Found the cure to the SpyAxe popup activity! I actually got desperate enough to complain last night through their website email form. Tonight I got a reply from them stating a lot of complaints came thru due to affiliate's illegal advertising of their product. They provide a simple fix that really worked. Here is the instructions they sent: ------------------ In order to clean your PC from infections related to Spyware Axe product, please follow the instructions below: 1) Save Uninstallers.zip from http://www.spyaxe.com/uninstall/uninstallers.zip to your desktop or HDD. 2) Extract 2 files "illegal_adv_uninstall1.exe" and "illegal_adv_uninstall2.exe" to your desktop or your HDD using WinZip. 3) Execute both of them one by one by double-clicking with your mouse. 4) Reboot your PC 5) Your PC is now clean from the infections. -------------

Thank you BMAC-Daddy! :-) I just tried that out & it works. I still had to go to 'add/remove programs' under control panel to uninstall the SpyAxe program itself, but it appears my computer is now problem-free! Thanks for having the courage to ask (I didn't-- I was afraid I might make things worse, I was so pissed). I wonder if this 'illegal adevertising' story is true, or if this is just an 'escape hatch' for them when push comes to shove? What would someone ELSE (other than SpyAxe) gain by doing that? Regardless of who is at fault here, it certainly soils their reutation big time! J

THANK YOU BMAC-Daddy I was afraid I was going to have to format (I was going to create a ghost image this time). That worked very well. Thanks again.

Thank you BMAC-Daddy!! I'm so glad I googled this website! This was one aggravating spyware problem and I'm indebted to you for getting the solution!

Spyaxe moved to corrupt antispyware list.

Why is there no mention on the SpyAxe homepage of the "problem" and the "cure" A Google search on the SpyAxe site for "illegal" and "unninstallers" returns zilch!! Highly suspicious, if you ask me. A Google search on "SpyAxe" now shows a sponsored link at the top to XoftSpy, itself a malicious piece of c..p-ware. I wouldn't be surprised if these two companies were the same or affiliated. Look to "www.spywarewarrior.com" for further info

Help! I tried the above mentioned solution but the programs will not execute. The download and the extraction seemed to work OK but I still can't execute the files.

I was able to take care of the Windows portion of this program. But my home page is still rerouoting to http://www.syserror.com. I've checked my IE set up and the home page has not been changed. So can anyone help with this problem? Thanks! Jim Smith

My IE is having the same problem even after clearing spyaxe with my home page being rerouted to the syserror.com web site related to spyaxe. Will removing and reinstalling Internet Explorer clear it?? Thanks, Mike

Jim, I ran Nortons antivirus with the IE browser open and it took care of the problem of rerouting my homepage back to syserror.com. I did run the http://www.spyaxe.com/uninstall/uninstallers.zip programs first as instructed in message #7 by BMAC-Daddy. Hope it helps. Mike

Jim, Mike, I was unable to get rid of syserror.com with my antivirus software. I went into Tools -> Internet Options -> Programs and clicked <Reset Web Settings>. I kept the box checked to "Also reset my home page." Everything cleared up. Gigi

by no means am i a pro, but what worked for me was to boot to safe mode, dlete everything with the date the error started from c:\windows\system32 including mssearchnet msvol ncompat nvctrl etc..... and rebooted and i was fine, so far, hope it works for u yo, spyware SUCKS Good look

Thankyou B-Mac daddy and 2leo. using these two solutions I think I have pretty much removed spyaxe from my system. Was nieve enough to think my antivirus and firewall was protection enough against these things but obviously not!! Now installed Ad-Aware SE which should hopefully help. Any suggestions on other software to stop these sort of things??

I too am on this date trying to rid this menace from my daughter's laptop. I download the zipped SpyAxe uninstall from the link in BMAC-Daddy's post above, but it only contained a single file, "illegal_adv_uninstall". No noticable activity when the file is executed, and reboot provides no cure. Does anyone still have the older two files that they can forward to me?

i think the b-mac daddy method doesnt work anymore for some reason. i too only get one file which is useless. i need the 2 files...anyone?

i need those 2 programs also, it took over my homepage and lower taskbar with a fake spyware warning..or just an website where i can download ....thanks

i can only get one of the file now too, it took over my homepage and is rerouting it to updateyoursystem.com

If you are having spyaxe problems just start a new thread stating the problem.There are several methods of removal depending on the mutation but so far all can be removed. Using the perpetrator's removal tool is seldom a good idea.

I found another cure that worked for me: XoftSpy can be downloaded from: http://www.paretologic.com/ (click on where it says free scan) this was the only anti spyware or anti virus program that actually found Spyaxe on my computer and recoginised it as malware (this was my first indication that spyaxe wasnt ligitamate. you will need to restart and let XoftSpy run at startup again to completely remove SpyAxe, this worked for me, good luck

DO NOT USE XoftSpy it is by same company as SpyAxe !! I have been researching this of a company SpyAxe. They are trying to force you to buy their stupid software SpyAze. Also, do not click on any of the sponsered adds on google when you do a search for SpyAxe !!! All the sponsered links are actually SpyAxe companies. I called Google myself today to complain. I advise everybody to call google and get them off... They have a brilliant SCAM they Trojan you with SpyAxe then when you try to search for removal software they sell you their software. What a SCAM ! Nobody at Norton, Trend Micro know about this because it is a very new thing. I have found the solution though after many many sleepless nights! Go to www.ewido.net/en/download/ and download their 14 day trial.. Install it BUT DO NOT RUN it ! Go to SAFE MODE and then run it and then reboot, then un-install SpyAxe through the un-install feature and then go to Program Files and delete it's folder. This should work for you. I am really angry at Google for allowing this to happen!

Hi, i am also suffering from the spyaxe problem. I have ZoneAlarm, and it seems that after Winlogon asks to access the internet, the mayhem gets worse, i denied it but it didn't do anything. I have used the vendor's uninstall file, and it seems to have minimized the annoyance, but i realize now that it is still in the background. After running trend micro's virus scan, mcaffee, adaware 6.whateveriscurrent, and spybot, the only thing that seems to have been of help was trend micro's virus scan. It detected mssearchnet.exe but could not delete it since it was "in use" and someone above is saying msvol, ncompat, and nvctrl are related and my browser has also been hijacked and sends me to updateyoursystem.com. I'm running windows xp home, but F8 doesn't seem to want to start safe mode after reboot, prior to thewindows screen. In the task manager, nvctrl and mssearchnet won't respond to the end process command as they just come right back and will not allow for easy deletion from the windows/system32 directory. How do i remove mssearchnet and nvctrl?

To stop the SpyAxe from reloading itself after delete, do this, it works. I finally got rid of this adware/malware. The following seemed to take care of it: deleted file C:\Windows\System32\svchosts.dll Every anti-spyware tool i tried (AdAware, ewido, HijackThis) could not remove it. I have no clue how this malware worked.

New removal tool SpyAxeFix by Noahdfear

The download referenced in the link in Response #29 may contain a virus. AVG Antivirus flagged it as infected. Be careful if you download it!

Report false positive to AVG, NOT A VIRUS! No anti-virus can remove this infection. It takes trusted malware removers to make tools to take up the slack.

The big boy's don't find anything. AntiVir Found SecurityPrivacyRisk/Processor.20 ArcaVir Found nothing Avast Found nothing AVG Antivirus Found BAT/ExitWin BitDefender Found nothing ClamAV Found nothing Dr.Web Found Tool.Prockill F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing UNA Found nothing VBA32 Found nothing http://virusscan.jotti.org/ In other words, scan everything else you download in the first place like the codec for a free video of behind the scenes filming of Harry Potter that got you the infection in the first place. And research the removal tool, before others may give up and care less also.

sorry guys i just found something on zdnet that supports the don't download the solution from the wolf http://blogs.zdnet.com/Spyware/index.php?p=702 it even mentions the bogus posting of someone downloading the file that fixed the problem i hope these guys fry. im playing tech support for relatives now and i HATE that music for the muses and putting the indie in film www.indiematrix.com www.avantstrangel.com

Related post http://www.spywarewarrior.com/viewtopic.php?t=17738

found spyaxe removal instructions here: spyaxe

I started having SpyAxe problems earlier today - it highjacked my homepage and continually popped up an alert message from my toolbar. I was finally able to get rid of it. Here is what I did. 1. Edited my registry and reset the home page and default home page (this took care of the homepage highjacking). 2. Downloaded and ran the latest version of Ad-Aware (Ad-Aware SE Personal 1.0.6.0) from www.lavasoft.com. Even though this found about 100 malicious objects, it did not recognize SpyAxe. 3. Rebooted in Safe Mode by running msconfig at command prompt and removed the SpyAxe program via Add/Remove Programs. 4. There was also a shortcut to SpyAxe in the Start Menu folder - deleted this too. 5. Rebooted in normal mode. This took care of it!!!

spyaxe removal instructions

After removing SpyAxe as I described in Response Number #36, I noticed that my IE homepage was still being highjacked by SpyAxe. I found the file that was causing SpyAxe to highjack the IE homepage. It is called hpA75B.tmp. This file will be in the folder C:\Windows\System32. Remove this file and your homepage will no longer be highjacked by SpyAxe.

Just fixed it using response #18... You don't need any of that other software.... Just get in safe mode and delete all Windows/System32 files that were installed the day you picked up the virus... It is so frustrating when they do that to us.......

In windows XP just use system restore to go back to a earlier restore point.

I removed SpyAxe, but the homepage is stuck on http://www.updateyoursystem.com/ . Added to that some "Security Alert" balloon has been popping up every 20 seconds. It has something to the effect of "System encountered spyware that collects your personal data...cliuck here to find out more ways to protect your computer etc" What do I do ? I was hit out of nowhere by this stupid thing.

Spyaxefix has been updated by noahdfear. It is integrated with his SmitRem tool and should now fix everything. I've updated my post to reflect this. http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3

Anduinl, The file responsible for taking you to http://www.updateyoursystem.com instead of your homepage is c:\windows\system32\hpA75B.tmp. This file was put on your system by the good ole SpyAxe folks. I was having the same problem until I figured out that this file was causing this. Delete this file and this problem will stop.

Nick, thanks for the update info and thanks to Noahdfear for the removal tool. SpyAxeFix by Noahdfear The BHO (browser helper object) Deerhunter speeks of looks like this in a hijackthis log O2 - BHO: HomepageBHO - {724510c3-f3c8-4fb7-879a-d99f29008a2f} - C:\WINDOWS\system32\hp5F56.tmp O2 - BHO: (no name) - {3e9b951e-6f72-431b-82cf-4a9fbf2f53bc} - C:\WINDOWS\system32\hp59F7.tmp O2 - BHO: (no name) - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\system32\hp7138.tmp http://www.castlecops.com/tk26075-hp_tmp_random_char_or_digit.html

Booting into safe mode and deleting all files with a date equal to or new than the infection date within the C:\Windows\system32 folder worked like a charm. thanks for the fix, Jeff

The safe mode method worked for everything except for deleting C:\Windows\System32\svchosts.dll. I had to rename it to svchosts.old, uninstall the SpyAxe program as well as the browser "Security" toolbar and boot up normally before it all went away. Either way, a big pain in the you-know-what!

Yup, the safe mode then delete approach killed the SpyAxe gremlin for me, though I also had to do the rename of one of the files and then go in safe mode again to delete it. Imagine my shock though when it resurected itself as I came back to add this - closed my IE window and upon re-launch took me to their page again, then the shield icons turned up! Seems OK on second attempt so far, though I did delete files from a few days before as well in case it snuck in on an earlier trojan.

I went the Safe Mode method as well, and was able to remove most of what I saw from that date as well. Including the blinking icon in the task bar. But I have a feeling there is more to this than what meets the eye. Spybot is still coming up the Smitxxx item and can't get it off. AVG as indicating that this Spyaxe allows others to come in on it's coat tail. A few other forums are talking about it, seems like it has everyones attention, and AVG has a couple of updates already posted. But even though I stopped the bleeding, I do not think it is over.

my cure: 1/ neither anti-spyware nor antivirus programs cant help 2/try to remember the date and more important the time since when you have been having the problem 3/ go to safe mode = turn on PC and click F8 4/ go to C:\windows diretory and search for all the files which arose on the date of the problem start 5/ delte all the files, which arose on the date and time on which you got the problem, espceially mssearchnet.exe,nvctrl.exe. 6/ check with antivirus program all .tmp files in C:\windows\system or C:\windows\system32 direstories if a trojan found, remove with antivirus or delete 7/go to start, run, enter "regedit" (write without inverted commas), go to HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\Browser Helper Objects and remove 8/ exit 9/ start - run - enter "netsh winsock reset" 10/ reboot 11/ go thorugh with anti-spyware and antivirus porgrams 12/ should be OK

I am getting there, However when I try to delete or rename svchosts.dll it will not let. It says file is in use by Windows. What can I do to delete it? (running windows 2000)

I tried multiple spyware utilities with no effect. Mcafee doesn't have an automated tool, but you can go to a forum on their site (Free Virus Removal and Support) called Virus Discovery and Removal Support and find a step by step guide that worked for me in about 15 minutes worth of work. Good Luck. A pox on the folks who created this Trojan. http://forums.mcafeehelp.com/viewforum.php?f=49&sid=fb4fb84d549495cb8765cfd2b9b01148

Everyone's right about most of the security you currently have on your system not detecting SpyAxe. And most of this has already been stated somewhere in this forum, but this is all of it in easy numbered instructions. The following worked for me: 1... Reboot in safe mode (pressing F8 repeatedly as soon as boot-up begins). 2... Go to C:\Windows\System32 3... Go up to "view", and select "details". 4... Go up to "view" again, and arrange icons according to LAST Modified. 5... Simply delete the ones with the date & time (or later than the date & time) that the infection occured. Some may reappear while you are doing this, so do a <ctrl><alt><del>, and select "processes". Kill the processes of files along the lines of mssearchnet, msvol, ncompat, nvctrl, and any other that seem to reappear. 6... While still in safe mode, Go to Settings/control panel/internet options, and under the "general" tab, delete cookies, delete files, and clear history. Switch over to the "programs" tab, and click "reset web settings," leaving checked the box saying "also reset my home page." If there are files that it won't let you delete during this process, then rename them(change the extention to ".old" or something), and move them to the desktop (They are probably not associated with the infection.) Reboot back into normal mode. Presto - everything should be fine! You may have to move any of those files that you renamed and moved to the desktop BACK to the C:\Windows\System32 folder. In my case, I never did find any file named "svchosts.dll", so that may be why it was this easy. That last "s" is very important! REMEMBER: DO NOT delete "svchost.dll"!

I solved very quicly using a restore. I used the the one before the date I began with the problem it really get my nuts. Nobody has to buy spyaxe, they has to pay for what they are doing.

I've got the same thing.......i tried to go into system 32 and delete msseach, nvctrl and mscornet, but it won't let me delete because it says active files in use. When I go to taskmanager, mssearch keeps popping up after I try to select and end process. I've got Spybot and Ad-aware and NOTHING. I realize this SpyAxe is the culprit itself and does anyone know why this software maker can't simply be shutdown???? I talked to the organizaiton trying to shutdown these guys and he said its referred to as extortionware. This stuff is driving me mad. I did download Mozilla which works ok, because this SpyAxe had hijacked my homepage taking be back to its offer to download their spytrooper and spyaxe.........

I think the best method would be to use the windows XP SYSTEM RESTORE feature. I got the spyaxe 2 h before, tried to delete the associated exe's by startin in safe mode/command prompt but didn't help. Then I restored my windows to a previous date. Everything OK now.

THANK YOU BIRDIEGUY!! I LOVE YOU!! I am a fourteen year old kid who wanted some game demos and what I got was a full scale attack on my computer. I got rid of most but this one was tickin' me off and I knew if I told my dad what I did, well, let's not go there. THANK YOU SOOOOOOOOO MUCH!

Greetings all, Birdieguy's instructions helped this poor boy out. I am running Window XP Pro and it worked like a champ. I love forums like this and hope one day I can provide some useful info to you all. Thanks again.

You're welcome! However, I'm not completely convinced that the next time I reboot, it won't be back, so I've done another few hours of looking around, and was directed to this page. There's a TON of excellent stuff here in case anyone needs it: http://www.spywareinfo.com/articles/hijacked/ It reminded me of one important additional thing I wish to add to my list from last night: 1 - Go to "Start", then "run", and type in "msconfig.exe". 2 - Select the Startup tab, and look to see if "SpyAxe" is listed. If so, uncheck it, click apply, and then OK. (IT WAS IN MINE, just now!) I haven't tried the system restore feature. That kinda scares me, but GENTLEMAN may have something there. I'm afraid to reboot, but when I do, if all this comes back (which I fear) I'll do everything I've done before, and then I'll be hitting hard the page I linked above. Take care, all!

Every time I get rid of the things that you guys have said are infected, they just seem to come right back. What do you say we storm the 'spyaxe' headquarters and molitov cocktail their roof :) Please help me remove this junk. -Greg Logfile of HijackThis v1.99.1 Scan saved at 5:57:56 AM, on 12/13/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\SOUNDMAN.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AIM\aim.exe C:\Program Files\Steam\Steam.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Warez P2P Client\warez.exe C:\Program Files\Workspace Macro Pro 6.0\WMPHotkeys.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\system32\nvctrl.exe C:\Documents and Settings\Kelli\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hp327A.tmp O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [seticlient] C:\Program Files\SETI@home\SETI@home.exe -min O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.0\WMPHotkeys.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Thanks Birdieguy. I got infected today with Spyaxe and tried your method. It worked as i managed to detect the file "ioctrl.dll" instead of "svchost.dll". I renamed the .dll extension to .old. This should temporary solve the problem until antispyware tools such as adaware comes out with their latest definition. Stay cool!

CORRECT SPUNKY- Saved my ass- It appears that svchosts.dll is so early November- THE NEW OFFENDING FILE IS IOCTRL.DLL. It will be in your Win32 folder. It must be killed using Killbox. As soon as I murdered it in Safe Mode, the damn popup in the tray (which even ran in safe mode) poofed. Dead. So they got smart and re-named the DLL. Fox

Hello all, Thanks for the info! I think i got it ok. I`m no tech of any means but the info was invaluable! I think i did this right . The only thing i dont know if it was right was the svchosts.dll . It wouldnt delete so i changed the dll to old. Is this what i was supposed to do? Everything stopped for now so maybe i`m on the right track. By the way i got this thing from downloading adobe reader so i could read a bus schedule from my local county website! Let me know if i need to change anything. Thanks again Guys!!

All the credit goes to Birdieguy...I bow to you my friend!! I tried to put it all in very simplistic terms for people that aren't that computer savvy to understand. It was quite a challenge for me to say the least. If I forgot something please let me know :) Start your computer and push "F8" vigorously till you come to a black screen. At the top of the black screen you'll see "Safe mode", using your arrows scroll up, highlight it and hit "enter". This will take you to a screen that will allow you to access your desktop. Wait till your desktop appears. Go to start menu...then click "search"...then click "files and folders in C Drive"...then search for "ioctrl.dll"...right click on "ioctrl.dll" and at the bottom you'll see "rename"...rename it to "ioctrl.old"...then restart your computer in normal mode and it shouldn't show up in the icon tray. Using the same process to search for a file as I stated above from the start menu, find the file "ioctrl.old"...right click it and hit delete...it should take a short trip to your recycle bin...now delete it from there also...nice huh...it works :) Now go find the file from response #43 and delete it also. It would also probably be a good idea to delete anything in "System32" that has shown up there since the whole problem started...all this really isn't that diffucult...GOOD LUCK!! PS >> Instead of the file "ioctrl.dll", you might find "svchosts.dll", just rename the "dll" part to "old" it should work for either one. Paul

MS is trying (they don't want IE to drop another 10-20 points) Use tools and Advance to get best use of the program http://www.microsoft.com/athome/security/spyware/software/default.mspx Spyware Scan Details Start Date: 12/12/2005 9:23:36 AM End Date: 12/12/2005 9:29:43 AM Total Time: 6 mins 7 secs Detected Threats SpyAxe Potentially Unwanted Software more information... Details: SpyAxe is an antivirus/antispyware program confirmed to be installed via Trojan Exploit on some websites. In addition to the application itself, a toolbar may be installed as well. Status: Removed High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected C:\Program Files\Security Toolbar\Security Toolbar.dll C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr7BDD\SpyAxe.exe C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr7BDD\uninst.exe Detected Spyware Cookies No spyware cookies were found during this scan

its good that All spyware removers started adding spyaxe to their removal lists. anyway they are a bit late. Spyaxe spread a lot. Anyway from my personal research the first program which added spyaxe to their removal list (and it was a month ago) was spyware doctor. A bit later added spysweeper, counterspy. Adaware and Msantispyware added just few days ago. I saw post that spyware doctor remove spyaxe without comming back, spysweeper has some issues.

Hi, I was just wondering if anyone had any new solutions to this problem? I've tried everything and can't get rid of it. I've used Norton antivirus, panda, hijackthis, smitrem, killbox, ewido, adaware and still nothing! I've also tried to remove all svchosts.dll files, Thanks

I would just like to say a massive thanks to phorr20 (Paul) for making the solution so simple. I'm not the best with computers and I found this solution works a treat. At last I have got rid of the annoying pop-up speech bubble! It was ioctrl.dll I had to get rid of and not svchosts.dll. Hopefully it won't come back again! Now if only I could think of a way of getting SpyAxe back...

Thanks, Paul...my system is free of Spy Axe!!!

Birdieguy is the one that had the solution...I just got more detailed on how to do it. I'm glad we could help! Paul :)

I have a problem: neither ioctrl.dll nor svchosts.dll are found on my computer! Please help, this program is driving me nuts!

Huge thanks to both Birdieguy and Phorr20 !! My system is finally SpyAxe FREE!!! Just doing full system scans with Norton and Trend Micro AntiSpyware , defrag and all should be as fast as ever !! Thanks again !!!! Pete

Go to the start menu...search in "Local Hard Drives (C:)" for "system32"...the system32 folder should show up...open it...go up in the top left corner of the page and click "VIEW"...when that opens click "details"...that should make it easier to search for it. They should be alphabetized...also look for folders that were created about the same time the problem started. If you don't find either folder there...I don't think I can help you...it's the only way I know...Good Luck!! If I forget something someone please let me know! Paul :)

ummmmmmmmmmmmmm.......... this is that fourteen year old kid, and I restarted my computer once more and spyaxe appeared again. I was nervous and decided to take another look at this forum, and saw that I had forgotten to delete ioctrl.dll. I just did this and I am too afraid to restart again. I also see that people are saying this is a temporary fix.......oh, god PLEASE tell me this is a full fix, I have no idea what to try if it comes back, AGAIN!:(

Thank you Birdieguy! However, being the novice as I am, I nedd to ask one follow-up question. SpyAxe is still in my Start menu (Start - All Programs - Spyaxe) I have no more problems with pop-ups and so on, so the REAL treath is gone. I would howver be happy to get totally rid of spyaxe. I'm a bit affraid of messing arround with is as it may be a "sleeping bear"... Please advice! ty! ET

Many thanks to "Birdieguy" and to "phorr20" for the simplification of the process (I'm a complete duffer on these matters) I followed the instructions from "phorr20" the problem appears to be sorted, I could not find c:\windows\system32\hpA75B.tmp. being from response 43 (DeerHunter)I may need another simplification from "phorr20" to find this or it may not exist. Again many thanks to you both (and to DeerHunter, who I am sure has given sound advice). Merry Christmas and a Happy New Year to all (except obviously those B***ards at spyaxe).

Hi, Thanks again to the advice on this forum that helped me get rid of the annoying pop-ups from spyaxe. I know this may sound like a stupid question, but since spyaxe came on my computer, the borders for my microsoft programs (Search, favorites, back buttons etc.) has changed to what seems like the older version. I know it's just an aesthetic problem but it would be nice to change it back to the modern look! I was wondering if anyone knew how to change this? I've searched 'help' and can't find any solutions there. I also still have spyaxe in my start menu, but I'm not touching it in case it all starts again! Thanks to everyone and Merry Christmas!

ET (#74)...go to your start...find it in your programs and uninstall it...everything should be alright. I'm no computer genious but I think you'll be fine. If it comes back just use the same precedure...but uninstall it from your programs before you do everything else. Lawrence (#75)...Search for the file the same way you searched for the other files in system32...Go to start menu...then click "search"...then click "files and folders in C Drive"...then search for system32...open it...go to the top and click VIEW, then click DETAILS and it will arrange them so it's easier to find. If it's not there I don't know what to say but this....Good Luck? It's possible that if you delete any folder thats been created in system32, since the problem started it might help. If the problem started within the last couple days...I would delete them...if you've had it for a month or more...it could be slightly risky because you need some of those folders. I had my problem for three days and deleted any folder in system32 that was 4 days old or newer...I'm fine....once again Good Luck!!

One quick question. Is system restore in XP pretty much doing the same thing as birdieguy and phorr is suggesting? Or is their way better than system restore?

That worked for me but I have an additional problem. It seems to have hijacked my email. I get about 400 (and growing) outgoing email Norton scans and 400 corresponding error boxes on not being able to send the message. This basically locks up the entire system.

I followed response no. 51 and used the link http://forums.mcafeehelp.com/viewforum.php?f=49&sid=fb4fb84d549495cb8765cfd2b9b01148 as mentioned in that response. i used it because it was from reliable source, i.e., mcafee. And solution worked for my PC I found this site to remove Spyaxe spyware

Use #52 from birdieguy IT WORKS, and be sure to read his response #58 and make sure it is unchecked from the startup menu. I was not as fortunate as you all, the spyaxe appeared on my computer today and i exhausted every solution i could think of trying to get rid of it (not knowing of this forum). so i unfortunately payed spyaxe to download the 'full version' and paid $52. It supposedly uninstalled it, but later after finding this forum, it was STILL on the computer and i had to manually extract it using birdieguys response. The phone numbers for this company are totally bogus, one is for a flower shop, and i hope these people burn in hell for this!!! but a great thanks to birdieguy.... if only i was here sooner....

lawrencesnipe, The SpyAxe file responsible for hijacking your homepage is hp****.tmp, where **** is a string of random alphanumeric characters. This file will be in C:\Windows\System32. Look for a file that has this format and delete it, then your homepage hijacking will stop.

spyaxe was driving me nuts for at least 6 weeks maybe even 10 weeks. I was reading all the suggestions above and most of them seemed beyond my abilities. Then 2 days ago My Mcafee protection that I pay $2.95 a month for through AOL scooped it up and it's all gone! I wonder why it took them soo long?

for those of you who cant seem to get rid of spyaxe with all the methods mentioned above I have posted an easy fix for spyaxe on my site. http://www.counter-hack.net

DeerHunter (response 82) is right but it best to delete all files in C:\Windows\System32 from the date when the problem started. If the files cannot be deleted because they "are in use" then go to the link below and download MoveOnBoot, when you run this program it is self explanatory and will get rid of the problem. Spyaxe had been bugging me for 7 days. http://www.softpedia.com/get/System/Boot-Manager-Disk/MoveOnBoot.shtml If it isnt broke, dont fix it

The Regestraint of www.spyaxe.com is: Administrative Contact: SunShine Ltd David Taylor (Whois Privacy and Spam Prevention by Whois Source) 187th Ave, 5 King County Seattle Washington,98101 US Tel. +206.9543154 E-mail: david.alant@gmail Maybe He will Know how to get this crap off the computer.

Don't get mad - get even. If you were duped or forced into paying money to the SpyAxe people (1) notify the credit card company you used that they (the credit card company) are assisting in fraud and that you are not going to pay the charges for SpyAxe. Once the credit card company is put on notice of the fraud, if they continue to allow SpyAxe to defraud consumers out of their money, they are accomplices (remember, the credit card companies are taking a percentage of the charges you are paying, so they, too, are profiting from you being defrauded - sounds like a nifty class action) (2) notify your local law enforcement authorities of the fraud - it's probably wire fraud under federal law - and demand they take action. If these jerks obtained money through credit card transactions, there will be a trail back to them if you can find a law enforecment agency willing to follow it. I bet they made a fortune off the misfortune of others. They really ought to be made to pay!

I have had Spyaxe too. I used birdieguy with good results but I kept reading. When I carried out his list afterwards I found a new folder C:\program files\ spyaxe. I could only delete this in safe mode. It had been created as I carried out birdieguy's instructions. I then did a search of my C drive for anything called spyaxe and found C:windows\prefetch\ spyaxe.exe-10E9F12A. I deleted that too. beemer

SpyAxe has caused alot of trouble for alot of people. I'm trying to put together a class action lawsuit against them. If you are interested in being a part of this, visit http://suespyaxe.blogspot.com/ It's a communal blog where usueful information is provided with your help. It's brand new today, so help me get this going.

here are spyaxe removal instructions that helped me to get rid of that pesky spyware: spyaxe removal

spyaxe: I have Windows XP, to get rid oif this pesky problem I reverted to a previous restore point in my system and it all went away.

HELP!!!!!!! Nothing is working! Everything I have read I have tried. I ran smitRem, l2mfix, deleted those two System 32 files, ran McAfee which has not picked up on it at all, Microsoft Antispyware which said it found it and deleted it yet I still get these yellow popup text boxes from the start bar that says my computer is infected and it opens a spyaxe webpage if you click on it. Here is my Hijack this Logfile of HijackThis v1.99.1 PLEASE HELP!!!! MikePage

I had a newer version of SpyAxe that had very annoying regenerative powers. AdAware would find it and kill it, but it kept coming back and the message in the system tray kept re-appearing. I followed the suggestion of deleting everything in the System32 folder from the date when the trouble started, but there was one folder that wouldn't go away. It was wbeconm.dll. A google search for that file returned zero results, so it doesn't seem to be a critical system file or anything. I tried to delete this file while running in Windows normally and in safe mode, but the system wouldn't let me. What did work was rebooting, hitting F8 for safe mode, then going into the "recovery console" or something like that, I forget what it was exactly. Then I started up option number one which was I believe MiniNT or something like that. It basically just gives you a DOS prompt. Then do this: cd c:\windows\system32 del wbeconm.dll That deletes the troublesome file. Next I restarted windows. I was a little worried when it said that I needed to activate windows. Had I deleted something that really was important for windows? I don't know. But after I activated windows again, which only took about two clicks, the SpyAxe pop-up in the system tray was gone. I ran AdAware again, which delted all the files and now it looks like SpyAxe is finally gone!

OK, so the birdieman, paul and xnickmx's theory combined gave me the power to vanquish this mighty foe, the mutant that it is. I just deleted all system 32 files that weren't ancient or important to me and used dos to delete difficult files. So after 2 minutes of work and hours and hours of research my sanity is seemingly restored. Thanks all. "There are 10 types of people on this world, those who understand binary and those who don't"

I was able to remove spyaxe as follows: 1. Download Ace Utilities 3 from http://www.download.com/Ace-Utilities/3000-2086_4-10461216.html?tag=lst-0-1. 2. Reboot in Safe Mode. 3. Open Command Prompt. 4. Open Ace Utilities. Select "Erase Your History", go into the Windows tab and select all options other than Delete Outlook Express's Deleted Emails and execute the function. 5. As soon as this function has executed, quickly go to Command Prompt and type cd c:\windows\system32 del wbeconm.dll. This worked for me.

Removing new Spyaxe variant and Task Bar Fake Security Popup -- xnickmx in response 93 is on the money with the new ofending file -- wbeconm.dll. There is a similar legit Win file. I bet SpyAxe will keep morphing before this is over so keep the general approach in mind. Also see responses 52 and 61. My 16yr old apparently picked it up from a remote server during COD2 play. The pop-up was noticed when he logged off. He said it was not there when he logged on. It seems to have gotten past the the Dec 14th XP MS security updates/patches that are supposed to block it. Note the fake security task bar message is present in safe mode. After the fact, the offending dll appears to be linked to Windows Explorer. The removal process that I used follows: Tools: SmitRem and KillBox (Killbox.zip, web search), also used Adware, Spybot, and Ewido. And your favorite beverage and snack food. Follow directions for SmitRem (the file I used was dated 12-26-05 ) ;^) 1) Turn off system restore, reboot into Safe Mode. 2) Run SmitRem 3) Search for wbeconm.dll It should be in the system32 folder. 4) Next Run Killbox browsing to (my case)C:\Windows\system32\wbeconm.dll Check the delete file and unregister dll boxes. After running Killbox the popup goes away. 5)Run Adware, Spybot, Ewido or any other scanners to remove more junk. They all found stuff the others missed. This took me about 21/2 hours elapsed time. 5)Reboot into normal mode. I had to reconfigure my display themes, desk top, and appearance. Turn on system restore. Once done the system was rebooted again. I had made it through about half the recent suspect files by checking them out on the web. Frustrated with my lack of progress I searched the web for updates to my previous search and found Response 93. May joy fill your new year. George

Thanks for all the above. I read it all with trepidation! However as I have WinXP I was able to solve the poisonous SpyAxe problem by performing a System Restore to yesterday (ie the day before I was struck by SpyAxe). Thanks All. Mike

I'm trying to remove this from a friends computer, luckily not my own. My problem is that all the fixes that seem to be working for others start with going into safe mode. I get a blue screen of death every time I attempt to do this. I'm not sure if this is a new morph or if the computer just has other issues. I'm going to try a system repair tonight to see if I can make safe mode work again. Anyone else have this problem, or any ideas that might help?

The instructions in this link for removing SpyAxe work well: http://malwareremoval.com/plog/index.php?op=ViewArticle&articleId=48&blogId=3 You can read the comments and see feedback from folks about it. Suzi Spyware Warrior MS MVP Windows-Security 2005

Hi everyone, i decided to create an account here after the response made by Birdieguy aided my success in removing spyaxe!! (oh,i'm so happy) I reAlly sent a whole load of time on this irritating spyaxe. (dun worry e advertisers will surely be struck by lightning). I would like to say thanks to all of u!!!! especially Birdieguy, he saved my life. However, if by chance u are infected by spyware and haf juz follwed Birdieguy's instructions to remove it, i would recommend u check ur system tray for spyaxe. i duno abt e other windows editions but if u're using windows XP here's how it goes---> If u are using Birdieguy's method of removing spyaxe, after everything remember to do a full system scan for any virus 1st(Norton AV is most reccommended). then, after everything's set and all spyware products are deleted frm ur computer(or so u thought), right-click on ur taskbar, then click properties. A window "Taskbar and Startmenu properties" will appear. On the taskbar tab, click customize. Another window will pop up. As u scroll down u can see there'll be a list of icons under "Past items". If u spot spyaxe there, customize it to 'Always hide' 1st.(juz for safety reasons) So, when u see tt hated spyaxe icon im sure u wan to remove it rite?? ok very simple, juz go to this website http://support.microsoft.com/default.aspx?scid=kb;en-us;283084 (dun worry tis is an extremely virus-free website) Juz follow e instructions n that'll truly be e last u'll see of DAMNED SPYAXE!!HAHAHA!! Oh yah, remember to delete frm registry key very carefully. For ur extra information, to open Registry Editor, simply go to Start>Run, then in open box type 'regedit'(without inverted commas). To open task manager, go to Start>Run, then type 'taskmgr'. Hope this piece of information might help some of you!! =) P.S. Good Luck to all of u!! it's really very simple if u focus! Hope to hear frm u guys!

After trying everything from anti-virus programs to spyware detection programs, this cleaned up my computer. Yay!!! It's simple and it works. Took less than 30 min. http://www.spyware-removal-guideline.com/spyaxe-removal about a third of the way down the page are the removal instructions

Simple solution I found. My sister contracted this nasty little beast so I had her download the trial version of Kaspersky, which you can also try here.. http://www.kaspersky.com/trials , the antivirus I use now( I personally do not like my antivirus bundled with anything else but they have those available too) and had her update spybot v1.4. Once she did all of this I had her go to her task manager, kill all processes that were unnecesarry. Run Spybot, clean that up. Run full system scan with Kaspersky, clean all of that up. reboot and rerun Spybot and Kaspersky again and clean up those files and had her do a search for the suspect files searching in hidden files and folders also. Her system is running A-OK now. Peace. Hope this helps you have a happy new year. Johnny from SoCal How do I? EL oh EL!

Thank you so much for this forum. I had managed to solve most problems, using uninstall, Noahdfear SmitRem (response 42) and and an updated Norman anti-virus scan, but the homepage thing really unsettled me. Deerhunter's fix (response 38) was all it took to finally get me back to normal. Thanks again.

Correction when I reboot, a new hp***.tmp file is generated ... so I do have some more work to do.

I've seen several references to delete spyaxe etc, out of the registry, but none has provided exact detail. Being that the registry is extremely important, precision detail of this particular step would be appreciated. Do I simply delete the entire spyaxe directory? And does anyone know anything about WinHound Spyware? I suspect it to be associated with SpyAxe...

Followup to my 105 post... The desktop of one of my user profiles was pirated (proper term?) and replaced by a screen stating something like "your pc has been infected with a virus" It presents as a yellow and black screen. The pirate background replacing the normal desktop was file c:\windows\warnhp.html. This screen contained an active weblink (e.g. like "go here to fix...") to a suspicious website. I deleted the file but still cannot recover the original desktop which flashes when the log-off is executed. My next step may be to delete the profile... but first, has anyone had a similar problem and know an alternative solution? Thanks to you all! PS you folks - certainly DeerHunter, Birdieguy, and phorr20 - have provided great info toward killing this crap! Those SOBs should be prosecuted to the hilt...

I am also dealing with this Spyaxe nightmare in XP. I've followed birdieguy's method and so far, so good, but I still have bad feelings over this infection and I'm not convinced that it's all there is. For instance, in my C:\Program Files directory, I find a sub-directory called: "xerox" and it contains another sub-directory: "nwwia." I have deleted these files many times in "Safe Mode," but they keep coming back. AVG, Spybot & Ad-AwareSE do not flag the xerox files. Thanks for your help. Denny....

McAfee posted an entry about spyaxe and even lists the files and changes in the registry key it adds or makes. so if you run regedit you can go thru and remove it. here's the McAfee link: http://vil.nai.com/vil/content/v_137422.htm I also here Microsux finally got it's ass in gear with some kind of beta spyware software (if its like any OTHER MS software prepare for other problems or more patches later! :-) music for the muses and putting the indie in film www.indiematrix.com www.avantstrangel.com

SpyAxe must be brought down. Those responsible should be not only stripped of their illegal profitting, but also thrown in prison. If you have been hit by SpyAxe, you should do the following: 1) file a complaint to the FTC at fbi.gov 2) consider legal action at suespyaxe.blogspot.gov

I have one residual issue remaining (or so I think). I absolutely can not remove an erroneous background (white) from one of my pc user's desktop profile. Start > Control Panel > Display opens the usual Display Properties Window but changing the background has no effect. Execution of a right-click on the pirate desktop itself - in an attempt to access the Display Properties Window - opens a bogus Properties Window that returns a Display Properties with only one tab on it. Within this window, the source file to the background is c:\windows\warnhp.htm. I deleted that file 2 days ago! How suspicious is this??? "Hmmm, let me think." Anybody have a solution? I believe I've executed virtually all of the options provided from the following: (1)"By Nick Tyrell post 20-Dec-05 at" http://www.infopackets.com/channels/en/windows/nicks_computer_security/2005/20051220_remove_spyaxe_removal_instructions.htm/ (2a)www.2-spyware.com/remove-spyaxe.html/ (2b)www.2-spyware.com/review-spyaxe.html/ (3)www.spyware-removal-guideline.com/spyaxe-removal/ (4)www.noahdfear.geekstogo.com/ (5)www.counter-hack.net/ Great info from all - I recommend that you read everything BEFORE you act. SOBs may be laughing now - But how many volunteers will there be chompin' at the bit to volunteer when the time comes with the opportunity to throw the switch when they get strapped into the chair??? I hope they FRY. If you have a solution, please email.

FOR EVERYONE THAT CAN'T FIX IT.... No longer is svchosts.dll, ioctrl.dll, or wbeconm.dll the "last" file you must delete. Now the file name is "netwrap.dll" and is located in the system32 folder. Just rename it to netwrap.old, restart, then delete your netwrap.old. Also, careful not to accidently confuse netrap.dll for netwrap.dll HOPE IT DOESN'T CHANGE NAMES AGAIN!!