Hi everyone i have a big problem and i know there is alot of you who know how to help me out with using highjack this to delete my bad files. but anyways when i turn my computer on a window pops up in the lower right hand corner and says "your computer is infected! dangerous malware infoction was detected on your PC. the system will now download and intall most efficient antimalware program to prevent data loss and your private info theft." and then it automatically starts downloading spyaxe.. what do i do? i have the highjackthis results but dont know what to do with them

thanks

Post your HT log please.

here is the highjack this log i recieved ... its a long one

Logfile of HijackThis v1.99.1
Scan saved at 3:07:59 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvctrl.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpyAxe\spyaxe.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vOLcOmSuPeRhER0\My Documents\drivers\highjackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe,wsnmgers.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnmgers.exe,C:\Documents and Settings\vOLcOmSuPeRhER0\Application Data\Explorer\wsnmgers.exe
O2 - BHO: HomepageBHO - {1ca480cd-c0e5-4548-874e-b85b17905b3a} - C:\WINDOWS\system32\hpCC08.tmp
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [kmfpbnuk] C:\WINDOWS\system32\kmfpbnuk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe
O4 - Startup: ms.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Remote Messenger - {B084A531-1397-4BA2-9D71-197374A70381} - C:\WINDOWS\system32\pythwave.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

thanks

oh and also for some reason my computer all of the sudden will not let me open spybot SD, ez antivirus, or ad aware se ???

thanks

Download smitremfix from this link
http://noahdfear.geekstogo.com/ to your desktop.Open the file and it will extract itself to a new folder called SmitRem.(don't run it yet)

Download Adaware SE from this link http://www.lavasoftusa.com/software/adaware/ ,update it but (don't run it yet).

Download Ewido Security Suite then set it up this way Ewido Setup Instructions (Don't run it yet) reboot into Safe Mode

Now open the SmitRem folder. Find the RunThis.bat and click it. Make sure all other open windows and programs are closed. If you haven't done this, then the program will remind you.Follow the onscreen direction and let smitremfix run, then disk clean will run(take a few minutes.

Run Ewido When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop in case you need it later.

Run Adaware SE

Reboot into normal mode and post a new HT log

ok well i think that worked because spyaxe and the update homepage are both gone but.. now my taskbar is grey and old looking and i try to change it under properties but it does no good... any info? thanks heres the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 6:16:17 PM, on 12/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vOLcOmSuPeRhER0\My Documents\drivers\highjackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe,wsnmgers.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnmgers.exe,C:\Documents and Settings\vOLcOmSuPeRhER0\Application Data\Explorer\wsnmgers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [kmfpbnuk] C:\WINDOWS\system32\kmfpbnuk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe
O4 - Startup: ms.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/ChatSource/gVideoContol.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: Remote Messenger - {B084A531-1397-4BA2-9D71-197374A70381} - C:\WINDOWS\system32\pythwave.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Wile I'm looking at your HT log run this desktop cleaner (fix) from Mosaic1.

This fix is only for XP & Windows 2000

Download and Save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe and double click on the cleandesktop.exe

It will automatically extract to c:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file "blah blah blah" then don't worry just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the big cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

I have included another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5

You will need to do this step for every user account

Reboot into safe mode and set the computer up to view hidden files by going to start>control panel>folder options>view tab>tick the circle beside"show hidden files and folders" and untick the box beside "hide extensions of known file types" and hide protected system operationg files".

Run HT again,close all windows and browsers, place a check to the left of the following item and press "fix checked".

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=pavilion&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe,wsnmgers.exe If you know what this is don't delete

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wsnmgers.exe,C:\Documents and Settings\vOLcOmSuPeRhER0\Application Data\Explorer\wsnmgers.exe If you know what this is don't delete

O4 - HKLM\..\Run: [kmfpbnuk] C:\WINDOWS\system32\kmfpbnuk.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe If you know what this is don't delete

O4 - HKCU\..\Run: [Remote Shedule] C:\WINDOWS\system32\wsnmgers.exe If you know what this is don't delete

O4 - Startup: ms.exe

O21 - SSODL: Remote Messenger - {B084A531-1397-4BA2-9D71-197374A70381} - C:\WINDOWS\system32\pythwave.dll (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Now navigate to the files/folders and delete them if found:

C:\WINDOWS\system32\kmfpbnuk.exe (file)

C:\WINDOWS\system32\wsnmgers.exe (file)Unless you know what it is

C:\WINDOWS\system32\ms.exe (file)

C:\WINDOWS\system32\pythwave.dll (file)

There is no need to run all these spyware scans and other software !You can get rid of
Spy axe and the virus's it planted on your computer which are :
(mssearchnet.exe,mscornet.exe,nvctrl.exe)

in six simple steps which should take no more than 20 minutes tops(it only took me ten) in this guide!
the guide is available @
http://www.freewebtown.com/gamesrule/TheCure.txt

Oh and any time it trys to install Spyaxe click X straight away as spy axe alows virus's access to your computer

Spy Axe Remover Guide @
http://www.freewebtown.com/gamesrule/TheCure.txt

SPYAXE SUCKS!

Dont go anywhere near this product that purports to be a free malware scanner. I did and even taking advised steps to clear it, it kept re spawning, coming up with multiple pop ups and incescent warning that my PC was infected. Yes it was Spyaxe! Going to their site for the removal tool did not allow me to download it - a pure scam. This is a gotU product in an effort to make you buy their product. After 2 or 3 hours trying to remove it from various program files and many registry entries I was still getting problems.

I tried Norton, Spybot and Adaware all to no avail although they did remove some files. Finally I dowloaded PC Tools Spyware Doctor - a first class product that finally deleted all the malware etc that had been installed from SpyAxe.

This was money well spent on Spyware Doctor as it clered up some other issues but most importantly includes "On Guard" to protect from other companies and downloads similar to SpyAXE.

Wll Spaxe refund the cost of Spyware Doctor? I think not as they are abunch of crooks.

The information I found on http://noahdfear.geekstogo.com/ about removing SpyAxe worked like a CHARM for me!

Do exactly what it says and you will get rid of the EVIL SPY AXE for good. Boyyyyyyyyy, I'd like to give that software creator a HUGE piece of my mind right now -- grrrrrrrrr!

I have CounterSpy, SpyBot and Ad Aware, and still this spyware got through. I'd like to string up the little b---tards who created this software!

SpyAxe removal steps
Summary: This document explains how to manually remove SpyAxe from the computer.

Removal Instructions

Boot into Safe Mode with Networking
Shut the computer down so the power is off.
Wait 20 seconds or so.
Turn the computer on and immediately begin pressing the F8 key on the keyboard once every second repeatedly. Do this until the Windows Startup Menu appears. If you get a keyboard error, press F1 to resume and then continue pressing the F8 key once every second.
Select option Safe Mode with Networking, and then press the Enter key on the keyboard.
Windows will then boot into Safe Mode.
Note: This may take longer than a normal boot.
At the end of the boot process, a dialog box will appear informing you that Windows is in Safe Mode. Click OK on this dialog box.
Windows is now in Safe Mode.

Once you are in Safe Mode with Networking do the following:
Click Start button
Click Run
Enter the following text: C:\Windows\System32
A window with a list of files will appear.
Delete the following files from the window:
Note: To delete the files single click on the file so it is highlighted and then press the Delete key on the keyboard to delete.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
hpA75B.tmp or all the files similar to hpXXXX.tmp where X may be any character.
Note: If some files do not remove please reboot again and come back to Safemode with Networking and try removing the files again.

Remove Spyware from Add/Remove Programs
Click on the Start button
Highlight then click on Control Panel. The Control Panel will then appear.
Windows 2000 users - Highlight Settings then click on Control Panel. The Control Panel will then appear.
Double click on the Add/Remove Programs icon. The Add/Remove Programs Properties dialog box will then appear.
Locate SpyAxe on the list of installed programs and single click on it so it is highlighted.
Click the Add/Remove button.
Note: If at any time you are prompted to remove Security Tool, answer Yes To All.

Delete the Registry Keys
Backup the Registry
Note: For instructions, in how to backup the registry click here.
Click Start, and then Run.
In the Open field, type regedit. This will open the Registry Editor.
Search for the following entries one by one and delete all the instances of it from the registry:
Note: To find the entries Click on the Edit menu and click on Find. In the Find What field, type the name of the entry and click on Find Next. When the instance is found Press the Delete key on the keyboard to remove this entry.
mssearchnet.exe
mscornet.exe
nvctrl.exe
svchosts.dll
SpyAxe
Svchosts.dll
Close regedit
If you have Windows XP SP2, open Internet Explorer. If you don't have Windows XP SP2 ignore this step.
Click on Tools
Select Manage Add Ons and click
Select HomePageBHO and disable it
Select and disable Security Update Tool bar from the Add Ons.

Check if SpyAxe folder is present in your computer
Click Start (bottom left corner of your screen)
Click Run
Enter the following text: C:\Program Files
A window with a list of files will appear.
If SpyAxe folder is present, delete it
Reboot
Your computer will start in normal mode and the issue will be resolved.

Notes on SpyAxe