Please Help me with SPYAXE

[michael464]

Yes some how I recently got some spyware/adware called Spyaxe/SpyTrooper/Spy Sheriff! It took control of my web homepage and changed my wallpaper and had a ton of pop ups! I read one of your preious fourm topics about it and did the safe mode thing, but here is the problem... my wallpaper no longer says Waring Spyware Infected and is now the classic microsoft field piture...YET it won't let me change it to any other picture!!! Also when I go on the internet it now allows my homepage to open (google) but my norton will still pop up everytime and say a program is trying to change my homepage! It says its program C:windows/secure32/paytime.exe! And i recently tryed to set up a new user profile and its internet hompage is controlled still by spy sheriff! PLEASE HELP!

This is the results from ewido:ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:19:09 AM, 12/28/2005
+ Report-Checksum: 7348B83B

+ Scan result:

HKLM\SOFTWARE\aaowier -> Spyware.Blazefind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Windows ServeAd -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-3007510603-504112525-71874402-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@e-2dj6wfkykmczogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@e-2dj6wjkygkdjmcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@e-2dj6wjlyqndjwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@rotator.dex.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Mara\Cookies\mara@thunderbolt.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Michael\Cookies\michael@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Michael\Local Settings\Temp\a.exe -> Downloader.Harnig.ax : Cleaned with backup
C:\Documents and Settings\Mikal\Local Settings\Temp\Cookies\mikal@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mikal\Local Settings\Temp\wu.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temp\ippocpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temp\lnmpcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temp\oins.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temp\plagcpmd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\G9MZ89A3\gdnUS2296[1].exe -> Downloader.Small.ayl : Cleaned with backup
C:\Documents and Settings\Mike\Local Settings\Temporary Internet Files\Content.IE5\KD270LYV\load[1].exe -> Downloader.Harnig.ax : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\159BDAB0-FC34-43C5-9B89-FD2385\DDFBE496-D777-4BD7-9FE0-CDE692 -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2B809041-F242-47DE-A9A0-08D81E\5A800A0A-D0EE-4998-AD25-269D65 -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B8004B3D-7335-4F24-A508-BE2ACB\853E5C41-0C01-49D1-91A0-D6DE4D -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F5B0A7DC-F23A-496B-9186-3E3CB0\B05F31E8-73E2-47BB-9D6F-512C9A -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F94A4C03-1BEF-413E-909A-9E0B39\A58A3F91-C87A-4073-8AEB-1A0C11 -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0084730.exe -> Downloader.Adload.k : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0085719.tlb -> Trojan.Puper.bt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0086717.tlb -> Trojan.Puper.bt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0086732.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0086738.exe -> Downloader.Zlob.dd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0086744.tlb -> Trojan.Puper.bt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0087744.tlb -> Trojan.Puper.bt : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0087751.exe -> Downloader.Zlob.dd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0087763.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0087778.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0087926.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0088022.exe -> Dropper.Mudrop.ao : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0088023.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0089015.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0090015.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP578\A0091014.tlb -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP578\A0091022.exe -> Downloader.Zlob.de : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP578\A0092015.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0092033.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0092043.exe -> Downloader.Zlob.dj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0092052.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP580\A0093057.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0093233.exe -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0093241.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0094240.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0095238.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0096238.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0096250.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0096251.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0096362.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0097271.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0097279.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0098281.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0099280.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0100280.tlb -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0100282.exe -> Downloader.Zlob.dk : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP582\A0100284.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS1402.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\se001.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS1402.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\se001.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS1402.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS1402.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS2296.exe -> Downloader.Small.ayl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\se001.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\xxx_flat.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SexDownloader.cab/HttpDownloader.ocx -> Downloader.Pornet.c : Cleaned with backup
C:\WINDOWS\soft.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned with backup
C:\WINDOWS\SYSTEM32\fran-hot.exe -> Adware.EZula : Cleaned with backup


::Report End

[Corrine]

Hi, michael464. Welcome to Safer Networking Forums. Please see the thread linked below for complete instructions. Be sure to create the preliminary HijackThis log and post it along with the other logs as reply to this topic for a final check.

Thank you.

http://forums.spybot.info/showthread.php?t=1316

[tashi]

Due to lack of a response this topic will be archived.
If you need it re-opened please pm me or one of the forum mods.