I attempted to remove SpyAxe from my PC using the sticky post above and it did not remove it. Everything seemed to work during the process, except after I ran the RunThis.bat and it removed everything it went to the disk cleanup but nothing seemed to happen. There was no delay, just jumped right to the Windows Safe Mode prompt. I looked for the files to delete but they were not on my PC. Below are the 3 logs, and thanks in advance for the help.

---------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:57:47 PM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Gateway User\Desktop\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O1 - Hosts: 209.66.114.130 sitefinder.verisign.com
O2 - BHO: HomepageBHO - {27150f81-0877-42e9-af13-55e5a3439a26} - C:\WINDOWS\system32\hp5BE2.tmp (file missing)
O3 - Toolbar: CM Band - {159C2E51-9823-11D2-8DDC-D84A1B4ACD4D} - C:\Program Files\Crystalys media\cm.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [updmgr] C:\Program Files\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
O9 - Extra button: (no name) - {C1A28978-1075-4850-898A-C2D78892524B} - file://C:\Program Files\MyPoints_Point_Alert\MyPointssPointAlert\MyPointstPointAlert\myptC0.htm (file missing) (HKCU)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...om_bedroom1.xml
O16 - DPF: {3907FEBA-74A6-49C1-A389-B1E076416538} - http://www.topmoxie.com/external/builds/my...mypt800_301.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z.net/content.info.apple...iTunesSetup.exe
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

----------------------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:43:36 PM, 1/5/2006
+ Report-Checksum: 1EDF1297

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000240} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0199DF25-9820-4bd5-9FEE-5A765AB4371E} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D714A94F-123A-45CC-8F03-040BCAF82AD6} -> Spyware.SideStep : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\links.exe -> Trojan.LowZones.df : Cleaned with backup
C:\WINDOWS\SYSTEM32\c39bAs.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\c39bAs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\c39bAs.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\c39bAs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\in9bAs.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\in9bAs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\in9bAs.dll/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\in9bAs.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\biA.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\biA.exe/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\biA.exe/bi.dll -> Trojan.Bispy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\biA.exe/biprep.exe -> Trojan.Bispy.B : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\Program Files\SpywareStrike\SpywareStrike.exe -> Adware.Spyaxe : Cleaned with backup
C:\Downloads\GAMEPACKSMY-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Documents and Settings\Gateway User\Cookies\gateway user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Gateway User\Cookies\gateway user@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Gateway User\Cookies\gateway user@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Gateway User\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-352f55f0-5a673019.class -> Downloader.OpenStream.y : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015506.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015555.exe -> Trojan.LowZones.df : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015557.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015583.exe -> Downloader.Zlob.dx : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015584.exe -> Downloader.Zlob.dw : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015589.exe -> Trojan.Small.ev : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015623.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015626.exe -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015628.dll -> Adware.PSGuard : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015638.dll -> Downloader.SpyAxe : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015646.exe -> Downloader.Small.vu : Cleaned with backup
C:\System Volume Information\_restore{1707E466-32DD-411F-83BF-FE1E732BB931}\RP432\A0015647.exe -> Trojan.Small.ev : Cleaned with backup


::Report End

----------------------------------------------------------------------------------------------------------------


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 01/05/2006
The current time is: 12:35:30.57

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 300 'explorer.exe'
Killing PID 300 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Online Security Guide.url
Online Security Guide.url


~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN!