[Elitebar, elitum elite bar, exact advertising, etc.] -
Elitebar, elitum elite bar, exact advertising, etc.
Discuss Elitebar, elitum elite bar, exact advertising, etc.
Posted by: ko0pa
Wow I've never had this problem. No matter what I can't get rid of this. I've ran adaware, spybot S&D, spyware doctor etc etc etc. I've done it in safemode I've tryed everything. HelP :(
Logfile of HijackThis v1.98.2
Scan saved at 11:39:19 PM, on 12/14/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\srxTitan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\Ati2evxx.exe
L:\LiteStep\litestep.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Windows ControlAd\WinCtlAdAlt.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
L:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
L:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
L:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.657\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.searchmiracle.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url]
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [Zone Labs Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKCU\..\Run: [Spyware Doctor] "L:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Posted by: intercodes
ko0pa,
Fix these,
C:\Program Files\Windows ControlAd\WinCtlAd.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.searchmiracle.com/[/url]
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
Fix them and post your log.
Posted by: southernlady
Please WAIT...there is a certain WAY to fix this log. Liz
Posted by: southernlady
First, you are running Hijack This out of a [COLOR=red][B]temporary directory[/B][/COLOR] on your desktop. Can you please create a folder in My Documents and call it Hijack (or something similar). Then extract Hijack This into the folder you have created and run it from there. The reason for this is that Hijack This backup files may be deleted if it is being run from a temporary folder.
Turn off System Restore: [URL=http://www.spyware911.net/forum/index.php?showtopic=16]System Restore[/URL]
Next,you need to download CWShredder. Here's where you can get it: [URL=http://www.spyware911.net/downloads/CWShredder.exe]CWShredder[/URL]
Then, restart into [U][I][COLOR=red][B]Safe Mode (tap F8 while restarting)[/B][/COLOR][/I][/U], and make sure you can see hidden files and folders. Here's a link on how to do this: Safe Mode: [URL=http://www.spyware911.net/safemode.htm] Safe Mode[/URL] Show Hidden Files: [URL=http://www.spyware911.net/forum/index.php?showtopic=27]Show Hidden Files[/URL]
Run CWShredder and [COLOR=red][B]click Fix ->[/B][/COLOR].
Run Hijackthis! and fix the following:
[B]R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url][/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url][/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url][/B]
[B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.searchmiracle.com/[/url][/B]
[B]R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url][/B]
[B]O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll[/B]
[B]O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe[/B]
[B]O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe[/B]
Then, find and delete:
C:\WINDOWS\system32\[B]srxTitan.exe[/B]
[B]L:\LiteStep\litestep.exe[/B]
C:\Program Files\[B]Windows ControlAd\WinCtlAd.exe[/B]
C:\Program Files\[B]Windows ControlAd\WinCtlAdAlt.exe[/B]
Go ahead and clear out your [B]temp files[/B], as well. Delete everything inside these folders:
C:\Windows\Temp\[B]what is inside[/B]
C:\Windows\Temporary Internet Files\[B]what is inside[/B]
C:\Windows\Cookies\[B]what is inside[/B]
Reboot
Empty your recycle bin
Post a new log
Liz
Posted by: ko0pa
I'm going to do it now and ill have the log up within 10 minutes :) thanks guys!
Posted by: southernlady
Did you see my edit? Liz
Posted by: ko0pa
yes I went straight to yours. here's the new list.. popups still coming. Also cwssheder didnt do anything :/ There was nothing to fix it said
Logfile of HijackThis v1.98.2
Scan saved at 4:18:28 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
L:\LiteStep\litestep.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
L:\Program Files\Razer\razertra.exe
L:\Program Files\Spyware Doctor\swdoctor.exe
L:\Program Files\Razer\razerhid.exe
C:\Program Files\Common Files\Symantec Shared\Nmain.exe
C:\WINDOWS\system32\wuauclt.exe
L:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\hijack\HijackThis.exe
O4 - HKLM\..\Run: [Zone Labs Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [razertra] L:\Program Files\Razer\razertra.exe
O4 - HKCU\..\Run: [Spyware Doctor] "L:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: enable tray icon.lnk = ?
O4 - Startup: Norton SystemWorks.lnk = ?
Posted by: ko0pa
Also L:\litestep\litestep.exe is not a problem. It's my shell so ignore that.
Posted by: southernlady
That's why I put Litestep on the list:
[url]http://forums.techguy.org/t218333.html[/url]
[url]http://forums.techguy.org/t223085.html[/url]
Posted by: ko0pa
it's not going to screw up anything if i remove the boot for litestep? that thread just kinda left you hanging... and this will fix the popups?
Posted by: ko0pa
Should this be deleted?
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe
Posted by: southernlady
Yes, to the last question.
Leave Litestep for now and we will see what happens. Liz
Posted by: ko0pa
Well the popups are still coming... I already did what you said
Posted by: ko0pa
INcase you missed it here's the updated log:
[quote]Logfile of HijackThis v1.98.2
Scan saved at 5:10:05 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\Ati2evxx.exe
L:\LiteStep\litestep.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Password Manager\AcctMgr.exe
L:\Program Files\Razer\razertra.exe
L:\Program Files\Spyware Doctor\swdoctor.exe
L:\Program Files\Razer\razerhid.exe
L:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
L:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\My Documents\hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O4 - HKLM\..\Run: [Zone Labs Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [razertra] L:\Program Files\Razer\razertra.exe
O4 - HKCU\..\Run: [Spyware Doctor] "L:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: enable tray icon.lnk = ?
O4 - Startup: Norton SystemWorks.lnk = ?
[/quote]
Posted by: southernlady
Run Hijackthis! and fix the following:
[B]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm[/B]
[B]O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe[/B]
These two need their links fixed:
[B]O4 - Startup: enable tray icon.lnk = ?[/B]
[B]O4 - Startup: Norton SystemWorks.lnk = ?[/B]
Reboot
Post a new log. Liz
Posted by: southernlady
If they are still coming after that, I have one more thing to try. Liz
Posted by: ko0pa
[url]http://e.rn11.com,[/url] [url]http://searchmiracle.com[/url] also comes up and elite bar reinstalls itself every time i boot up. why is it not going away? I went into safemode again delete all history the elite bar folder in windows and ran cwsshredder, adaware, spyware doctor and spybot sd. They find things and i fix them yet i guess their not fixing...
Posted by: ko0pa
after reboot this is the log.. it all seems to be back..
[quote]Logfile of HijackThis v1.98.2
Scan saved at 5:32:06 PM, on 12/15/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
L:\LiteStep\litestep.exe
L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
L:\Program Files\Razer\razertra.exe
L:\Program Files\Spyware Doctor\swdoctor.exe
L:\Program Files\Razer\razerhid.exe
C:\WINDOWS\system32\wuauclt.exe
L:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrator\My Documents\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://searchmiracle.com/sp.php[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://searchmiracle.com/sp.php[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.searchmiracle.com/[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://searchmiracle.com/sp.php[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [Zone Labs Client] "L:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [kalvsys] c:\windows\system32\kalvotd32.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [razertra] L:\Program Files\Razer\razertra.exe
O4 - HKCU\..\Run: [Spyware Doctor] "L:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: enable tray icon.lnk = ?
O4 - Startup: Norton SystemWorks.lnk = ?
[/quote]
Posted by: southernlady
This is my final try at *killing* it:
It's called Killbox and it and one other are all I have left in my arsenal:
Here is Killbox: [url]http://www.spyware911.net/downloads/KillBox.exe[/url]
And here is XCleaner free version: [url]http://www.xblock.com/download/xcleaner_free.exe[/url]
If these two don't work, I'm out of my bag of tricks. Liz
Posted by: ko0pa
Well I ran xcleaner in safemode and in regular, killboxed the elite bar folder etc. and it all came right back...
Posted by: southernlady
Well, like I just told Skooter...I have nothing left up my sleeve...I can either send you on to a friend or tell you to reformat...which shall it be? Liz
Posted by: southernlady
Closed due to lack of activity. Lis