Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP  
Forum Quick Jump
 
New Topic Post reply to : EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP Printable version of : EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP
[ << Previous Thread | Next Thread >> ]

eric215
New Member


Date Joined Sep 2004
Total Posts : 2
  		   Posted 9-18-2004 11:25 (GMT +1)    Quote: EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELPAlert an admin about: EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP
I've tried everything elitebar JUST WON't GO AWAY......after deleating uninstalling regediting running all possible spyware malware program ......it WILL reinstall itself after a restart!!!!!!!!! Please need help here ( I think there's a "elitebar setup" program hidden somewhere )
Here's my HJT  ( Apparently there's some casino popups everynow and then.....arhhh! )
 
Logfile of HijackThis v1.98.2
Scan saved at 6:22:04 PM, on 9/18/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\WINDOWS\Explorer.EXE
C:\program files\powerstrip\pstrip.exe
C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQPlus\vplus.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccernet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 50.dll
O4 - HKLM\..\Run: [PowerStrip] c:\program files\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winyfu32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ICQ Plus] "C:\Program Files\ICQPlus\vplus.exe"
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: v2cab - http://7123.searchmiracle.com/cab/v2cab.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C4DD015-E78D-4102-B29A-C057D31E9E0F}: NameServer = 165.21.100.88 165.21.83.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C4DD015-E78D-4102-B29A-C057D31E9E0F}: NameServer = 165.21.100.88 165.21.83.88
 
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 14350
  		   Posted 9-18-2004 1:22 (GMT +1)    Quote: EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELPAlert an admin about: EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP
Hey eric215smilewinkgrin
 
Scan with Hijacktis, close all other windows, put a checkmark to these, and fix:
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81C3A} - C:\WINDOWS\EliteBar\EliteBar version 50.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA880F} - C:\WINDOWS\EliteBar\EliteBar version 50.dll
O4 - HKLM\..\Run: [Sys29] C:\windows\system32\winyfu32.exe
O16 - DPF: v2cab - http://7123.searchmiracle.com/cab/v2cab.cab

Show hidden files:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

boot to safe mode- F8
 
Find and delete these :
C:\WINDOWS\EliteBar\EliteBar version 50.dll <<<Folder EliteBar
C:\windows\system32\winyfu32.exe

 Reboot and run this scanner: http://www.mwti.net/antivirus/free_utilities.asp

Take one of the first seven links, activate all, in settings

Post new logfile

     Touch
 
 

Back to Top
 
New Topic Post reply to : EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP Printable version of : EliteBAR !!!!!!!!! DRIVING ME NUTSSSSSSS!!!!!!!!! ARRRRRRRRHHHHHHHH need HELP
 
Forum Information
Currently it is Friday, January 09, 2009 10:11 PM (GMT +1)
There are a total of 66.008 posts in 16.187 threads.
In the last 3 days there were 19 new threads and 110 reply posts. View Active Threads
Who's Online
This forum has 27804 registered members. Please welcome our newest member, revmrf.
61 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Google redirect virus help (6)09-01-2009 20:36:39 (phinfan)
Connection to server timeout (0)09-01-2009 20:35:36 (revmrf)
Hijackthis (2)09-01-2009 19:41:14 (fingers101)
Need help with removing viruses ∼tmpa and ∼tmpc!!! (4)09-01-2009 19:26:11 (Strummer89)
Virus help needed (10)09-01-2009 19:23:22 (msmat999)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard