TechSpot

Toolbar 888 the security pages etc

By smilermk
Sep 3, 2006
  1. Please Help !! I have attached my HJT log, I have gone thrpugh your pre-posting routines upto the point where i have to reboot in safe mode - i thought i'd better seek advice first.

    My PC doesnt want to reboot in safe mode ! nor does it want to restart when asked, so i have manually restarted (reset button) as required when going thorugh the procedures.

    FYI: Trend micro routine seemed to crash out at the removal stage
    F-Secure window shut down half way through
    Kaspersky froze my PC
    Bit defender appeared to complete.
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Download and run these four tools. Follow the instuctions for using each tool.

    Too1 Tool2 Tool3 Tool4

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. smilermk

    smilermk TS Rookie Topic Starter

    Hi Howard

    Thanks for your prompt reply, I have run the 4 tools and my new HJT log is attached.

    Chris
     
  4. KnightofBane

    KnightofBane TS Rookie Posts: 56

    I actually got rid of Toolbar 888 today by using Spybot: S&D only. It was in use so all I did was reboot and let Spybot start upon boot and it deleted WinAntiVirus 2006 Pro and Toolbar 888. So if you have Spybot just use that and it will get rid of Toolbar 888.

    -KoB
     
  5. smilermk

    smilermk TS Rookie Topic Starter

    New HJT log after Search and Destroy

    Thanks Knight of Blane, that did find an awful lot (66 entries) and my Tooolbar 888 has now gone.

    I still have a dubious windows security alert (in my taskbar)telling me my McAfee virus scan is disabled, yet it looks like it is working okay (as this also still shows in my taskbar)
    My Start menu also still has security troubleshooting and online security guide listed - but they dont have their normal icons.

    Ive attached my latest HJT log.

    Cheers
    Chris
     
  6. KnightofBane

    KnightofBane TS Rookie Posts: 56

    KnightofBane* :)

    Actually, I recommend AVG Anti-Virus by Grisoft because it got an award for 100% virus detection by a magazine and some company thing. It works quite well really.

    Also make sure you realize McAfee doesn't detect spyware.
     
  7. smilermk

    smilermk TS Rookie Topic Starter

    Am i cured ?

    Thanks I will have a look at the AVG software does that detect spyware ?, can you tell if im virus free form my HJT log ?

    Chris
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    4DMAIN.EXE
    gdnFR2339.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R3 - Default URLSearchHook is missing

    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

    Fix all 016-DPF entries, except for any Microsoft/Windows entries.

    O20 - AppInit_DLLs: , nslookup.dll

    O20 - Winlogon Notify: winnyv32 - C:\WINDOWS\SYSTEM32\winnyv32.dll

    Click on the fix checked button.

    Close HJT.

    Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

    These are the filepaths you need to enter into killbox.

    C:\WINDOWS\SYSTEM32\winnyv32.dll

    nslookup.dll<You will need to find the full path to this file.

    Once your system has rebooted, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. smilermk

    smilermk TS Rookie Topic Starter

    Howard my PC is still unable to start in safe mode - it says your computer has encountered an error and suggests I restart normally.
    Do I still follow your previous post without safe mode ?

    Also I only have my username setup on the PC and this setup as an administrator, is this going to be a problem ?

    Cheers

    Chris
     
  10. KnightofBane

    KnightofBane TS Rookie Posts: 56

    To get into safe mode I just spam F8 when I start up so that the screen shows up. I think you need to be in safe mode incase something happens but whatever.

    When you boot in safe mode you're given the admin account and your account. I get the same thing but I'm an admin so just still use your account and not the default "Administrator" named account.
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, follow the instructions from normal mode.

    Regards Howard :)
     
  12. smilermk

    smilermk TS Rookie Topic Starter

    Hi Howard, can i start off by saying your an abolute gent for taking the time to help me out here... Its very much appreciated.

    I thought the last reply was from you - I got confused and I went ahead without safe mode and logged in as normal.

    HJT encountered an error when trying to resolve nslookup.dll and I couldn't find the file on my system either, so was unable to put it into killbox (your download link didnt work - so I found it elsewhere).

    Ive attached my latest HJT log, am I looking any better ?

    Thanks

    Chris
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Uninstall this programme, if you don`t know what it is, or you don`t use it.

    C:\PROGRA~1\OPTICA~1\4DMAIN.EXE

    Have HJT fix this inactive entry.

    O20 - Winlogon Notify: winnyv32 - winnyv32.dll (file missing)

    Other than the above, your HJT log is clean.

    I don`t know why you can`t boot into safe mode, but maybe you should try doing a Windows repair as per this thread HERE.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. smilermk

    smilermk TS Rookie Topic Starter

    Many thanks again for your help i will look at the safe mode issue, would you recommend any particular piece of software to help protect me in the future ?

    Chris
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    The free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes are very good. Obviously you would need to get rid of your Symantec/Norton crapware.

    Antispyware programmes to have are, Spybot Search & Destroy/Ad-Aware personal se/Ewido/Spyware Blaster

    You can Google for all the above.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...