Elitexxg.32exe keep reinstalling itself

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

helpless29

Thread Starter
Joined
Jul 19, 2005
Messages
1
I am being bombarded with pop ups, trojans, spam,etc and the programs keep reinstalling themselves. I have used Ad-aware, Spybot S/D, Yahoo's anti-spy, Spyware guard and spyblaster, went into the registry and removed what tech support on the web advised, to no avail. You are my last hope Ob-wan! Could you take a look at my Hijack this file and advise me?

gfile of HijackThis v1.99.1
Scan saved at 10:26:28 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\windows\system\hpsysdrv.exe
C:\Program

Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Norton

AntiVirus\navapsvc.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Common Files\Symantec

Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Internet

Explorer\iexplore.exe
C:\WINDOWS\system32\rjqopp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and

Settings\Owner\Desktop\DOWLOADS\HijackT

his.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://srch-us4.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customi

ze/ycomp/defaults/sb/*http://www.yahoo.

com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://red.clientapps.yahoo.com/customi

ze/ycomp/defaults/sp/*http://www.yahoo.

com
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://us4.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://red.clientapps.yahoo.com/customi

ze/ycomp/defaults/su/*http://www.yahoo.

com
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.39.69.102

view.atdmt.com
O2 - BHO: SpywareGuard Download

Protection -

{4A368E80-174F-4872-96B5-0B27DDD11DB2}

- C:\Program

Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F}

- C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar -

{EF99BD32-C1FB-11D2-892F-0090271D4F88}

- C:\Program

Files\Yahoo!\Companion\Installs\cpn3\yt

.dll
O4 - HKLM\..\Run: [MSConfig]

C:\WINDOWS\PCHealth\HelpCtr\Binaries\MS

Config.exe /auto
O4 - HKLM\..\Run: [NAV Agent]

C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [hpsysdrv]

c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds]

C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [checkrun]

C:\windows\system32\elitexxg32.exe
O4 - Startup: SpywareGuard.lnk =

C:\Program

Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.h

tml?p=ZUxdm082YYUS
O8 - Extra context menu item: Grip.com

- file://C:\Program

Files\GRIPCZ3\Cache\SelectedContextSear

ch.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

- C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM -

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}

- C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

(file missing)
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

(file missing)
O9 - Extra button: WeatherBug -

{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}

- C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

(HKCU)
O12 - Plugin for .mid: C:\Program

Files\Internet

Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mpeg: C:\Program

Files\Internet

Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF:

{01012101-5E80-11D8-9E86-0007E96C65AE}

(SupportSoft Script Runner Class) -

http://www.comcastsupport.com/sdcxuser/

asp/tgctlsr.cab
O16 - DPF:

{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}

(MiniBugTransporterX Class) -

http://wdownload.weatherbug.com/minibug

/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF:

{39B0684F-D7BF-4743-B050-FDC3F48F7E3B}

(FilePlanet Download Control Class) -

http://www.fileplanet.com/fpdlmgr/cabs/

FPDC_1_0_0_44.cab
O16 - DPF:

{56336BCB-3D8A-11D6-A00B-0050DA18DE71}

(RdxIE Class) -

http://software-dl.real.com/0628f96ea6e

63c7ce804/netzip/RdxIE601.cab
O16 - DPF:

{68BCE50A-DC9B-4519-A118-6FDA19DB450D}

(Info Class) -

http://www.wow-europe.com/signup/en/wow

beta/Si.cab
O16 - DPF:

{6A060448-60F9-11D5-A6CD-0002B31F7455}

(ExentInf Class) -

http://us.games2.yimg.com/download.game

s.yahoo.com/games/play/client/exentctl_

0_0_0_1.ocx
O16 - DPF:

{B942A249-D1E7-4C11-98AE-FCB76B08747F}

(RealArcadeRdxIE Class) -

http://games-dl.real.com/gameconsole/Bu

ndler/CAB/RealArcadeRdxIE.cab
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown

owner -

C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Norton AntiVirus Auto

Protect Service (navapsvc) - Symantec

Corporation - C:\Program Files\Norton

AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP -

C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\

SBServ.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC)

- Symantec Corporation - C:\Program

Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
O23 - Service: X10 Device Network

Service (x10nets) - Unknown owner -

C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.ex

e (file missing)



Thanks a million
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
That log is impossible to read.
--------------------------------------------------------------------------
First do this...

Download and run Micro$oft Anti Spyware BETA:
http://www.microsoft.com/athome/security/spyware/software/default.mspx

First in the top menu click File then Check for updates to download the definitons updates.

After updating look in the right side of the main window under "Run Quick Scan Now".
Click Spyware scan options.
In that window put a tick by Run a full system scan.
Then put a check by all three options below that then click Run Scan now.

When the scan is finished, let it fix anything that it finds
(Have it quarantine the items that have that option rather than delete just in case.)
It is a BETA program and there may be false positives.
--------------------------------------------------------------------------
Reboot.
--------------------------------------------------------------------------
Download: http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/EliteToolbar-Remover.shtml

This tool is to be run in Safe Mode.

To boot into Safe Mode, start tapping the F8 key at Startup, before the Windows logo screen.

Run the remover.
--------------------------------------------------------------------------
Reboot to Normal Mode.
--------------------------------------------------------------------------
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode again.
Perform the following steps:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.
--------------------------------------------------------------------------
Reboot to Normal Mode.

Post a new Hijack This log
After it scans and opens in Notepad...
Do Edit>Select All
Edit>Copy
Then come back here
Edit>Paste

Also post the results of the Ewido scan.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top