Toolbar888

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

indorock

Thread Starter
Joined
Jan 25, 2007
Messages
1
Hi i've just recently been infested with a case of the Toorbar888 (i ran ad-aware and Spybot S&D and Toolbar888 is the one that wont go away) Here below is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 1:46:28 AM, on 1/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\RACLE~1\logonui.exe
C:\WINDOWS\system32\?ecurity\i?xplore.exe
C:\Program Files\Parallels\Parallels Tools\cohrence.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\AT&T Global Network Client\NetCfgSv.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mark\Local Settings\Temp\wz3a30\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy.eu.omron.com:3132/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.eu.omron.com
R3 - URLSearchHook: (no name) - {39C143AF-A061-A8EA-1972-DA58150AF796} - C:\WINDOWS\system32\nru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {39C143AF-A061-A8EA-1972-DA58150AF796} - C:\WINDOWS\system32\nru.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Parallels Tools] C:\Program Files\Parallels\Parallels Tools\ParallelsToolsCenter.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Bart] "C:\PROGRA~1\COMMON~1\RACLE~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Snmbtkvi] "C:\WINDOWS\system32\?ecurity\i?xplore.exe" 99001162
O8 - Extra context menu item: Edit with Altova X&MLSpy - D:\Altova\XMLSpy2007\spy.htm
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - D:\Altova\XMLSpy2007\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - D:\Altova\XMLSpy2007\spy.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjws32 - winjws32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Parallels Coherence Service (cohrence) - Parallels Software International, Inc. - C:\Program Files\Parallels\Parallels Tools\cohrence.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - D:\AT&T Global Network Client\NetCfgSv.EXE



TIA :)
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi Welcome to TSG!!

Please move hijackthis.exe into a permanent folder.

To create a permanent folder click My Computer, then C:\
In the menu bar click on File, New, Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ folder.
Put your HijackThis.exe into that folder


Run HijackThis and click Open the Misc Tools section
Click Open Uninstall Manager, Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of the log here in your next reply.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top