NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  
February 13, 2012, 03:38:08 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: SMF - Just Installed!
 
   Home   Help Search Login Register  

Spy Falcon Problem


AddThis Social Bookmark Button AddThis Feed Button
Pages: [1]
« previous next »
  Print  
Author Topic: Spy Falcon Problem  (Read 2887 times)
alf
Newbie
*
Posts: 4


View Profile
« on: March 21, 2006, 02:33:02 PM »
i have reformatted my computer 3 times and i keep getting this spy falcon spyware application...i have downloaded the hijack this program and have scanned my computer but am clueless on what to delete...please help...

Logfile of HijackThis v1.99.1
Scan saved at 3:24:42 PM, on 3/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\System32\mssearchnet.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\nvctrl.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hpA9F5.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKLM\..\RunOnce: [WMC_RebootCheck] C:\WINDOWS\inf\unregmp2.exe /FixUps
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged
1972vet
Newbie
*
Posts: 47



View Profile
« Reply #1 on: March 21, 2006, 03:32:06 PM »
Download smitRem.exe and save the file to your desktop.
If you cannot access that link, here are alternate links:
smitRem.exe
smitRem.exe
Double click on the file to extract it to its own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download Ewido Anti-Malware trial version.
  • Install Ewido Anti-Malware
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates. Do NOT run a scan yet.


Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below.  If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1)  Run Ad-Aware, and click Check for updates now.
2)  Select Configurations (click the Gear wheel at the top) as follows:
  • General Button > Safety & Settings:  Check (Green) all three.
  • Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run it yet!
 Exit Ad-aware.

Next, please reboot your computer in SafeMode by doing the following:[list=1]
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
    • [/list:o]
    ==================================================
    Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entries:

O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - C:\WINDOWS\System32\hpA9F5.tmp
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h

After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
===================================================
Close Hijackthis.

Then search for and DELETE the following file(s)/folder(s) in Red[/color] IF STILL PRESENT:
C:\WINDOWS\System32\mssearchnet.exe[/color]
C:\WINDOWS\System32\nvctrl.exe[/color]
C:\Program Files\SpyFalcon[/color]\SpyFalcon.exe
C:\WINDOWS\System32\hpA9F5.tmp[/color]
C:\Program Files\Security Toolbar[/color]\Security Toolbar.dll


Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Then select "Settings"
  • Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
  • Select "OK" and you will return to scanning options.
  • Click on Complete System Scan and the scan will begin.

    This scan can take quite a while to run, so please be patient .
  • While the scan is in progress, you will be prompted to clean the first infected file it finds.
  • Choose Clean.
  • Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.  The best place to save it would probably be your Desktop.
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" or "Desktop Uninstall" if present.

Reboot back into your normal Windows user mode and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location (again, your Desktop is probably best).
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log in your next reply.
Let us know if any problems persist.

** It could be possible, after reboot that the system is using the windows classic theme again.
To restore this and set it back to XP-theme, rightclick on your desktop > properties > tab Appearances and choose Windows XP style again under windows and buttons.
Click apply and OK
Logged
alf
Newbie
*
Posts: 4


View Profile
« Reply #2 on: March 21, 2006, 10:45:39 PM »
followed everything...spy falcon still came back... this is what ive got...

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         11:19:38 PM, 3/21/2006
 + Report-Checksum:      7F18E43A

 + Scan result:

   :mozilla.7:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.82:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.126:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.200:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.212:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.222:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.223:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.224:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.225:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.226:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.227:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.244:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.249:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.250:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.251:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.252:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.253:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.255:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.256:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
   :mozilla.257:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.259:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.260:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.271:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.272:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.273:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.274:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.293:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.294:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.295:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.301:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.302:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.303:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.304:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.308:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.311:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
   :mozilla.315:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.316:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.323:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.324:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.325:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.326:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.338:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.342:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.343:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.344:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.345:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.349:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.350:C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   C:\Documents and Settings\Brandon\Cookies\brandon@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup


::Report End



Incident                                                                        Status                        Location                                                                                                                                                                                                                                                        

Spyware:Cookie/RealMedia                                                        Not disinfected               C:\Documents and Settings\Brandon\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\cookies.txt[]                                                                                                                                                      
Spyware:Cookie/Atwola                                                           Not disinfected               C:\Documents and Settings\Brandon\Cookies\brandon@atwola[1].txt                                                                                                                                                                                                
Spyware:Cookie/go                                                               Not disinfected               C:\Documents and Settings\Brandon\Cookies\brandon@go[1].txt                                                                                                                                                                                                    
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Brandon\Desktop\smitRem\Process.exe                                                                                                                                                                                                  
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Brandon\Desktop\smitRem.exe[Process.exe]                                                                                                                                                                                              
Potentially unwanted tool:Application/Processor                                 Not disinfected               C:\Documents and Settings\Brandon\Local Settings\Application Data\Mozilla\Firefox\Profiles\2a4omwcy.default\Cache\0C4879FCd01[Process.exe]                                                                                                                      
Adware:Adware/SpyFalcon                                                         Not disinfected               C:\WINDOWS\system32\ginuerep.dll                                                                                                                                                                                                                                




   smitRem © log file
     version 2.8

     by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 03/21/2006
The current time is: 22:31:06.76

Running from
C:\Documents and Settings\Brandon\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\System32\ginuerep.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!


 checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Online Security Guide.url
Security Troubleshooting.url


 ~~~ Favorites ~~~

Antivirus Test Online.url


 ~~~ system32 folder ~~~

1024 dir
ld****.tmp
ncompat.tlb


 ~~~ Icons in System32 ~~~

ts.ico
ot.ico


 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 672 'explorer.exe'
Killing PID 672 'explorer.exe'
Killing PID 672 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\System32\ginuerep.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~


 ~~~ Wininet.dll ~~~

 CLEAN! Smiley


(new log)

Logfile of HijackThis v1.99.1
Scan saved at 11:41:36 PM, on 3/21/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Program Files\SpyFalcon\SpyFalcon.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged
1972vet
Newbie
*
Posts: 47



View Profile
« Reply #3 on: March 22, 2006, 08:21:27 AM »
You followed the instructions precisely, and you deleted the items in red?
Logged
alf
Newbie
*
Posts: 4


View Profile
« Reply #4 on: March 22, 2006, 12:40:28 PM »
yes...a couple of the red files werent present...like the spyfalcon folder and hpa9f5.tmp...im not getting as much pop ups anymore, but after i completed everything spy falcon re-downloaded again.

i could try to do everything over again, maybe that will fix it...if not and i cant get rid of spy falcon will that program cause my computer to get more spyware or will it just be spy falcon constantly on my comp?
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #5 on: March 23, 2006, 02:01:26 AM »
Hi, alf.

Please do the following:

1. Download the Pocket KillBox utility.

2. Open the folder C:\Program Files\SpyFalcon\SpyFalcon.exe and execute the uninst.exe file, the uninstaller. This will remove the corrupt spyware remover, but not the associated parasite.

3. Delete the entire C:\Program Files\SpyFalcon\SpyFalcon.exe directory.

4. Now restart your system in Safe Mode. This step is very important!

5. Run the smitRem tool once again.

6. Then use Pocket KillBox to delete the following files (if exist):
C:\Windows\System32\dfrgsrv.exe
C:\Windows\System32\dxmpp.dll
C:\Windows\System32\ginuerep.dll

7. After you get done, restart your computer, run a new scan and post a fresh log here.


P.S. Your system is not up-to-date! You have to install Service Pack 2 for Microsoft Windows XP and Service Pack 2 for Microsoft Internet Explorer. Also apply all latest updates and security fixes.
Logged
alf
Newbie
*
Posts: 4


View Profile
« Reply #6 on: March 23, 2006, 12:09:04 PM »
heres my new log...spy falcon hasnt re-installed yet so i assume it has worked...thanks so much...

Logfile of HijackThis v1.99.1
Scan saved at 1:03:48 PM, on 3/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Brandon\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Logged
GTO
Global Moderator
Newbie
*****
Posts: 1519



View Profile
« Reply #7 on: March 23, 2006, 01:43:37 PM »
Hi, alf.

Your last log looks clean to me :wink:.
Logged
Pages: [1]
  Print  
« previous next »
 
Jump to:  




Recommended software:
STOPzilla
(90/100)
STOPzilla is a powerful anti-spyware program that detects, blocks, and removes malicious software allowing users to surf the Web not worrying about spyware, Trojan horses,...
Malwarebytes Anti Malware
(88/100)
There are loads of malware removers on the net today and most of them are lightweight applications, which usually means they’re fast and don’t...
Spyware Doctor
(87/100)
Spyware Doctor is a very powerful, but yet highly user-friendly spyware remover, made by PC Tools, reputable computer security experts. This product provides effective and...
SpyHunter
(86/100)
SpyHunter is a quite simple, but yet highly effective spyware remover with an easy-to-use interface. This program is an excellent choice for users, who are...
XoftSpySE Anti Spyware
(84/100)
XoftSpySE, an anti-spyware program made by ParetoLogic, Inc., is a simple, but effective on-demand scanner with the typical set of functions but very easy to...
Encyclopedia of parasites:

Spreading the knowledge:

It is very hard to fight Computer parasites alone in internet space. If you have a website we would be more than happy if you would help us to spread the knowledge about latest threats. You can help your visitors to manage their Computer system manually without aditional expences. Knowledge is the power, we just need to spread it.
add text box
rss feed
help other
Latest Spyware Threats: Internet Security 2012 | Win 7 Total security 2012 | System Check | Win 7 Internet Security 2012 | Win 7 Home Security 2012 | Win 7 Antivirus 2012 | Win 7 Antispyware 2012 | Vista Security 2012 | Vista Antivirus 2012 | Vista Antispyware 2012 | XP Antispyware 2012 | XP Antivirus 2012 | XP Security 2012 | XP Home Security 2012 | Security Shield
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2011 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.