:

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK


To Default Security Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Security Tab and click Default Level for Internet, Local Intranet, Trusted Sites, and Restricted Sites.

After you complete this post, reboot once more and let me know how things are running.

 

Viewpoint Manager was in the list of Add/Remove programs. I removed it.

ViewMgr.exe was not listed in the task manager.

In the HJT scan, all but 04-HKLM\..\Run: [ViewMgr] were present. I checked the other 3 and "fixed" them.

Viewpoint folder did exist in Program Files and was deleted.

C:\WINDOWS\Downloaded Program Files\SbCIe028.inf did not exist. There was nothing delete and reboot in Killbox.

I reset the IE settings as described. I subsequently have gone back to select Mozilla as my default browser.

I tried to play a DVD. The machine got VERY slow. The DVD would not play and the machine all but locked up. After several minutes, I was able to ctrl+alt+delete and reboot.

Tipsy

 

Click on the link below and run the online scan...

Kaspersky Anti-Virus Online Scan

• Click on "Kaspersky Online Scanner"
  
• Click Accept to procede...
  
• If you get a popup askiing if you want to Install Kaspersky's ActiveX Control, click Yes to install it.
  
• If you get a Security Warning popup asking if you want to install and run kavwebscan_unicode.cab, click Yes to install it.
  
• After all updates are downloaded, click NEXT to continue...( Note it will take awhile to download these updates based on your connection speed).
  
• Click Scan Settings and select extended and make sure both boxes are checked at the bottom, Click OK to continue.
  
• Now click on My Computer and let it run!
  
• This scan may take a while but it is very thorough. After the scan is complete save the log as a txt file and attach it to your next post along with a fresh HJT log.

 

I'm in the process of running the Kaspersky scan (I'm posting this from another computer). However, on both computers I am unable to click on any links in Majorgeeks posts. I get the following message; "The board has been moved to a new server. If you still seeing this message, you could try the following to flush your DNS cache: ipconfig /flushdns" I've tried the inconfig/flushdns in the "run" prompt, to no avail.

I also notice that while the page is trying to open, I can see "tribal-fusion" in the lower address bar (just above the Windows Start button). Tribal Fusion was listed in one of the above scans. Am I infected even further now (and on my other machine?!)

Tipsy

 

Here are the two requested logs.

Tipsy

 

Your logs look good, if your still having problems with the DVD playing, I would post this Software Forum. They may be able to best help you as I don't think it's malware related.

 

Okay...thank you.

Yes, I'm still having both DVD and slow performance issues. The best was to describe the slow performance is as a serious lag. For instance, if I click on the IE quick launch icon, nothing with happen. I click again and again and again. Nothing happens. Then, after a 30 second delay, 8 or 9 IE windows suddenly open.

Tipsy

 

I understand what your saying, I do not see anything that would be causing in a Malware. It could be a number of things from failing hardware to faulty driver. Malware will cause this but per your logs I don't think it's the case here.

 

Okay. Thank you for your time.

Tipsy

 

Your Welcome!