DyFuCa and EliteBar:How to remove them??

anomit · 04-06-2005, 12:05 PM

When I scan my comp using SpyBot S&D in the results it shows:

DyFuCa:Internet Optimizer 2 entries
Elitum:EliteBar 2 entries

When I select Fix Selected, it shows a message that it could not fix the 4 entries because some programs related to it are still in memory and asks me if it would delete them next time windows starts. I chose Yes but still it failed when Windows booted next time. I ran it in safe mode but still it could not fix them and showed the same message.

I have the registry entries related to them with me. But in safe mode, my mouse does not work. So using regedit to delete them becomes quite impossible as I cannot scroll sideways. Can any one of you help me how to write a .bat program or something like that so that I can delete those entries manually?

swatkat · 04-06-2005, 01:51 PM

Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it here.

anomit · 04-06-2005, 03:20 PM

To me my log looks clean. Anyway here it is.(deleted first few lines to save space)

Quote:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\WyvernWorks\Firewall 2004\Firewall 2004.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.in/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.in
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\soft\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D92740-3062-4DED-8EA0-1ED26A96EE27}: NameServer = 69.50.176.156 195.225.176.31
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

drgrudge · 04-06-2005, 04:00 PM

Quote:

O17 - HKLM\System\CCS\Services\Tcpip\..\{78D92740-3062-4DED-8EA0-1ED26A96EE27}: NameServer = 69.50.176.156 195.225.176.31

Both the IP points to US ISP. Did u take the log file with iinternet connected?

I dint see any problem with the HJT

. But wait for other members to post.

swatkat · 04-06-2005, 07:08 PM

Download Elite ToolBar Remover and run it in Safe Mode, and check whether it detects anything.

anandk · 04-06-2005, 07:52 PM

ms antispyware or adaware too remove them successfully. try them !

anomit · 04-06-2005, 10:13 PM

Quote:

Originally Posted by anandk

ms antispyware or adaware too remove them successfully. try them !

No man, they dont even detect these.

Quote:

Originally Posted by dgrudge

Both the IP points to US ISP. Did u take the log file with iinternet connected

When I perform a nslookup, I get the following results. Look if you can understand anything...

Code:

C:\>nslookup www.thinkdigit.com
*** Can't find server name for address 69.50.176.156: Non-existent domain
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 195.225.176.31: Timed out
*** Default servers are not available
Server:  UnKnown
Address:  69.50.176.156

Non-authoritative answer:
Name:    www.thinkdigit.com
Address:  130.94.75.250

Anyways, I painfully deleted the registry entries usning my kbd only in Safe Mode.

drgrudge · 04-06-2005, 10:59 PM

^^ no anomit, i meant when u run hijackthis.exe, were you connected to internet, only then 017 will show up, so i asked..

djmykey · 05-06-2005, 08:02 AM

I did nslookup for thinkdigit heres what I got

Name : www.thinkdigit.com
Address : 130.94.75.250

anandk · 05-06-2005, 08:24 AM

strange.. adaware removes dyfuca...anyway ! was assuming about ms anti-spy, though

but its a fact the most anti-spy's, while removing malaware do miss out on some registry entries, which then get detected by some other anti-spys.

anyway 'xoftspy' also detects dyfuca and elite bar. try that !

www.paretologic.com

anomit · 05-06-2005, 10:51 PM

Quote:

Originally Posted by djmykey

I did nslookup for thinkdigit heres what I got

Name : www.thinkdigit.com
Address : 130.94.75.250

Heck man, thats not the point here. He asked about those 2 IPs so I showed the full results of nslookup of digit which refers to those 2 IPs.

I dint perform it for knowing the IP address of DIGIT website.

Popular Categories

Popular Articles

Content Categories

Sister Sites

Follow Us

Facebook Channels

Digit Magazine