Need help removing Mixi DJ toolbar please

[zdeb99]

I need help removing a toolbar that got installed earlier today - mixi DJ. I uninstalled it in control panel, but it is still showing up. I have no idea how to get rid of these, and I hope someone can help me.
I have read the READ AND RUN ME FIRST Malware removal guide and am pretty sure I have followed all of the instructions, and have what I think are the right logs attached here.
I am running Windows 7 on a 64 bit operating system.
Any help would be greatly appreciated.
Deb

[Kestrel13!]

Can you please attach the MGlogs.zip from running MGTools.exe.

[zdeb99]

I was afraid I didn't have all the right stuff attached. Sorry about that.

[Kestrel13!]

Uninstall the below:

• Coupon Companion
• Supreme Savings

Rerun Hitman and have it delete Malware remnants. Also, under the "Repairs" section, what options does it give you for:

Quote:

Repair Winsock
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

hosts
C:\Windows\system32\drivers\etc\

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate this 1 detection:

• [TASK][SUSP PATH] Updater19962.exe : C:\Users\Deb\AppData\Local\Updater19962\Updater19962.exe /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [7] -> FOUND

Place a checkmark each of these items, leave the others unchecked.
Now press the Delete button.
When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

• O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
• O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll

After clicking Fix exit HJT.


Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Quote:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}]

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Delete these:

• C:\ProgramData\1ACBAA7916.sys
• C:\Users\Deb\AppData\Local\Updater19962
• C:\Program Files (x86)\Supreme Savings

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Rerun Hitman, just a scan and attach log. Same for RogueKiller.


Now run the C:\MGtools\GetLogs.bat file by double clicking on it. (Right click and run as admin if using Vista or Windows7) Then attach the new C:\MGlogs.zip file that will be created by running this.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

[zdeb99]

I am in the process of trying to do what you listed in your post, but it is going to take me another day to do it. I will post the answers to your specific questions as soon as I can. Thank you so much for taking the time to help me - I'm just so darn busy right now

Deb

[Kestrel13!]

OK Deb, I'll be floating about somewhere whenever you are ready.

[zdeb99]

I finally was able to complete all the steps, though I think something was wrong before I got all the way through. When I started the steps, the toolbar was still in place, but I had only done one or two things, and the toolbar was gone. I thought it was ok until I ran some of the programs you mentioned and things you had seen were not showing up for me.

Starting at the beginning, for the following, it was "ignore" or "repair"

under the "Repairs" section, what options does it give you for:

Quote:
Repair Winsock
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

hosts
C:\Windows\system32\drivers\etc\

---------------------

The following items you mentioned were nowhere to be found:

TASK][SUSP PATH] Updater19962.exe : C:\Users\Deb\AppData\Local\Updater19962\Updater19962.exe /extensionid=19962 /extensionname="Supreme Savings" /chromeid=ihkeoookbpemkdccdccdmacnidhooohk [7] -> FOUND

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: CrossriderApp0019962 - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll



I did receive a success message when running the following:

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}]

And of the following....

Delete these:
C:\ProgramData\1ACBAA7916.sys
C:\Users\Deb\AppData\Local\Updater19962
C:\Program Files (x86)\Supreme Savings

... only the first one listed was there for me to delete.

I have attached the logs you requested.
The only thing I notice now is that some online games I play load very slowly or sometimes don't load at all and seem frozen. If I mess with it enough, it usually loads, but I never noticed that before all of this.

Thank you for your help and your patience with me. I appreciate it!
Deb

[Kestrel13!]

If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
   • Press and hold the Windows key and then press the letter R on your keyboard. This opens the Run dialog box.
   • Copy and paste the below into the Run box and then click OK. Note the quotes are required
   • "%userprofile%\Desktop\combofix" /uninstall
     • Notes: The space between the combofix" and the /uninstall, it must be there.
     • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
3. Go back to step 4 of the READ ME and renable your Disk Emulation software with Defogger if you had disabled it.
4. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
5. If running Vista or Win 7, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
7. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove, you can delete these files now.
8. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
9. If you are running Win 7, Vista, Windows XP or Windows ME, do the below:
   • Refer to the cleaning procedures pointed to by step 6 of the READ ME
     for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
   • Then reboot and Enable System Restore to create a new clean Restore Point.
10. After doing the above, you should work thru the below link:
    • How to Protect yourself from malware!

[zdeb99]

I waited a few days to make sure everything was running smoothly. Since it was, I just completed the final steps.
Thank you so much for helping, Kestrel13! - I appreciate it very much!
Have a great day!!
Deb

[Kestrel13!]

Most welcome, Deb. Safe surfing!