HJT Log yupsearch/elitetoolbar

Author	All Replies
fadort join:2001-12-15 Cuyahoga Falls, OH 2 edits	HJT Log yupsearch/elitetoolbar I have a problem with that........... real bad seems theres some popups....... messed up my homepage..... for a while I couldn't even open up internet explorer. here's my highjackthis log..... hopefully someone can help. Everything I've tried has failed to help..... I have trojanhunter running right now Logfile of HijackThis v1.99.1 Scan saved at 7:57:11 PM, on 3/26/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\oodag.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Apache Group\Apache\Apache.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\system32\tbctray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\PopUpCop\PCCloser.exe C:\Program Files\TrojanHunter 4.0\TrojanHunter.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Internet Explorer\iexplore.exe C:\jackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.optonline.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »searchmiracle.com/sp.php O1 - Hosts: comments (such as these) may be inserted on individual O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\ELITET~1\ELITET~2.DLL O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitesul32.exe O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\iolo\System Mechanic 4 Professional\SMUtilityBar.exe" O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Smokey\Local Settings\Temporary Internet Files\Content.IE5\8PIR8TAV\access[1].exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {E9173ECA-1F4F-41ed-AF1F-8F723DFE3458} - C:\Documents and Settings\Smokey\Local Settings\Temporary Internet Files\Content.IE5\8PIR8TAV\access[1].exe (file missing) (HKCU) O15 - Trusted Zone: »Download.Windowsupdate.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - »support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - »install.wildtangent.com/ActiveLa···cher.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - »a1540.g.akamai.net/7/1540/52/200···ller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···63891894 O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - »www.gamespot.com/KDX/kdx.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
	to forum · permalink · · 2005-03-26 19:40:21 ·
MapleLeaf Premium join:2001-09-04 Burnaby, BC	Re: yupsearch/elitetoolbar •You need the latest HijackThis 1.99.1 •Go through steps described here: »Security »I think my computer is infected or hijacked. What should I do? prior to posting HilackThis log •Make a folder for HilackThis, don't run it from desktop -- Remember, I'm pulling for you - we are all in this together...
	to forum · permalink · · 2005-03-26 19:47:21 ·
sheiny join:2005-03-13 Turlock, CA	reply to fadort »securityresponse.symantec.com/av···bar.html
	to forum · permalink · · 2005-03-26 19:48:11 ·
fadort join:2001-12-15 Cuyahoga Falls, OH	reply to MapleLeaf ok used newest and what not.
	to forum · permalink · · 2005-03-26 19:56:24 ·
spooler0 Premium join:2004-11-17	said by fadort : ok used newest and what not. So everything is clean now, no?
	to forum · permalink · · 2005-03-26 20:03:48 ·
fadort join:2001-12-15 Cuyahoga Falls, OH	no trojan hunters still hunting..... I just ment I fixed the highjackthis posting problem (got newer version, moved location) I still have the issue.... I deleted some of the registry entries that symantic said but it tried to add them back again but I had spybot not allow it. then some of them weren't even where they were supposed to be so I dunno..... if anyone knows off hand if anything can be fixed with highjackthis let me know... I'm going to try running all of these protection programs...... hard to do stuff when popups keep just showing up all the time. thanks for the help......
	to forum · permalink · · 2005-03-26 20:07:18 ·
SnowyOne Premium join:2003-04-05 Kailua, HI ·RoadRunner Cable ·Clearwire Wireless 1 edit	reply to spooler0 It must have been one of these whatnots 1.CWShredder 2.About:Buster 3.Spybot S&D 4.AdAware in the »Security »I think my computer is infected or hijacked. What should I do? that cleaned it up It's one of the finest resources on the net EDIT the FAQ offers the advice of running these tools in safemode. It will take care of the popup issue while your running them.
	to forum · permalink · · 2005-03-26 20:08:44 ·
PageTurner Premium join:2004-08-16 US	reply to fadort Re: HJT Log yupsearch/elitetoolbar I found this on the net. The creator of the proggie also will answer questions in a forum linked to the page. It is also available at Major Geeks. I can't comment on the proggie as I have never used it. »www.simplytech.it/ETRemover/
	to forum · permalink · · 2005-03-26 22:28:40 ·
fadort join:2001-12-15 Cuyahoga Falls, OH	seems that right now all is fine but if anyone can find a problem with my highjackthis log please let me know..... I don't want this thing to creep up on me again I fixed everything in safemode....... I ran every protection program I had. Everyone of them that was suggested in that help thread. Logfile of HijackThis v1.99.1 Scan saved at 11:25:51 AM, on 3/27/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\oodag.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\DU Meter\DUMeter.exe C:\WINDOWS\DELLMMKB.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe C:\PROGRA~1\SYMANT~1\vptray.exe C:\Program Files\Microsoft Hardware\Mouse\point32.exe C:\WINDOWS\system32\tbctray.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Eraser\eraser.exe C:\Program Files\Netropa\OSD.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\MRU-Blaster\scheduler.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\PROGRA~1\PopUpCop\PCCloser.exe C:\Program Files\Trillian\trillian.exe C:\nnscript\mirc.exe C:\Documents and Settings\Smokey\Desktop\ThunderMule Kademlia\emule.exe C:\Program Files\Serv-U\ServUAdmin.exe C:\Program Files\Serv-U\ServUDaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Serv-U\ServUTray.exe C:\jackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »www.optonline.net/ O1 - Hosts: comments (such as these) may be inserted on individual O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: PopUpCop - {DB43E4E6-FF8A-4018-8C8E-F68587A44A73} - C:\PROGRA~1\PopUpCop\PopUpCop.dll O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe O4 - HKLM\..\Run: [POINTER] point32.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe" O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitesul32.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe" O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide O4 - HKCU\..\Run: [iolo System Mechanic Utility Bar] "C:\Program Files\iolo\System Mechanic 4 Professional\SMUtilityBar.exe" O4 - HKCU\..\Run: [ServUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O8 - Extra context menu item: Open Image in New Window - res://C:\PROGRA~1\PopUpCop\popupcop.dll/imagenew O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: »Download.Windowsupdate.com O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - »support.dell.com/systemprofiler/SysPro.CAB O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - »install.wildtangent.com/ActiveLa···cher.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - »a1540.g.akamai.net/7/1540/52/200···ller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - »v5.windowsupdate.microsoft.com/v···63891894 O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - »www.gamespot.com/KDX/kdx.cab O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Apache - Unknown owner - C:\Program Files\Apache Group\Apache\Apache.exe" --ntservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
	to forum · permalink · · 2005-03-27 11:25:21 ·
MapleLeaf Premium join:2001-09-04 Burnaby, BC	You are not done yet. There is at least one Elitebar component left: O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitesul32.exe You know, things are just a bit slow here because of holidays. Would you like to start a fresh thread with HijackThis log and include link in it to this current thread? It might get better attention from real experts. -- Remember, I'm pulling for you - we are all in this together...
	to forum · permalink · · 2005-03-27 11:35:28 ·


Monday, 09-Nov 05:03:56	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF