Spyaxe Removal . I used 'Remove SpyAxe. Removal instructions' to clean up my sister inlaw's computer when all else failed.

I need help, please.

I have run into the Spyaxe adware program and it is currently giving me the system intrusion detected pop up on my task bar. It has not taken over my homepage as of yet but I expect it to sometime.

I have run adaware and it did find one virus which it cleaned.

I have run the smitrem program and it found nothing.

I have AVG on the machine and it finds but 1 virus. (deleted)

I am posting a HJT log, CW Shredder log and Ewido log. Please
assist in any way possible,

HJT

Logfile of HijackThis v1.99.1
Scan saved at 11:36:10 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Documents and Settings\Damon Foster\Desktop\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hpEC44.tmp (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=091705 serial=WS12WTX-9999998-UYR lang=EN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab?affiliate=MEDIAGEN
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.incredigames.com/online2/zuma/popcaploader_v5.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

CW Shredder

**** Run Keys ****

RUN: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=091705 serial=WS12WTX-9999998-UYR lang=EN
RUN: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
RUN: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

**** Browser Helper Objects ****

BHO: [HomepageBHO] C:\WINDOWS\system32\hpEC44.tmp

**** IE Toolbars ****

TOOLBAR: []

**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\System32\msjava.dll
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe

**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost

Ewido File
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:35:07 PM, 1/6/2006
+ Report-Checksum: F8C56A4A

+ Scan result:

C:\Program Files\SpywareStrike\SpywareStrike.exe -> Adware.Spyaxe : Cleaned with backup
C:\RECYCLER\S-1-5-21-2310379427-4074139075-3787411331-1005\Dc13.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2310379427-4074139075-3787411331-1005\Dc26.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2310379427-4074139075-3787411331-1005\Dc27.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-2310379427-4074139075-3787411331-1005\Dc28.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP344\A0042785.exe -> Downloader.Zlob.dy : Cleaned with backup

::Report End

I originally tried to delete alot of the files associated with this virus, (originally around 200 infected files) most seem to be clean. I am however getting the obscene site pop ups and I have the constant and never ending System Intrusion Detected message popping up off of the task bar. I have learned that deleting from add remove programs seems to mutate the virus and also learned not to click on the task bar message

Currently it appears that the spyaxe virus is calling itself Spyware Strike. Any time I boot it comes back to see me in full form.

Anything you could help me with would be greatly appreciated

Thank you...

:?: You don't need to buy anything :!:
Look down the page about half way there's a batch file to download and run from safe mode, that's it!

Look for "Remove SpyAxe. Removal instructions"

Thanks for the link but I refuse to purchase their product. I would buy a new computer before I would give in to them.

Try disabling the Messenger service. (Control Panel, Admin. Tools, Services)
Firewall software may help too.

Hi,
Try smitrem again. I checked and found spywarestrike removal options in smitrem yesterday. You can get Smitrem from this link:- http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Sam.

Post another hijackthis log when done please and I will take a look :).