Ive been here many times but new problems

have found their way once again.its been a while.so hello again.
its been a while since we had trobles but now they are with search miracle .
I may have fixed that...maybe.But cant seem to get rid of the search hi jack that takes up the left side of the browser when using internet explorer.
first I have noticed 2 "explorers" running and maybe one of them is the problem.
c:\WINDOWS\explorer.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE

I can block either one with my firewalll.unfortunately this pc is shared by three people and when more than one person logs on it works only with one user.
unless i can configure it differently.

let me know if theres anything you want me to do before running HJT.

thanx ....wes

 

Those are two seperate programs. One is for the internet the other one is not. You need explorer.exe to be open and iexplorer.exe when u go on the internet.

We ask that you first try to do ALL the TUTORIAL listed below.
This site has alot of good tools for cleaning up your computer. It's very important that the first thing you do is the following:

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal.
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.

Try this... you may find it's all you need. If not post your results and I am sure someone will help you. Everyone is quite busy, as you can see by the number of posts, so hang in there.
Good Luck!!

After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, INCLUDING YOUR WEB BROWSER, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder for example C:\Program Files\HJT

 

http://www.neuber.com/taskmanager/process/explorer.exe.html

 

ok i will do this process over again,i remeber it helped before
i tried this RAVANTIVIRUS online scan
not many things were cleaned,only detected
is it safe to delete these .tmp files.theres so many of them
It may help or may not but i saved a list of the results its attached.

 

The application Explorer.exe is in C:\windows and C:\Windows\driver cache\i386

not C:\Windows\system32

Be sure to run through the Read ME FIRST.

 

Supply HJT Log after runnibg through READ ME Tutorial.

 

ok i ran through read me first.
After that and before i restarted the computer i run HJT and then looked to see if searcmiracle was removed and it was.
but on the next restart it was already back on my Internet explorer homepage.


HJT log attached.

 

I see some things to clean up but first go here and run this tool in safe mode. Read the readme that is supplied with it. Run it a couple of times. Reboot to normal mode and post a new HJT log. Let me know if it gets rid of the side bar problem.

Elite Remover

 

this link is not working and im not sure why

its not downloading elitetoolbarremoval

 

The link I provided or when u get there it won't D/L. In either case you can try the authors site.

http://www.simplytech.it/ETRemover/

 

Error copying file:cannot read from the source file or disk

 

Are you able to Download from the internet at all? Go to the READ ME in post #2 of this thread and try to D/L CCleaner to desktop. Can you do that. I would like to run that elite bar remover if possible. Try again on the link I gave you from MG's. Let me know.

 

Im getting a script error on internet explorer like crazy.i can simply type in major geeks.com and it wont let me go to it
Ive been using mozilla firefox.I can download almost anything i want when using it.EXCEPT for that link you gave me.It downlaods,but when i try to run it it diplays an error which reads

elitetoolbarremovalv10zip does not exist.It may have been renamed,moved or deleted since it was downloaded.Did you test it to see if it worked on your pc?

 

what causes a script error

Only on internet explorer.

 

Re: what causes a script error

ummmm do i need to re phrase the question,i seem to be getting no replys

 

Ok. We will proceed without the tool. I will give you a fix tomorrow.

 

Re: what causes a script error

Wes

Try to keep all your questions in one thread. I am suppling you a fix from your other thread today.

 

Please print out these instructions so that you can operate with ALL Browser Windows CLOSED.
Please make sure System Restore is OFF and the Viewing of Hidden Files is Enabled as per the tutorial.

Please look in Add or Remove Programs for the following and Uninstall them if found:

EliteSideBar
Searchmiracle

NOW:
Please look in Task Manager (ctrl-alt-del)and try to END the following running processes, if found:

pd14.exe
eliteppy32.exe
RecoverFromReboot.exe

Now scan with HijackThis and Check the Boxes for the following:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchmiracle.com/sp.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\System32\pd14.exe
O4 - HKLM\..\Run: [antiware] C:\windows\system32\eliteppy32.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\System32\pd14.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - blank (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following files and folder if they should remain:

C:\WINDOWS\Temp\RecoverFromReboot.exe
C:\WINDOWS\System32\pd14.exe
C:\windows\system32\eliteppy32.exe
C:\WINDOWS\EliteSideBar <-----The Whole Folder

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again.

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

THEN:
Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log.
Let me know how your computer is running now and if you had trouble with the above instructions.

Good luck

 

My apologies for the seperate thread.I have installed a few things since my last post.lets hope thats not created any problems.

 

Oh yea by the way.Theres 3 different users on this pc.Does that change anything?My profile is the designated administrator

 

You should probably check each person. Did you already do what I said in #19. It looks like some things have been corrected. Is this the same user as before or a different one? The only problem I see is the pd14.exe file.

 

same user.......me.
so sould I repeat these steps for each user or am I ok?
i was gonna ask chaslang this ,but you know the answer.......right? lo

Oh another note,i got a message in the taskebar while ago that my virtual memory minium was very low.
Should I be concerned?If so what to do?l

 

Chas would know the answer to those 2 questions better than me. Are you having any malware problems now? I would check the HJT file for each user to be safe. The virtual memory I am not familiar with it.

 

Im good for now,not even getting pop ups.I rember getting those wicked pop ups even when using mozilla Firefox.. but of course the others havent been on their account today.I hate using Internet Explorer
I just assumed if their files are not cleaned ,or their settings not correct.Then later when they do go online.the pc can be re-infected on all users.

-What part of this site do i start a thread on the virtual memory problem
-can u link me?

 

Go to the software forum Software.

Now protect yourself with Chaslang Malware protection.


Did you get rid of the pd14.exe?

 

The file isnt there anymore(pd14.exe)
Wonder why HJT still says its there.
Search Miracle and Elite toolbar are gone,lets hope for good.

 

The file is deleted now,even according to new HJT.Thanx for th tons of help
Do you want me to keep the same thread with my next question ?
how do i free up this virtual memory problem?I think this is a software issue maybe.
the last link chaslang gave me did kinda give me insights on it.But I dont think I succeed in free any up.