Can't remove spyware (SpyAxe)

In step 6 of the READ ME, did you click on the link to:

Special Removal Procedures to see if your problem is covered there (for example: about:blank or HSA hijacker problems, SpySheriff, Smitfraud, Virtumundo aka WinFixer)

If you have Smitfraud problems, run that procedure. If still having problems afterwards, continue with below.

Make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

 

Please follow directions so that we can help you. You do not even have the correct version of HijackThis which means you did not follow the steps in my previous message.

Please make sure you answer the below questions too:
1) Did you run the Smitfraud removal procedure?
2) Did you save the SmitRem log?
3) Do you still have Smitfraud problems?
4) Did you first look in Add/Remove programs for SpyAxe and try to uninstall it? If it is not there, we can still remove it with another method.
5) Do you use eBay Toolbar? It looks broken.

 

Your OS & IE versions are way out of date and represent a major security risk. After we fix your current problems, you must address this. We will talk about that later.

Also you are running without any antivirus protection. This is a very bad idea.

Is there something you are using Microsoft Scheduling Agent for? It is running:
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon

mstinit.exe is a process belinging to the Microsoft Scheduling Agent which deals with the automation of tasks such as anti-virus and defragmentation. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.


If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll (file missing)
O4 - HKLM\..\Run: [SpyAxe] C:\Program Files\SpyAxe\spyaxe.exe /h
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing


After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\Security Toolbar <--- the whole folder
C:\Program Files\SpyAxe <--- the whole folder


Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

System Restore should still be disabled. You were supposed to disable it in step 1 of the READ & RUN ME and leave it disable until all malware has been fixed.

You did not answer my question:

You need to enable PM's (Private Messages) in your user profile. There is something I need to send to you to do via PM to help fix the problem with the Taskbar.

 

You're welcome.

I would look for Microsoft Scheduling Agent in your tray and right click on it and see if you can disable it from running. If we use HJT to fix it, it may delete the file which is not what you want to do for this file. We just want to stop the agent from running.

 

Let's try to fix the scheduling agent manually.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixmsa.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixmsa.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Then you should move on the below link and complete all steps. The first step in the link will discuss Microsoft update. Another step will give you some suggestions for an antivirus application.

How to Protect yourself from malware!

 

Did you get any messages about genuine windows validation or similar? Your copy needs to be validated or you will not be able to get the updates. Did you try Express or Custom update?

Did the registry patch work? Is that scheduling agent line now gone from your HJT log.

 

What download failed? The download of the license agreement? Or did you actually get to the point where downloading of patches/upgrades began. Validation is part of the Windows update process now. It winds up adding something to your PC (an O16 line will show in HJT that indicated Windows is genuine).

Did the registry patch say it add into the registry okay?
Do you know how to run and use regedit?

 

I do not believe your problem with MS Update is from malware but I cannot be positive!

First try this:
- disable your ZoneAlarm firewall and then try Windows Update

If that does not work for you, then let's start by getting the WinXP SP1a patch installed. It is a least a start in the right direction. You should be able to get this full SP1a download from

http://www.softwarepatch.com/windows/winxpsp1.html

Download the file and then install it. As typical, this is a very large file (over 100Mb). Afterwards reboot and then post a new HJT log.

 

I'm not sure what is going on right now with Windows Update. You may have to ask this one in the software forum.

Thanks! Enjoy the holiday too.