Please help me!

I really need some "Major" help!
I have followed your guide on how to remove spyware ect and done all of the steps numerous times. I have downloaded the many tools and used them(including Spyware Dr., Spybot, Mcafee, Microsoft antispyware beta along with all the others you recommend) and the online scans. I am still flooded with popups and the logs show the same things over and over even after I have removed them in and out of safe mode. I finally have gotten rid of a few, but cannot seem get rid of these others(I have even gone through the Hkeys and manually deleted them!). Your help would be greatly appreciated. The main one that keeps resurfacing is the Elitum ELite Toolbar, it returns everytime!
Thanks

 

Have you tried this tool in safe mode yet? Be sure to read the README that comes with it.

Elite Tool Bar Remover

 

Hi!
I tried to download the file and could not get it to download from any of the sites on the infected PC, it would stick everytime. So I went to one of my other PC's that are not infected, downloaded it the first time, put it on a floppy and transferred it over to the infected PC. The funny thing is, the infected PC could not read the removal file on the floppy!
I rebooted in safe mode and there was the removal file, just like I knew it was! I ran the program and it says it deleted the elitum elite tool bar. I rebooted the system, and within 2-3 minutes, all traces of the elite toolbar remover WERE ERASED from the desktop like I had never put it there, FREAKY! My PC will not recognize the Remover while in Normal Mode, only in Safe Mode. Now Spybot and Spyware DR are still finding 4 Elitum/Search Miracle entries in the HKey_USERS, HKCU and the HKLM again. I AM PULLING MY HAIR OUT!!!

 

Can you please attach a fresh HijackThis log? Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

I’ve been tied up with work lately and cannot visit this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

Hi,
I did as you asked, thanks so much for taking the time to worry with this! (I hope I uploaded the file correctly.)

 

Hi Dawnbear,

I did not see too much in your HJT Log. Not sure what you already removed, but these two jumped out at me:
C:\Program Files\x6l4e8xj\x6l4e8xj.exe
C:\windows\system32\elitemah32.exe

You should look in Program Files Folder for other suspicious entries and note them.

Please scan with HijackThis and Check the Boxes for the following:

O4 - HKLM\..\Run: [x6l4e8xj] C:\Program Files\x6l4e8xj\x6l4e8xj.exe

O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitemah32.exe

Be sure All Browser Windows are Closed when you Click FIX.

NOW:
Please boot into Safe Mode with the Viewing of Hidden Files Enabled and navigate to and DELETE the following if they should remain:

C:\Program Files\x6l4e8xj ---> The Folder

C:\windows\system32\elitemah32.exe

NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot to Normal Windows and Scan with HijackThis and attach that log. Let me know how things shake out.

PP

 

Hello PP!
I have followed your instructions. I can actually see the elitebar removal file on my desktop now, that surely is a good sign??
After I completed the instructions and rebooted normally, I have not had anymore popups(holding my breathe). Spybot and Spydr. did still find 2 search miracle infections, they say they were fixed. I am posting my new HJ log. I can not thank you enuff if this has truly fixed my PC.

 

Happy to try to help

Your HJT Log looks OK! You may still have some vestiges of the EliteBar/Search Miracle crap on your machine - Namely, the installer.

Look in System32 folder for files named kalvsys or kalv***32.exe (where *** = 3 random letters) and try to remove those that you find. I've seen machines with 15-20 of these parasites.

Let me know what you find! Also, have a peek at Chaslang's Commandments!!

PP