Toolbar 888 the security pages etc

[smilermk]

Please Help !! I have attached my HJT log, I have gone thrpugh your pre-posting routines upto the point where i have to reboot in safe mode - i thought i'd better seek advice first.

My PC doesnt want to reboot in safe mode ! nor does it want to restart when asked, so i have manually restarted (reset button) as required when going thorugh the procedures.

FYI: Trend micro routine seemed to crash out at the removal stage
F-Secure window shut down half way through
Kaspersky froze my PC
Bit defender appeared to complete.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Download and run these four tools. Follow the instuctions for using each tool.

Too1 Tool2 Tool3 Tool4

Post a fresh HJT log, only after doing the above.

Regards Howard :wave: :wave:

This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[smilermk]

Hi Howard

Thanks for your prompt reply, I have run the 4 tools and my new HJT log is attached.

Chris

 

[KnightofBane]

I actually got rid of Toolbar 888 today by using Spybot: S&D only. It was in use so all I did was reboot and let Spybot start upon boot and it deleted WinAntiVirus 2006 Pro and Toolbar 888. So if you have Spybot just use that and it will get rid of Toolbar 888.

-KoB

 

[smilermk]

New HJT log after Search and Destroy

Thanks Knight of Blane, that did find an awful lot (66 entries) and my Tooolbar 888 has now gone.

I still have a dubious windows security alert (in my taskbar)telling me my McAfee virus scan is disabled, yet it looks like it is working okay (as this also still shows in my taskbar)
My Start menu also still has security troubleshooting and online security guide listed - but they dont have their normal icons.

Ive attached my latest HJT log.

Cheers
Chris

 

[KnightofBane]

KnightofBane*

Actually, I recommend AVG Anti-Virus by Grisoft because it got an award for 100% virus detection by a magazine and some company thing. It works quite well really.

Also make sure you realize McAfee doesn't detect spyware.

 

[smilermk]

Am i cured ?

Thanks I will have a look at the AVG software does that detect spyware ?, can you tell if im virus free form my HJT log ?

Chris

 

[howard_hopkinso]

Download the Pocket Killbox programme from HERE. Extract it but don`t run it yet.

You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

4DMAIN.EXE
gdnFR2339.exe

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)

Fix all 016-DPF entries, except for any Microsoft/Windows entries.

O20 - AppInit_DLLs: , nslookup.dll

O20 - Winlogon Notify: winnyv32 - C:\WINDOWS\SYSTEM32\winnyv32.dll

Click on the fix checked button.

Close HJT.

Run the killbox.exe file. When it loads type the full path to the file you would like to delete in the field and check the delete file on reboot button. press the Delete File button (looks like a red circle with a white X). It will prompt you to reboot, select no until you have finished inputting the files you want to delete, only then allow it to reboot and hopefully your files will now be deleted.

These are the filepaths you need to enter into killbox.

C:\WINDOWS\SYSTEM32\winnyv32.dll

nslookup.dll<You will need to find the full path to this file.

Once your system has rebooted, turn system restore back on and rehide your protected OS files.

Post a fresh HJT log and let me know how your system is running.

Regards Howard

This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[smilermk]

Howard my PC is still unable to start in safe mode - it says your computer has encountered an error and suggests I restart normally.
Do I still follow your previous post without safe mode ?

Also I only have my username setup on the PC and this setup as an administrator, is this going to be a problem ?

Cheers

Chris

 

[KnightofBane]

Howard my PC is still unable to start in safe mode - it says your computer has encountered an error and suggests I restart normally.
Do I still follow your previous post without safe mode ?

Also I only have my username setup on the PC and this setup as an administrator, is this going to be a problem ?

Cheers

Chris

To get into safe mode I just spam F8 when I start up so that the screen shows up. I think you need to be in safe mode incase something happens but whatever.

When you boot in safe mode you're given the admin account and your account. I get the same thing but I'm an admin so just still use your account and not the default "Administrator" named account.

 

[howard_hopkinso]

Howard my PC is still unable to start in safe mode - it says your computer has encountered an error and suggests I restart normally.
Do I still follow your previous post without safe mode ?

Also I only have my username setup on the PC and this setup as an administrator, is this going to be a problem ?

Cheers

Chris

Yes, follow the instructions from normal mode.

Regards Howard

 

[smilermk]

Hi Howard, can i start off by saying your an abolute gent for taking the time to help me out here... Its very much appreciated.

I thought the last reply was from you - I got confused and I went ahead without safe mode and logged in as normal.

HJT encountered an error when trying to resolve nslookup.dll and I couldn't find the file on my system either, so was unable to put it into killbox (your download link didnt work - so I found it elsewhere).

Ive attached my latest HJT log, am I looking any better ?

Thanks

Chris

 

[howard_hopkinso]

Uninstall this programme, if you don`t know what it is, or you don`t use it.

C:\PROGRA~1\OPTICA~1\4DMAIN.EXE

Have HJT fix this inactive entry.

O20 - Winlogon Notify: winnyv32 - winnyv32.dll (file missing)

Other than the above, your HJT log is clean.

I don`t know why you can`t boot into safe mode, but maybe you should try doing a Windows repair as per this thread HERE.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of smilermk only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[smilermk]

Many thanks again for your help i will look at the safe mode issue, would you recommend any particular piece of software to help protect me in the future ?

Chris

 

[howard_hopkinso]

The free AVG antivirus programme and either the free Zonealarm or Kerio firewall programmes are very good. Obviously you would need to get rid of your Symantec/Norton crapware.

Antispyware programmes to have are, Spybot Search & Destroy/Ad-Aware personal se/Ewido/Spyware Blaster

You can Google for all the above.

Regards Howard