[jimmie123]

While doing routine maintenance on my wife's comp (Win XP Home), I ran Spybot S & D and discovered that she had 2 serious infections - "Hellz Little Spy" and "CoolWWWSearch.hjt". I removed them using the normal SpyBot removal method. Upon rebooting, I was stuck in a logon/logoff loop. I did a Repair installation, downloaded SP2 and all critical and security related MS updates, etc. I ran Spybot again and found that the same 2 pieces of Malware were still there. So, I deleted them (again). Now - I'm stuck in the same logon/logoff loop. Obviously, I've done something wrong. Before I do another Repair installation, what are the steps I need to do to get rid of these 2 pieces of Malware?? I CANNOT get into the system with Safe Mode. I do have access to System Restore. Upon doing a Repair install, prior to doing anything else, is there a way to identify and get rid of the Malware? Upon restarting the comp (now), I only have access to the BIOS setup, which is useless to me. The comp will not load into safe mode by pressing F8. The only way for me to access System Restore is to use the rescue disks provided by HP. Any assistance would be greatly appreciated.

[BeijingDuck]

I encountered the same problem here in Beijing, China last week. No matter how many Spybot detection and deletions I run, both HellzLittleSpy and Cool return after each run. I have run other programs, such as Ad-ware and ThreatFire, but they do not detect this malware. I ran Spysweeper free download detection but not cure, it finds HellzLittleSpy but not Cool.
Aside from reformating my drive and reloading, any alternatives?

[jimmie123]

I hate to tell you this, but I ended up doing a destructive reinstall. I was totally unable to get rid of these 2 pieces of Malware using Spybot. Frankly, I think that it's a problem with what Spybot removes - it must be something that Windows requires. I've posted at the Safer Networking site (Spybot's site). I also noticed that there are many at the Safer Networking site complaining of the same issue. It's possible it could be a corrupted update. I suggested that all of the people posting the logon/logoff problem do a repair install, run Spybot and make a note what it finds, and then do not remove what it found. There has to be a common thread causing this. If you have the Windows installation CD, you could make a BartPE boot cd. Just key "BartPE" into your search engine - many sites have this. Unfortunately, I don't have the installation CD, so this fix wasn't available to me. However - the malware will still be in your system by using the BartPE boot disk. Perhaps you could post a Hijack This log at a site you trust and let one of their Guru's help you get rid of the problems. Let me know how you make out. One other thought - have you tried downloading Windows Defender? It might pick these 2 baddies up.