DyFuCa and EliteBar:How to remove them??

Status
Not open for further replies.
anomit

anomit

In the zone
When I scan my comp using SpyBot S&D in the results it shows:

DyFuCa:Internet Optimizer 2 entries
Elitum:EliteBar 2 entries

When I select Fix Selected, it shows a message that it could not fix the 4 entries because some programs related to it are still in memory and asks me if it would delete them next time windows starts. I chose Yes but still it failed when Windows booted next time. I ran it in safe mode but still it could not fix them and showed the same message.

I have the registry entries related to them with me. But in safe mode, my mouse does not work. So using regedit to delete them becomes quite impossible as I cannot scroll sideways. Can any one of you help me how to write a .bat program or something like that so that I can delete those entries manually?
 
swatkat

swatkat

Technomancer
Download HijackThis and unzip it to dedicated folder (like C:\HijackThisFolder\hijackthis.exe).
Then run it and click the button Do a System scan and save log file. HijackThis will perform a scan and saves the log file as hijackthis.log in the same folder where it is installed and it also opens the file automatically.
Copy the entire contents of the file and post it here.
 
OP
anomit

anomit

In the zone
To me my log looks clean. Anyway here it is.(deleted first few lines to save space)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pctspk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\WyvernWorks\Firewall 2004\Firewall 2004.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\soft\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = *www.google.co.in/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = *www.google.co.in
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = *www.google.co.in/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\soft\Spybot\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O10 - Unknown file in Winsock LSP: c:\program files\wyvernworks\firewall 2004\apptoport.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D92740-3062-4DED-8EA0-1ED26A96EE27}: NameServer = 69.50.176.156 195.225.176.31
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Click to expand...
 
drgrudge

drgrudge

Another Brick in the Wall
O17 - HKLM\System\CCS\Services\Tcpip\..\{78D92740-3062-4DED-8EA0-1ED26A96EE27}: NameServer = 69.50.176.156 195.225.176.31
Click to expand...
Both the IP points to US ISP. Did u take the log file with iinternet connected?


I dint see any problem with the HJT :( . But wait for other members to post.
 
swatkat

swatkat

Technomancer
Download Elite ToolBar Remover and run it in Safe Mode, and check whether it detects anything.
 
OP
anomit

anomit

In the zone
anandk said:
ms antispyware or adaware too remove them successfully. try them ! :)
Click to expand...

No man, they dont even detect these.

dgrudge said:
Both the IP points to US ISP. Did u take the log file with iinternet connected
Click to expand...

When I perform a nslookup, I get the following results. Look if you can understand anything...

Code: 
C:\>nslookup [url]www.thinkdigit.com[/url]
*** Can't find server name for address 69.50.176.156: Non-existent domain
DNS request timed out.
    timeout was 2 seconds.
*** Can't find server name for address 195.225.176.31: Timed out
*** Default servers are not available
Server:  UnKnown
Address:  69.50.176.156

Non-authoritative answer:
Name:    [url]www.thinkdigit.com[/url]
Address:  130.94.75.250


Anyways, I painfully deleted the registry entries usning my kbd only in Safe Mode.
 
drgrudge

drgrudge

Another Brick in the Wall
^^ no anomit, i meant when u run hijackthis.exe, were you connected to internet, only then 017 will show up, so i asked..
 
anandk

anandk

Distinguished Member
strange.. adaware removes dyfuca...anyway ! was assuming about ms anti-spy, though :oops:

but its a fact the most anti-spy's, while removing malaware do miss out on some registry entries, which then get detected by some other anti-spys.

anyway 'xoftspy' also detects dyfuca and elite bar. try that ! :)
www.paretologic.com
 
OP
anomit

anomit

In the zone
djmykey said:
I did nslookup for thinkdigit heres what I got

Name : www.thinkdigit.com
Address : 130.94.75.250
Click to expand...

Heck man, thats not the point here. He asked about those 2 IPs so I showed the full results of nslookup of digit which refers to those 2 IPs.

I dint perform it for knowing the IP address of DIGIT website. :lol:
 
Status
Not open for further replies.
Top Bottom