i got hit by a plethora of spyware the likes of which i have never witnessed. my wallpaper is now a 'warning' of sorts that reads:

SPYWARE INFECTION (in red)
Your system is infected with spyware. Windows recommends you to use a spyware removal tool to prevent loss of important data and imcrease system performance. Using this PC before having it cleaned from spyware threads is highly discouraging.

I ran adaware and SpyBot in Safe Mode, and although things seem to be working better (the invasion of popups and programs that i never installed) are no longer present (or so i think) but the wall paper remains the same message, as if heckling me in some crude manner.

below is my hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 1:22:57 AM, on 1/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:



i thank whoever can help me or give suggestions.

Hya Philmydinger , welcome to pchf.

You have indeed a severall nasty buggers on there. Can you first follow the instructions in the "Prework" link below and then attach the Ewido log and a new hjt log to a post?

for some reason i cannot run the setup applications for the two programs that the instructions say to run. i ran hijack this again here is the log:

Attached Files

hijackthis.log (7.2 KB, 1 views)

Thats not very nice from them is it? lol. Oh well.


Make sure you still have system restore disabled , and hidden files set to show.


Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.



Then uninstall these in add/remove programs if present:


Red Swoosh/rssoft
SoftwareOnline
SpySheriff

After that boot in safe mode (hit f8 when booting up)




Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.

Once you see this screen click on each instance of avpe32.dll once and then click the kill button.
After you have killed all of the avpe32.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of avpe32.dll then click the kill button.

Once you have done that click OK again.


And then fix these with hjt:
(if still present)

Then delete the files in bold , and see if you can run ccleaner now.

Then manually delete these files if present from youre pc:

C:\WINDOWS\System32\avpe32.dll
C:\WINDOWS\System32\avpe64.sys
C:\WINDOWS\System32\klgcptini.dat
C:\WINDOWS\System32\qz.dll
C:\WINDOWS\System32\qz.sys
C:\WINDOWS\System32\stt82.ini
C:\WINDOWS\Web\wallpaper.html
C:\WINDOWS\Web\desktop.html
C:\Windows\Desktop.html
C:\wp.exe
C:\wp.bmp
C:\Program Files\SpySheriff <--- the whole folder
C:\Documents and Settings\username\Start Menu\Programs\SpySheriff <-whole folder
C:\Documents and Settings\username\Application Data\Install.dat



Double click on Killbox.exe and then check the delete on reboot button.

Enter the following filepath and filename into the Full path of file to delete box:

C:\WINDOWS\SYSTEM32\avpe32.dll

Click the red circle with the white x and allow your computer to reboot.
(if killbox doesn't reboot on its own then please reboot manually)

After your computer has rebooted please Download this reg fix:
unzip and dubbel click on it and enter it to the registry.

http://users.telenet.be/marcvn/regfi...desktopfix.zip


Then run Hijackthis again and post a new Hijackthis log please.

still having trouble with it opening the apps.

now there is no warning message on the screen but the wall paper is just all black now. it also would let me remove 'red swoosh'

Attached Files

hijackthis2.txt (7.3 KB, 1 views)

Did you stop after the "redswoosh" part? Everything is still there.