First timer -- neo toolbar help

First of all, I am not the most computer savvy chick. But I have a couple of items dropped on my computer that are annoying the heck out of me. I ran as many steps of the tutorial that I could yesterday. I encountered the following problems there:

1. Could not download the about:blaster file. I apologize that I don't have the exact wording.

2. Search for updates on Spybot: Error retreiving update into file. Socket error #11004.

3. When I tried to go into Safe Mode (XP) and went to Internet Explorer, I encountered the About:Blank page, and couldn't get anywhere from there. So I ran the scans in normal boot mode.

4. Trend Micro scan could not delete TROJ DLD Windows\system32\seqsb.dll

5. I had 27 files infected on my disk drives according to the Symantec scan. No viruses detected in memory. Was I supposed to get a fix from that scan?

6. Stinger fixed some problems I was unaware of, as did CCleaner, Adaware & Spybot. CWShredder did not find anything; nor did Kill2me. Did not have about:blaster, HSRemove fixed some problems.

But I still cannot remove the Neo technology search engine (toolbar) from the add/remove programs. I also have My Web Search (funnybuddyicons) that I cannot remove. When I click remove for the Neo one, I get a prompt to download uninstall.exe, which then comes up with no validation, so I do not download that file. When I click remove from My Web Search, I get
Error loading C:\progra~1\mywebs~1\bar\1.bin\mwsbar.dll Specific file module could not be found.

Hopefully I did not do any further damage! Can anyone help??
Thank you!

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Here goes...trying to attach HJT log.
Thank you.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Viewpoint

Messenger Plus! 3

MyWebSearch

WeatherBug


Please print out these instructions so that you can operate with All Browser Windows CLOSED.

Please make sure System Restore is OFF and the Viewing of Hidden Files & Folders is Enabled as per the tutorial.


Now, look in Task Manager (Ctrl-Alt-Del) for the following running processes and, if you see any of them, try to END them:

ViewMgr.exe

MsgPlus.exe

iexplore.exe <-- End every instance of this process as requested!

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wpcsrdnovlbqvnzpalhshjjva.com/iRoNDtqgf4rHgDFFSuqhJMMFCiKq1RxvNDrARzY E_t5cJjdd/Ip05/kM9KIZ/LXi.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yah oo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)

O2 - BHO: (no name) - {01A8B218-C451-46A2-EED6-732ACA8ABC9E} - C:\DOCUME~1\Erin\APPLIC~1\OOZETR~1\date bike.exe
O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\System32\msqsb.dll (file missing)
O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\System32\msqsb.dll (file missing)

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Bone beep bleh win] C:\Documents and Settings\All Users\Application Data\Vga pop bone beep\knobvga.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Memo user] C:\DOCUME~1\Erin\APPLIC~1\TIMETH~1\Antegluepoll.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O16 - DPF: {22222222-2222-2222-2222-222222222222} - file://c:\x.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\Messenger Plus! 3 ←–– Delete this whole folder if it exist!

C:\Program Files\Viewpoint ←–– Delete this whole folder if it exist!

C:\Program Files\AWS ←–– Delete this whole folder if it exist!

C:\Program Files\MyWebSearch ←–– Delete this whole folder if it exist!

C:\Documents and Settings\Erin\Application Data\OOZETR~1 ←–– Delete this whole folder if it exist!

C:\Documents and Settings\Erin\Application Data\TIMETH~1 ←–– Delete this whole folder if it exist!

C:\Documents and Settings\All Users\Application Data\Vga pop bone beep ←–– Delete this whole folder if it exist!

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

Thank you for your help!

I had to stop midway through these instructions with some questions.
First, I cannot remove My Web Search from Add/Remove programs. I get: "error loading C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsbar.dll The specific module could not be found" (see first post)

No weather bug in the add/remove programs section.

None of the processes mentioned were running in task manager.

Ran Hijack this, went to check the boxes named, but am I supposed to find ALL those boxes in the HJT scan? I do have some, but exactly as written (the gobbledeegook letters and numbers are different), and others are not there at all. I didn't know if I should just delete those that were there exactly as written...

Thanks again.

 

We will get the MyWebSearch, procede with the fix. As far as the entries, check all that apply. Will be awaiting new HJT log.

 

Ahhh...

Things seem to be running well. I have no strange toolbars that won't go away and the stuff that was dropped in my favorites with no option to delete is gone. Attached is the latest HJT log. Thank you again. Any more advice? Should I use Mozilla or Netscape insted of Internet Explorer? Can I ask that or can you recommend?

Thank you!

 

Personally, I would use Mozilla Firefox as its safer. Well, I say its safer they did just find a critical hole in it. But I think you will be ok, just be sure you have the latest version and keep it up-to-date.

Now, scan with HJT and have it fix the below entries. Be sure you have ALL browsers closed when you click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wfjszmmtfklyndhaxn.com/iRoNDtqgf4rHgDFFSuqhJMMFCiKq1RxvNDrARzYE_t4AeO xqUm0yXPkM9KIZ/LXi.asp

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Again, be sure you have ALL browsers closed before clicking FIX.

NOW:
Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file iefix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the iefix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

After doing the above, your HJT log is clean. Are you having any further problems?

 

I think it's all good. Thank you!

 

Your Welcome!

Glad things are running good.

You should see this article on How to Protect yourself from malware!