installing spyware faster than I can remove them

Im running SpyBot, Norton, SpyBlaster, AdAware and as constantly getting popups. It seems like as soon as I run one anti-spyware software, 4 or 5 spywares get added. I dont even have to browse anywhere to get them on my machine. I suspect that I have a trojan, but unable to detect it.
I have turned on the firewall and have no exceptions, I put activex to prompt on my security settings but still doesnt help.


Can you look at my hijack and tell me if you see anything? TIA


Edit by chaslang: Unrequested inline log removed

 

First disable the Spybot S&D Teatimer.

Please follow ALL of the steps below completely. Do not skip anything.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

well, i did all that your post suggested, three times but still spyware was being installed faster than I could remove it.

I have attached hjt log file.
remember that the process you mentioned removed a lot of spyware but something keeps installing them again and again. popup hell.

I appreciate your help, If I cant solve this, IM gonna wipe it.

 

bj a double check would be appreciated. Thanks


Please boot into Safe Mode with the Viewing of Hidden Files & Folders Enabled

Now scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

O4 - HKLM\..\Run: [seeve] F:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [PS1] F:\WINDOWS\system32\ps1.exe
O4 - HKLM\..\Run: [ss8k37h] nslca.exe
O4 - HKLM\..\Run: [F:\WINDOWS\VCMnet11.exe] F:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [secure] F:\WINDOWS\system32\Mzzszg.exe
O4 - HKLM\..\Run: [checkrun] F:\windows\system32\elitemoa32.exe

Again, make sure All Browser Windows are Closed when you Click FIX.

Now reboot into normal mode.

Disable the Teatimer on Spybot Search & Destory

Post a new HijackThis log.

 

OK thanks, will do tonight, btw, I triple checked last weekend.
took me both Sat and Sun to do it. thansk for help much appreciated.

 

Shadow_Puter_Dude,

You missed a few entries and also you must have the user remove the files as well. Removing them with HJT doesnt delete the file, it just removes the entry whether it be startup entry or toolbar. You still have to manually remove the files.

This user appears to have a VX2 problem, this needs to be taken care of first or else it will cause more problems.

 

You appear to have a VX2 problem, as per your HJT log. I wouldnt worry about fixing or removing anything just yet. The VX2 problem needs to be taken care of first.

You need to temporarily disable TeaTimer as it can block something we try to remove.


Download the following items:

L2MeFix Tool

Generic Detection Tool - NT/2000/XP

Pocket KillBox

DO NOT USE ANY OF THESE TOOLS UNTIL TOLD TO!

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please attach that log.

Please don't run any other files in the L2MFix folder.

 

Thanks, I spent the whole weekend trying again. and everything came back.
OK ill try that fix you mentioned. I was reconciled to wiping everything. You came at my Os's last moments. She thanks you for her reprieve.

 

OK I have attached a txt file but Im not sure if that is what you want.
what do you want me to do with the other programs?

 

Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Attach this log as an attachment to your post along with a fresh HJT log.

 

ok mon, tonight, will do. much appreciated your assistance.
If you need any programming help, be glad to reciprocate.

 

You need to do this in a timely manner just in case this infection exist so it wont mutate. Also, after posting these logs you MUST NOT reboot as this will cause it to mutate.

 

OIC, didnt realize about the mutate point.
I wont be rebooting until I hear from you.
Attached the HJT log and the find log.

 

for some reason i couldnt attach the hjt log so I just paste it here

edit by bjgarrick: Partial HJT log removed!

 

If you cant attach your HJT log copy and paste the complete log to your post not just part of it.

Lets try this again, there shouldnt be anything remaining in that log. There are a few files that should have been removed.

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and type 2 and ENTER to select option #2 for Run Fix. Then, press any key to Reboot your machine.
Your computer will go crazy for a bit, but just let it run. It should eventually spit out a log in Notepad. Please attach that log.

Please don't run any other files in the L2MFix folder.

 

sorry didnt realize it was partial

 

ok uploaded fine today.

i attached both logs.

 

Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Attach this log as an attachment to your post along with a fresh HJT log.

 

Thanks for all your help, I have finally decided to wipe it, it seems like much less effort to do that. first thing im going to do is put up a wall around it.
Any links or tips on doing that would be appreciated.

 

I hate to hear you reinstalled your OS, it would have taken a little work but we could have cleaned it. Anyway, glad your back up and running.

To stay Malware free you should follow this article below.

How to Protect yourself from malware!