Clean-up
Lava soft Ad-ware SE
CW-shredder
Spybot Search & Destroy
Windows updates
I also have this crazy ELITE TOOL BAR that I have no idea where it came from, how can I get rid of it?
Please help me if you can!
Blessings,
Terri
Logfile of HijackThis v1.99.1
Scan saved at 9:09:07 PM, on 07/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WS_FTP\FTPSCHED.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SCANDISKC.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SCANDISKC.EXE
C:\WS_FTP\FTPQUEUE.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\ELITERPP32.EXE
C:\WINDOWS\SYSTEM\WALM32.EXE
C:\WINDOWS\PQNRRR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\CAS\CLIENT\CASCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\PUSDINFO.EXE
C:\PROGRAM FILES\IBM\APTDESK\MVSLOADR.EXE
C:\IBM\REGISTER\REMIND32.EXE
C:\Program Files\IBM\Aptdesk\mvdz1exe.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\UHIX2ZUL\HIJACKTHIS[1].EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gbronline.com/gbr_prod/
F1 - win.ini: run=c:\windows\scandiskc.exe
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [K6CPU] C:\ibmtools\k6cpu.exe
O4 - HKLM\..\Run: [IBMCPU] C:\ibmtools\ibmcpu.exe
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AccessRampMonitor] C:\PROGRAM FILES\ACCESSRAMP\MCIWORLD\ARMon32.exe
O4 - HKLM\..\Run: [MYPORTPHOLIO.JPG] C:\WINDOWS\MYPORTPHOLIO.JPG.EXE /nomsg
O4 - HKLM\..\Run: [Kernel32] c:\windows\scandiskc.exe
O4 - HKLM\..\Run: [ftpqueue] C:\WS_FTP\ftpqueue.exe -tray
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] c:\windows\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\SYSTEM\PSof1.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITERPP32.EXE
O4 - HKLM\..\Run: [o42O36P] WALM32.EXE
O4 - HKLM\..\Run: [AutoUpdater] "c:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\pqnrrr.exe reg_run
O4 - HKLM\..\RunServices: [Tweak Ul] c:\windows\netstattt.exe
O4 - HKLM\..\RunServices: [ftpqueue] C:\WS_FTP\FTPSCHED.EXE
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [ModemInstallAssistant] G:\SUPPORT\MODEMINSTALL.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\YAHOO!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [Z3tERWjpj] PUSDINFO.EXE
O4 - Startup: Start Desktop Effects.lnk = C:\Program Files\IBM\Aptdesk\MVSLOADR.EXE
O4 - Startup: Crystal 3D Audio Control.LNK = C:\WINDOWS\CWB3DSND.EXE
O4 - Startup: Reminder-iqi10705.lnk = C:\IBM\Register\REMIND32.EXE
O4 - Startup: Internet Login.lnk = C:\WINDOWS\INETLOGN.EXE
O4 - Startup: ruak.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\YAHOO!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\YAHOO!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\YAHOO!\Common/ycdict.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra button: Juno - {AFBC3A50-BF64-4307-804D-8FF99F843EAF} - juno.exe (file missing) (HKCU)
O12 - Plugin for .wav: C:\Program Files\Netscape\Navigator\Program\PLUGINS\NPAUDIO.DLL
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.juno.com/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\YAHOO!\Common\yinsthelper.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - https://java.sun.com...indows-i586.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab