ISEARCH/WEBSEARCH + no more MMC

Hello,

thanks for all the free info and downloads. I have spent the last two nights following your instructions on READ BEFORE YOU POST. Installed all the advised cleaners etc.

I reboot out of Safemode and can no longer access services from the Run prompt nor from "manage my computer'

Isearch still rears its ugly head as my homepage. Spybot continually detects and removes all except the two Program.exe files for Huntbar.

Websearch auto installed itself soon as I rebooted, seen via pop-up.

I have now disabled or set to prompt most of the critical security settings. Also prompting for cookies seems to have deterred just about every pop up now ...I think.

Recommendations?

Im really concerned about not being able to access the console anymore. I think the undeletable .exe files may have to do with me having to set all the services to Auto in the past after mistakenly disabling all only to find out there was no enable all feature.

Help when available.
Thanks

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

Thanks for rapido response
Well my homepage is back to normal............MAGIC!

this is my logfile

 

You have quite a few issues in this log we need to address. First, we need to uninstall somethings.

Please look in Add/Remove Programs for the following and uninstall when found:


WebSearch Toolbar <-- Also, anything else you see relating to WebSearch or Search!

WinTools

AutoUpdate

Virtual or V Bouncer

Elite Toolbar

CxtPls

Please note you may or may not find everyone of those, but uninstall the ones you do find.

After you uninstall the above programs, procede with the following online scans:

TrendMicro Online Scan
Bitdefender online scan
RavAntivirus online scan <-- select Auto Clean then click Scan My PC
TrojanScan online scan

After you complete these online scans reboot and post a fresh HJT log.

 

WOWZERRRRRRRRRRRRRRRS!!!!!!!!

HIJACK THIS is the bizness!!!!!!!!!!!!

Instant zapper. I scanned and checked off the unwanted log entries, clicked fix and Vavoom, no more webfriggindamnSearch bar. Most importantly no retarded "28 OF 35 FILES FIXED" messages. u zip and its gone

(i pray)

ok all i have left is the mmc issue. altho i now wonder how necessary that is seeing as my sorrows are disappearing. I swear I was near a fit of enraged tears with those popups. for some reason my firewall was disabled 4 awhile.

(yes im a girl lemme alone :-| )

 

What exactly did you do? You need to be careful using HJT as not all entries are bad. If you want help you need to follow my post and be patient.

Did you follow my post? It will come back, you have multiple problems we need to address.

 

I actually hadnt read your post before leaving that message.
I was surprised there were still multiple issues remaining. I will have to get as much done as possible but may have to stretch till tomorrow night ....again!

I have gone to Remove programs, but only two were there one of which isnt on the list. That was WEIRD ON THE WEB... (actual program name), removed that promptly.

As for HJT i checked all the windows/toolbar entries for deletion. I double checked c: to ensure they were crap files. Also checked off their corresponding .dll

when i saw ur post i went back in and checked the cxtpls and elitebar entries and deleted also.
Wintools and AutoUPdate dont seem to have explicit names so I will now leave HJT and follow ur steps.

 

Just be sure you follow my post and dont skip anything. Like I said there are several issues still in your HJT log. We will address them separately and thoroughly.

First, make sure you uninstall the ones I requested as those are very bad.

After you do as per my request, reboot and post a fresh HJT log.

 

apologies for delay. on wireless lan with sparse service of late....here is most recent hjt log after all scans


thank youuuuu!

 

Please look in Add or Remove Programs for the following and Uninstall them if found:

AutoUpdate

Zoat <-- If you know this, leave it!


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled


Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll

O4 - HKLM\..\Run: [Bmaikbf] C:\Program Files\Zoat\Dprr.exe
O4 - HKLM\..\Run: [jA1kxQ] C:\WINDOWS\wxguxjqq.exe
O4 - HKLM\..\Run: [nib] C:\WINDOWS\nib.exe
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\system32\ps1.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Mcqgju.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [pvnfxc] C:\WINDOWS\system32\pvnfxc.exe
O4 - HKLM\..\Run: [gqnrpc] C:\WINDOWS\system32\gqnrpc.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\system32\pmzrzl.exe reg_run
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [rssQ33O] hhshu.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\eliteldp32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [aB34RTisU] gdim4ie.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} -%windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c9.cab

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Navigate to and DELETE the following if they should remain:

C:\Program Files\AutoUpdate ←–– Delete this whole folder if it exist!


C:\WINDOWS\System32\pmzrzl.exe

C:\WINDOWS\System32\hhshu.exe

C:\WINDOWS\System32\gdim4ie.exe

C:\WINDOWS\System32\ps1.exe

C:\WINDOWS\System32\Mcqgju.exe

C:\WINDOWS\System32\pvnfxc.exe

C:\WINDOWS\System32\gqnrpc.exe

C:\WINDOWS\System32\eliteldp32.exe <-- Also, look for more files starting with elite and ending with .exe, there could be up to 10 more.


C:\WINDOWS\System\sukbvancpj.exe


C:\WINDOWS\cfgmgr52.dll

C:\WINDOWS\wxguxjqq.exe

C:\WINDOWS\nib.exe

C:\WINDOWS\VCMnet11.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.
Note: Dont forget to update Spybot S&D by selecting "Search For Updates"

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Reboot to Normal Windows , Scan with HijackThis and attach the new log.

 

thanks a mil. my compr sounds sooooooooooo much quieter now!
it looks as tho there is still one problem .exe showing up gdim4....
when deleting, pzmzrl said acccess denied but later did not show up in c:
I noticed the pvn..... had multiple .exe's just with diff variants
pvnfxc/d/e/a etc.. i left them since you didnt refer to those.

here is my hjt log

 

1) Download TrojanHunter

2) Install TrojanHunter, At the end of the install setup will prompt you to update definitions. Please do so!

3) Once installed and updated, select drive C:\ and do a Full Scan. Remove all found infections.

After you complete the scan and removal reboot and post a fresh HJT log.