Elitebar miracle search helppppppp

Okay guys I have the stupid elite bar/ search miracle thing and it won't go away I have all of your spyware progs and norton antivirus and a firewall so I don't need anything added to my comp I have been reading your forums and it pretty much seems that the only way to get rid of this thing is with professional help and it's either you guys or wait two weeks for the UT ITS lab to get to it. So if you guys could please help me out I already have a hijack this log ready for posting upon request. Also i'd like to point out that while i was writing this thing five of those stupid popups have come up PLZZZ help me ty

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs. TIP: Create a folder on your C:\ drive for the tools/utilities you will need to use. For example: Navigate to your Program Files directory, right click on a blank spot in the window > choose New > Folder. Name this folder Spyware Tools. Now you can save the needed tools to this folder and if you prefer, create sub-folders named for each individual utility.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an ATTACHMENT.
All instructions are covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting


Now post a Hijack This log as an ATTACHMENT to your message (Do NOT copy/paste the log into your post). Please close unnecessary running programs before you run HijackThis. You must close each of the following: your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc.

DO NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

To Repeat: Please be sure to reply in this thread if you need further assistance or have any questions. Someone WILL be along to help you as soon as they can. You can help us help you by following the above instructions and providing detailed information as to the difficulties you are having and/or continuing to have after you have completed the Basic Spyware, Trojan And Virus Removal tutorial. Just telling us you followed the tutorial does not give us enough information. You need to let us know the results...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

We all recognize that if you are here asking for help you are probably frustrated and maybe even angry that your computer has been taken over by some malicious program. Rest assured, we want to help you but that we get frustrated too when we are not given the requested information or when instructions are not followed. Don't be afraid to ask for additional help if you don't understand something! There is no such thing as a dumb question and we do not expect everyone who comes here to have vast computer knowledge, however you will be more educated and better prepared to prevent re-infestation when you leave here!

Good luck!

 

I downloaded everything from you guys' website and ran all the applicable programs that were on the list. I then ran my own personal norton and it found four files which I will post if you would like. However when I used explorer to manually find these files and delete them it can't find any of the files.
The files that it finds are:
1)Cocuments and settings\owner\local settings\temporary internet files\ content.ie5\7n3y53az\protector_updater[1].exe
2)Cocuments and settings\owner\local settings\temporary internet files\ content.ie5\2pqf03mj\mh[1].exe
3)Cocuments and settings\owner\oldstuff\mousepads maphack.zip
4)C:Windows\Downloaded program files\sahunistall.exe

These files were only found by norton. (note they may also have been found by the online panda scan but even if they were the computer was still unable to delete them.)


I have spent several days reading posts by other users about the miraclesearch/Elitebar spyware that has been infecting computers. Using all of the advice given to other users I have attempted everything that I possibly can to rid my system of this thing and it has become apparent to me that the only way to rid my computer of it is to have a professional do it. Every single post on the web that I have read has involved the person eventually sending in a hijack this log and the professional telling them how to remove it. So when you say that I should follow the instructions on the page I have and I am. I have done every single step except for the one that says use hijackthis to remove the spyware.

BUT ANYWAYS
Since my first post was not clear I will now attempt to be more clear.

I noticed my computer was infected with spyware when
1) my homepage was changed from yahoo to something else
2) everytime i typed in a search a side bar from searchmiracle.com came up
3) my google toolbar in IE was replaced with something called elitebar
4)a pop up began to appear (that wasn't blocked by any of the popup software i have) informing me that either my computer was at risk and i should download a firewall (a pretty typical spyware ploy) or talking about some other crap. When my internet is connected one of about 4-5 different popups happens (whether IE is open or not) about every 30 seconds which as you might imagine is pretty godawfully annoying.

STEPS I TOOK
1) ran norton antivirus and it located the four files listed above
NOTE: file 1 and file 3 have been on my computer for a long time and pose no real threat since the only thing they do is steal peoples items in an online video game.
2) attempted to delete the files Norton says delete failed so i attempted to delete them manually but Explorer is unable to find the containing folders (i.e. my computer says that the path name c:documents and setttings...\content.ie5... does not exist)
3) went to the symantec website and followed their instructions for removal of this threat. They told me to edit my registry (which i have done several times before) but unfortunately i wasn't able to find any of the registry keys that it said i should find and therefore the issue is unresolved
4) did a google search on how to remove the miraclesearch spyware your site came up. I read in the forums to get all the basic spyware/trojan/virus removal software
5) obtained programs aboutbuster,ccleaner,spybot-searchanddestroy,spywareblaster,cwshredder,kill2me, and hijackthis
6) did online scan at panda and it detected 19 files which it said it would delete after i restarted
7) restarted still same problems
8) ran all spyware programs and deleted everything found
9)restarted still same problems
10) used hijackthis after closing all programs and manually exiting all processes that weren't necessary to run windows.
11) attempted to use automated hijackthis log file reader at hijackthis.com
12) removed 20-30 entries found by automated reader
13)restarted still same problems.
14) came here started writing this incredibly long post asking for help....

SO TO CONCLUDE
I have 1 problem. I need to get rid of the stupid searchmiracle popup thing. I think I was able to get rid of the elitebar software with the other scans. But so help me god if someone doesn't tell me how to make that stupid popup stop coming up i'm going to go insane

I would also like an answer to two questions that I have.
1) Why is norton reporting that there are files on my computer that don't exist? (i have explorer set to show hidden files in the folder properties tab)
2) Why are the instructions given by the symantec site not working? always in the past they have worked perfectly which makes me think that I may have done something to norton to make it function incorrectly. If you guys could help me fix my norton somehow that would be great so i wouldn't have to keep paying the 29.99 a year for something that really isn't working.


FIX THE SPYWARE FIRST
we can deal with the other problems later.


I am going to make another post right below this with my hijack this log attached to it thank you in advance for helping me out with this and for any avice you can give me.

 

okay here is my hijackthis log file thanks in advance for any time that you spend helping me out

 

I am sorry that log file posted below is actually from a scan i did in safemode Which isn't right so here is the correct one run in normal mode

 

They do exist! We will clean this up in my fix I'm about to post for you.

To my knowledge there isnt anything wrong with Norton as I have been using it for about 6 years now. The only problem I have experienced with Norton is that sometimes on the older versions different malware/virus infections will corrupt Norton breaking internet access. Other than this, Havnt had too many problems.

We will see how things are after I post my fix for you. Please allow me some time to analyze your log and post a fix.

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

Viewpoint

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yah oo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [hþz±]o9/JgaÒ²bú] C:\WINDOWS\³  ¼…žø5؇«˜9hþz±]o9/JgaÒ²bú
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteiub32.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKCU\..\Run: [hþz±]o9/JgaÒ²bú] C:\WINDOWS\³  ¼…žø5؇«˜9hþz±]o9/JgaÒ²bú
O4 - HKCU\..\Run: [winset16] C:\WINDOWS\system32\winset32.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -


Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled and navigate to and DELETE the following if they should remain:


C:\Program Files\Common files\SearchUpgrader ←–– Delete this whole folder if it exist!

C:\Program Files\Viewpoint\Viewpoint ←–– Delete this whole folder if it exist!

C:\WINDOWS\system32\eliteiub32.exe

C:\WINDOWS\system32\winset32.exe


NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

I have to go out to eat right at the moment and don't have time to devote to thouroughly fix my computer so rather than do a halfassed job I'm gonna wait until I can do it all at once. Thank you so much in advance for the help. I'm sure from looking at other people's threads that you guys almost always nail it and I'm sure I won't be any different. One more thing for you to possibly be working on. I downloaded the avast virus scanner and I would really rather use that instead of norton but first I have to completely uninstall norton and I can't really figure out how and I don't want to like screw something up and release all the quarantined files that norton has back onto my comp(as this would most probably not be good). I will post back with my results of your help hopefully later tonight and then we can move onto my other issues (I'm really interested in learning about computers since compsci is my major at UT)

 

Okay! I will be awaiting your response.