blue screen that says computer infected with spyware- help!

Welcome to Major Geeks!

Please follow the instructions in the below link and attach the requested logs when you finish these instructions. If something does not run, write down the info to explain to us later but keep on going. Do not assume that because one step does not work that they all will not.

READ & RUN ME FIRST. Malware Removal Guide

 

Try safe boot mode or download the required tools using another PC and then copy to this PC using a CD, flashdrive....etc.

 

Did you really try to use MGtools? It does not install. It just runs.

I suggest that you run SUPERAntispyware one more time (attach the new log) and then try running the MGtools procedure and attaching the C:\MGlogs.zip file that is requested.

 

As requested in my previous message please run SUPERAntispware again and attach a new log. Make sure you get the updates first since you are way out of date.

After running SUPERAntiSpyware again with the current updates, please try Malwarebytes Anti-Malware again.

The no matter what happens from the above, continue with the below. Your PC is very very badly infected. This is often a sign of poor surfing habits and/or too many P2P or torrent downloading.

Uninstall the below old versions of software:
J2SE Runtime Environment 5.0 Update 2
Viewpoint Media Player <-- should have been uninstalled in step 1 of the READ ME

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphcrkkj0erbr] C:\WINDOWS\system32\lphcrkkj0erbr.exe
O4 - HKLM\..\Run: [SMshctkkj0erbr] C:\Program Files\shctkkj0erbr\shctkkj0erbr.exe
O4 - HKLM\..\Run: [b4bda793] rundll32.exe "C:\WINDOWS\system32\rvksyuef.dll",b
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe

After clicking Fix, exit HJT.

Copy the bold text below to notepad. Save it as fixme.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.


Now download The Avenger by Swandog46, and save it to your Desktop.

• Extract avenger.exe from the Zip file and save it to your desktop
• Run avenger.exe by double-clicking on it.
• Do not change any check box options!!
• Copy everything in the Quote box below, and paste it into the Input script here: part of the window:

• Now click the Execute button.
• Click Yes to the prompt to confirm you want to execute.
• Click Yes to the Reboot now? question that will appear when Avenger finishes running.
• Your PC should reboot, if not, reboot it yourself.
• A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.

After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

Also delete all files and subfolders in the below folders except ones from the current date (Windows will not let you delete the files from the current day).
C:\WINDOWS\Temp
C:\Documents and Settings\Owner\Local Settings\Temp

Now run Ccleaner!

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\avenger.txt
• C:\MGlogs.zip

Make sure you tell me how things are working now!

If you have USB flashdrives or external drives and if you have plugged them into other PCs, they may all be infected. You should look for all of the files list in the Avenger fix and delete them on an external devices or other PCs.

 

Just continue on thru ALL steps.