[JimmyJordanPlatt34]

i have this annoying thing called etbrun, but nothing gets rid of it!

Logfile of HijackThis v1.99.1
Scan saved at 9:05:42 PM, on 4/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) =

www.google.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

www.google.com
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no

file)
O2 - BHO: (no name) - {0CFF4EF0-DE66-8EC9-1E44-DF38714991C2} -

C:\WINDOWS\System32\swhjt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common

Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program

Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program

Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive

Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program

Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteugr32.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program

Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program

Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe" /0
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -

C:\Program Files\AIM\aim.exe
O10 - Broken Internet access because of LSP provider

'xfire_lsp.dll' missing
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector

Class) -

http://ax.phobos.app.../ITDetector.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative

Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton

Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) -

Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program

Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. -

C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPH11 - HP -

C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program

Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) -

Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation -

C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\Security

Center\SymWSC.exe

[Advertisements]

Welcome SuperTyphoon to Geeks to Go!

Download CleanUp!.
If the link doesn´t work, download it from here.
Don't run the program, we'll do that later.

***

Download EliteToolbar removal.
Unzip the files to a convenient folder.
Reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

***

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder.

***

Open HijackThis from within it's own folder.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
some items may already be gone, due to the above mentioned steps

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: (no name) - {0CFF4EF0-DE66-8EC9-1E44-DF38714991C2} - C:\WINDOWS\System32\swhjt.dll

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteugr32.exe

Click on Fix Checked when finished and exit HijackThis.

***

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
***

Remove this file:

C:\windows\system32\eliteugr32.exe
it may already be gone, due to the above taken steps

***

Find and doubleclick the file cleanup312.exe.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, decline to log off.

Instead, reboot the system.

***

Post back here in this topic (use the 'add reply' button) with a fresh log using HijackThis.

No reply was posted for two weeks.

This topic is now closed. If you are the topicowner and still need assistance, please send me a PM.

Edited by g2i2r4, 23 April 2005 - 08:24 AM.

[g2i2r4]

Welcome SuperTyphoon to Geeks to Go!

Download CleanUp!.
If the link doesn´t work, download it from here.
Don't run the program, we'll do that later.

***

Download EliteToolbar removal.
Unzip the files to a convenient folder.
Reboot your machine in Safe Mode (just click onto F8 key the same moment the pc is starting, before the MS Windows flag screen) and run the EliteToolbar Remover, then click the "Kill Elite Toolbar" button and wait until it will finish its work.

***

You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder.

***

Open HijackThis from within it's own folder.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
some items may already be gone, due to the above mentioned steps

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)

O2 - BHO: (no name) - {0CFF4EF0-DE66-8EC9-1E44-DF38714991C2} - C:\WINDOWS\System32\swhjt.dll

O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteugr32.exe

Click on Fix Checked when finished and exit HijackThis.

***

We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
***

Remove this file:

C:\windows\system32\eliteugr32.exe
it may already be gone, due to the above taken steps

***

Find and doubleclick the file cleanup312.exe.

Go to option
Select ‘custom’
Put a check to:* Cookies
* Prefetch
* Temp
* All users.
Press 'cleanup!'

Once it's done, decline to log off.

Instead, reboot the system.

***

Post back here in this topic (use the 'add reply' button) with a fresh log using HijackThis.

No reply was posted for two weeks.

This topic is now closed. If you are the topicowner and still need assistance, please send me a PM.

Edited by g2i2r4, 23 April 2005 - 08:24 AM.