OK, something very strange. After my previous post and a couple of clicks on news stories from Comcast home page, I ran Spybot to follow up on reimmunizing. I ran S&D first and it found Spyaxe (which is the program associated with the Smitfraud-c virus that started my whole problem to begin with). Spybot "fixed" it but here is an updated Hijack log anyway. Please let me know anything/everything that should be fixed. Additionally, regarding my secure web site access issue, about the time I lost the ability to go to secure web site, I had run the program Spyaxefix. I found this by searching forums like this when I had the original infection. It managed to stop the pop ups and stopped Spyaxe from installing itself. I am attaching a print out of Spyaxefix.bat file that I ran. Can you tell if that could have done something to prevent access to secure web sites?
Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 9:22:03 AM, on 12/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\My Documents\Dan\Adware\Hijack this\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...lion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...lion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...lion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...lion&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.comcast.net/homeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} -
http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} -
http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} -
http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {A526A2C7-723E-4081-BF70-A7A9913E8C4A} (LogData Class) -
http://ipgweb.cce.hp...ads/sysinfo.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: UWCService - Business Logic Corporation - C:\Program Files\blcorp\WCCSC\WCOC\UWCSrvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Here is the SpyAxeFix.bat file:
@echo off
VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO 2000
VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT
VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO win
VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO win
VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO win
echo Unsupported Version
goto end
:NT
color 1F
@echo off
echo.
echo SpyAxe removal tool by noahdfear © 2005
echo.
echo Please quit all programs since this tool will restart your computer.
echo.
echo If SpyAxe is found installed, the SpyAxe uninstaller will start.
echo.
echo Allow it to continue. Close any browser window it may cause to open.
echo.
echo.
pause
echo SpyAxeFix © by noahdfear>>spyaxe1.txt
echo.>>spyaxe1.txt
ver>>spyaxe1.txt
echo. |date |find "current" >>spyaxe1.txt
echo. |time |find "current" >>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe goto cspyaxe
IF NOT EXIST C:\progra~1\spyaxe\uninst.exe goto sys
:cspyaxe
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
process -k spyaxe.exe>>spyaxe1.txt
start C:\progra~1\spyaxe\uninst.exe
goto remove
:sys
IF EXIST %systemdrive%\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto sysspy
IF NOT EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto svc
:sysspy
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
process -k spyaxe.exe>>spyaxe1.txt
start %systemdrive%\progra~1\spyaxe\uninst.exe
echo.>>spyaxe1.txt
goto remove
:remove
cls
echo.
echo.
echo If the SpyAxe uninstaller has completed,
echo.
echo press any key to continue.
echo.
echo.
pause
goto svc
:svc
cls
@echo off
process -k explorer.exe>>spyaxe1.txt
echo.>>spyaxe1.txt
process -k rundll32.exe>>spyaxe1.txt
@echo off
echo REGEDIT4>>fix.reg
echo.>>fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>fix.reg
echo "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"=->>fix.reg
echo "{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"=->>fix.reg
regedit /s fix.reg
del /q fix.reg
@echo off
echo.>>spyaxe1.txt
IF EXIST %systemroot%\system32\svchosts.dll echo svchosts.dll present>>spyaxe1.txt
IF EXIST %systemroot%\system32\1024 echo 1024 directory present>>spyaxe1.txt
IF EXIST %systemroot%\system32\svchosts.dll attrib -r -h %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system32\svchosts.dll del /q %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system32\1024\*.* attrib -r -h %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system32\1024\*.* del /q %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system32\1024 rmdir %systemroot%\system32\1024
IF EXIST C:\progra~1\spyaxe\*.* attrib -r -h C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe\*.* del /q C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe rmdir C:\progra~1\spyaxe
IF EXIST %systemdrive%\progra~1\spyaxe\*.* attrib -r -h %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe\*.* del /q %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe rmdir %systemdrive%\progra~1\spyaxe
cls
echo.
echo.
echo Press any key to continue and complete the fix.
echo.
echo Your computer will restart automatically.
echo.
echo.
pause
@echo off
cls
regedit /a ST.reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
echo.>>spyaxe.txt
type spyaxe1.txt >>spyaxe.txt
echo.>>spyaxe.txt
type ST.reg >>spyaxe.txt
del /q spyaxe1.txt
del /q ST.reg
%systemroot%\system32\shutdown.exe -r -t 10 -c "Restarting to complete the removal"
goto done
:2000
@echo off
echo.
echo SpyAxe removal tool by noahdfear © 2005
echo.
echo Please quit all programs since this tool will restart your computer.
echo.
echo If SpyAxe is found installed, the SpyAxe uninstaller will start.
echo.
echo Allow it to continue. Close any browser window it may cause to open.
echo.
echo.
pause
echo SpyAxeFix © by noahdfear>>spyaxe1.txt
echo.>>spyaxe1.txt
ver>>spyaxe1.txt
echo. |date |find "current" >>spyaxe1.txt
echo. |time |find "current" >>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe goto cspyaxe2
IF NOT EXIST C:\progra~1\spyaxe\uninst.exe goto sys2
:cspyaxe2
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
process -k spyaxe.exe>>spyaxe1.txt
start C:\progra~1\spyaxe\uninst.exe
goto remove2
:sys2
IF EXIST %systemdrive%\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto sysspy2
IF NOT EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto svc2
:sysspy2
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
process -k spyaxe.exe>>spyaxe1.txt
start %systemdrive%\progra~1\spyaxe\uninst.exe
echo.>>spyaxe1.txt
goto remove2
:remove2
cls
echo.
echo.
echo If the SpyAxe uninstaller has completed,
echo.
echo press any key to continue.
echo.
echo.
pause
goto svc2
:svc2
cls
@echo off
process -k explorer.exe>>spyaxe1.txt
echo.>>spyaxe1.txt
process -k rundll32.exe>>spyaxe1.txt
@echo off
echo REGEDIT4>>fix.reg
echo.>>fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>fix.reg
echo "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"=->>fix.reg
echo "{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"=->>fix.reg
regedit /s fix.reg
del /q fix.reg
@echo off
echo.>>spyaxe1.txt
IF EXIST %systemroot%\system32\svchosts.dll echo svchosts.dll present>>spyaxe1.txt
IF EXIST %systemroot%\system32\1024 echo 1024 directory present>>spyaxe1.txt
IF EXIST %systemroot%\system32\svchosts.dll attrib -r -h %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system32\svchosts.dll del /q %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system32\1024\*.* attrib -r -h %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system32\1024\*.* del /q %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system32\1024 rmdir %systemroot%\system32\1024
IF EXIST C:\progra~1\spyaxe\*.* attrib -r -h C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe\*.* del /q C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe rmdir C:\progra~1\spyaxe
IF EXIST %systemdrive%\progra~1\spyaxe\*.* attrib -r -h %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe\*.* del /q %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe rmdir %systemdrive%\progra~1\spyaxe
cls
echo.
echo.
echo Press any key to continue and complete the fix.
echo.
echo Your computer will restart automatically.
echo.
echo Your Active Desktop may need to be restored upon restart.
echo.
echo.
pause
@echo off
cls
regedit /a ST.reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
echo.>>spyaxe.txt
type spyaxe1.txt >>spyaxe.txt
echo.>>spyaxe.txt
type ST.reg >>spyaxe.txt
del /q spyaxe1.txt
del /q ST.reg
shutdown -s reboot -l 10 -m "Restarting to complete the removal"
goto done
:win
@echo off
echo.
echo SpyAxe removal tool by noahdfear © 2005
echo.
echo Please quit all programs since this tool will restart your computer.
echo.
echo If SpyAxe is found installed, the SpyAxe uninstaller will start.
echo.
echo Allow it to continue. Close any browser window it may cause to open.
echo.
echo.
pause
echo SpyAxeFix © by noahdfear>>spyaxe1.txt
echo.>>spyaxe1.txt
ver>>spyaxe1.txt
echo. |date |find "current" >>spyaxe1.txt
echo. |time |find "current" >>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST C:\progra~1\spyaxe\uninst.exe goto cspyaxew
IF NOT EXIST C:\progra~1\spyaxe\uninst.exe goto sysw
:cspyaxew
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
pv -f -k spyaxe.exe
start C:\progra~1\spyaxe\uninst.exe
goto remove
:sysw
IF EXIST %systemdrive%\progra~1\spyaxe echo spyaxe directory present>>spyaxe1.txt
echo.>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe echo spyaxe uninstaller present>>spyaxe1.txt
IF EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto sysspyw
IF NOT EXIST %systemdrive%\progra~1\spyaxe\uninst.exe goto svcw
:sysspyw
echo.>>spyaxe1.txt
echo Starting spyaxe uninstaller>>spyaxe1.txt
pv -f -k spyaxe.exe
start %systemdrive%\progra~1\spyaxe\uninst.exe
echo.>>spyaxe1.txt
goto removew
:removew
cls
echo.
echo.
echo If the SpyAxe uninstaller has completed,
echo.
echo press any key to continue.
echo.
echo.
pause
goto svcw
:svcw
cls
@echo off
pv -f -k Explorer.exe
@echo off
echo REGEDIT4>>fix.reg
echo.>>fix.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]>>fix.reg
echo "{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"=->>fix.reg
echo "{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"=->>fix.reg
regedit.exe /s fix.reg
@echo off
echo.>>spyaxe1.txt
IF EXIST %systemroot%\system\svchosts.dll echo svchosts.dll present>>spyaxe1.txt
IF EXIST %systemroot%\system\1024 echo 1024 directory present>>spyaxe1.txt
IF EXIST %systemroot%\system\svchosts.dll attrib -r -h %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system\svchosts.dll deltree /Y %systemroot%\system32\svchosts.dll
IF EXIST %systemroot%\system\1024\*.* attrib -r -h %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system\1024\*.* deltree /Y %systemroot%\system32\1024\*.*
IF EXIST %systemroot%\system\1024 deltree %systemroot%\system32\1024
IF EXIST C:\progra~1\spyaxe\*.* attrib -r -h C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe\*.* deltree /Y C:\progra~1\spyaxe\*.*
IF EXIST C:\progra~1\spyaxe deltree /Y C:\progra~1\spyaxe
IF EXIST %systemdrive%\progra~1\spyaxe\*.* attrib -r -h %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe\*.* deltree /Y %systemdrive%\progra~1\spyaxe\*.*
IF EXIST %systemdrive%\progra~1\spyaxe deltree /Y %systemdrive%\progra~1\spyaxe
cls
echo.
echo.
echo Press any key to continue and complete the fix.
echo Your computer will restart automatically.
echo.
echo.
pause
@echo off
cls
regedit.exe /e ST.reg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
echo.>>spyaxe.txt
type spyaxe1.txt >>spyaxe.txt
echo.>>spyaxe.txt
type ST.reg >>spyaxe.txt
deltree /Y spyaxe1.txt
deltree /Y ST.reg
deltree /Y fix.reg
START C:\WINDOWS\RUNDLL.EXE user.exe,exitwindowsexec
goto done
:end
cls
@echo off
echo.
echo Sorry, this tool cannot be run on your system.
echo.
echo Press any key to close this window.
echo.
pause
GOTO done
:done
cls
@echo off
REM copyright 2005 Dave "noahdfear" Fear
[email protected]REM SpyAxeFix © by noahdfear
cls
EXIT[b]