Spy Falcon removal

Question

Ghostrider007 0 Newbie Poster

17 Years Ago

Seems my problem is spyfalcon, after repeated attempts to rid my system of it using informaton from other sites, it is still with me. I did a search here for this pest and found nothing. Is there anyone who knows how to remove this? here is my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 5:19:03 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BigFix\BigFix.exe
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120275059031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803067828
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

windows-virus

5 Contributors
12 Replies
359 Views
3 Weeks Discussion Span
Latest Post 17 Years Ago Latest Post by Kn10

All 12 Replies

tayspen 28 <Insert title here>

17 Years Ago

Not seeing it in your log, but if you think you have it.

http://www.bleepingcomputer.com/forums/topic43659.html

'Stein 150 Lapsed Skeptic

17 Years Ago

Hmm let's do this to determine whether ya have it or not.

Let's begin by downloading
SmitfraudFix. Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer, so it will take some time to run. When done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Now, post this log back to us.

Thanks.

'Stein 150 Lapsed Skeptic

17 Years Ago

Hmm good. It was there, and was found.

A couple things.

Was that the log that came up from ONLY using option 1?

If so, do the same thing, except run option 2 (type '2' instead of '1')

If ya already ran option 2, stay put.

________

Ok, after doing that, run HJT again and post a new log back here.

Thanks.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Ghostrider007 0 Newbie Poster · Answer 1 · 2006-05-11T09:04:47+00:00

I can not say for sure, that I do . I do have a repetative popup that says
"YOUR COMPUTER IS INFECTED
Critical syatem error
System detected virus activities
They may cause critical system failure
Please use antimalware software
to clean and protect your
system from parasite programs
Click here to get all available
software"

If you click on this balloon it directs me to http://www.spyfalcon.com/?aff=259
so that I may purchase software.

Ghostrider007 0 Newbie Poster · Answer 2 · 2006-05-11T09:05:34+00:00

I have run here are the logs

SmitFraudFix v2.42
Scan done at 13:37:56.15, Wed 05/10/2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End

SmitFraudFix v2.42
Scan done at 13:37:56.15, Wed 05/10/2006
Run from C:\unzipped\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp????.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\Security Toolbar\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End

Ghostrider007 0 Newbie Poster · Answer 3 · 2006-05-11T09:42:27+00:00

Option 2 log

SmitFraudFix v2.42
Scan done at 22:39:37.42, Wed 05/10/2006
Run from C:\Documents and Settings\Owner\My Documents\SmitfraudFix\SmitfraudFix\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 10:42:11 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120275059031
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134803067828
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by106fd.bay106.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Ghostrider007 0 Newbie Poster · Answer 4 · 2006-05-11T20:39:27+00:00

This is the tray icon that flash's and produces the warning message balloon.[IMG]http://i37.photobucket.com/albums/e76/TexasHats/spyfalcontrayicon.jpg[/IMG]

Ghostrider007 0 Newbie Poster · Answer 5 · 2006-05-12T01:37:02+00:00

Here is the support log from SpyHunter. It will not remove anything until purchased.

###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = bd7fb0957c716f1a60333aee04de2178
processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 01c3346c241652f43aed8e2149881bfe
processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = c6ce6eec82f187615d1002bb3bb50ed4
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = 84885f9b82f4d55c6146ebf6065d75d2
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = BRSVC01A.EXE File Size = 57344 File Path = C:\WINDOWS\system32\brsvc01a.exe ModuleMD5 = d3facb34fff5db91adb70987838f8ba7
processName = BRSS01A.EXE File Size = 45056 File Path = C:\WINDOWS\system32\brss01a.exe ModuleMD5 = 9e646cd378d4d0c996baf9bcb18237c7
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = 7435b108b935e42ea92ca94f59c8e717
processName = AVGAMSVR.EXE File Size = 330291 File Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe ModuleMD5 = 9023309e63e3c808a359835460288264
processName = AVGUPSVC.EXE File Size = 39987 File Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe ModuleMD5 = 0c07536704f29608e79a3561eb5f1039
processName = AVGEMC.EXE File Size = 233524 File Path = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe ModuleMD5 = 4e4f6991561a78186f18f26dff3b7b5a
processName = BRMFRMPS.EXE File Size = 65536 File Path = C:\WINDOWS\system32\Brmfrmps.exe ModuleMD5 = bb192385661daf7f3d48b586f6e1d166
processName = EWIDOCTRL.EXE File Size = 13888 File Path = C:\Program Files\ewido anti-malware\ewidoctrl.exe ModuleMD5 = 26830b750372ab1bf29c95deebeb802f
processName = EWIDOGUARD.EXE File Size = 151616 File Path = C:\Program Files\ewido anti-malware\ewidoguard.exe ModuleMD5 = 34a50717ad686900f078f5208f8e908e
processName = INCDSRV.EXE File Size = 786484 File Path = C:\Program Files\Ahead\InCD\InCDsrv.exe ModuleMD5 = 3c8132016ae9e9806fba2c9cf7fff96c
processName = APPSERVICES.EXE File Size = 73728 File Path = C:\PROGRA~1\Iomega\System32\AppServices.exe ModuleMD5 = 19ef7fb809d3073ee60f85464e9c4c51
processName = PRISMXL.SYS File Size = 172032 File Path = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS ModuleMD5 = 33d7285f12d934268a34206dfc4ad1b3
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 8f078ae4ed187aaabc0a305146de6716
processName = ADSERVICE.EXE File Size = 151552 File Path = C:\Program Files\Iomega\AutoDisk\ADService.exe ModuleMD5 = b624180218bb196ad9869d5d6b454318
processName = EXPLORER.EXE File Size = 1032192 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = a0732187050030ae399b241436565e64
processName = ZHOTKEY.EXE File Size = 543232 File Path = C:\WINDOWS\zHotkey.exe ModuleMD5 = 91e1b0577d9662aa0a83c75418f6f6f8
processName = VTTIMER.EXE File Size = 49152 File Path = C:\WINDOWS\system32\VTTimer.exe ModuleMD5 = bd269c5110be4b6d2194a3a40a3263c1
processName = VTTRAYP.EXE File Size = 143360 File Path = C:\WINDOWS\system32\VTtrayp.exe ModuleMD5 = 9759ed291c0119f9c58b740bdb5dbb58
processName = SOUNDMAN.EXE File Size = 67584 File Path = C:\WINDOWS\SOUNDMAN.EXE ModuleMD5 = 77abdf73d9d90144a4e1f3a030ea042f
processName = PDVDSERV.EXE File Size = 32768 File Path = C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe ModuleMD5 = 915a106a2fb87292cef0ad4f36adf313
processName = SHWICONEM.EXE File Size = 135168 File Path = C:\Program Files\Digital Media Reader\shwiconem.exe ModuleMD5 = 3b9723245419456c846f140dc148bf9f
processName = ADUSERMON.EXE File Size = 147456 File Path = C:\Program Files\Iomega\AutoDisk\ADUserMon.exe ModuleMD5 = d6e82206798f57521805bbb46d79c3a8
processName = IMGICON.EXE File Size = 86016 File Path = C:\Program Files\Iomega\DriveIcons\ImgIcon.exe ModuleMD5 = 8bb8b8d1150c344586c46752953c2da6
processName = PPTD40NT.EXE File Size = 57393 File Path = C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe ModuleMD5 = 631376a55da14c8bf2cf38d1543a15a2
processName = BRCTRCEN.EXE File Size = 851968 File Path = C:\Program Files\Brother\ControlCenter2\brctrcen.exe ModuleMD5 = 7c280ebdf43724636289d50cf26f2ab0
processName = INCD.EXE File Size = 1155122 File Path = C:\Program Files\Ahead\InCD\InCD.exe ModuleMD5 = a000996432c5e59b7eff4fc3538be17a
processName = DRGTODSC.EXE File Size = 1179648 File Path = C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe ModuleMD5 = f1278019ebbf962bf19430056c099c83
processName = WINAMPA.EXE File Size = 33792 File Path = C:\Program Files\Winamp\winampa.exe ModuleMD5 = 11aa6662a1be30375afd1a8407811e7e
processName = AVGCC.EXE File Size = 347695 File Path = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe ModuleMD5 = 849ce18226be5645f47d8079b07f162f
processName = GCASSERV.EXE File Size = 473928 File Path = C:\Program Files\Microsoft AntiSpyware\gcasServ.exe ModuleMD5 = e8177b5150cab1509d2e9807c3f6366c
processName = GCASDTSERV.EXE File Size = 756552 File Path = C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe ModuleMD5 = 6287bd6d1ce9ce18ea02908bf415bcb0
processName = MSMSGS.EXE File Size = 1694208 File Path = C:\Program Files\Messenger\msmsgs.exe ModuleMD5 = 74e6e96c6f0e2eca4edbb7f7a468f259
processName = SWDOCTOR.EXE File Size = 1466368 File Path = C:\Program Files\Spyware Doctor\swdoctor.exe ModuleMD5 = 41762e6e039f8b581f514f5931ad7e5c
processName = BIGFIX.EXE File Size = 1742384 File Path = C:\Program Files\BigFix\BigFix.exe ModuleMD5 = 3802278fed9e3594b4bc3377ff0cff3b
processName = IEXPLORE.EXE File Size = 93184 File Path = C:\Program Files\Internet Explorer\IEXPLORE.EXE ModuleMD5 = e7484514c0464642be7b4dc2689354c8
processName = SPYHUNTER.EXE File Size = 2469888 File Path = C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = b0966fa7fbc70d83e6bdbf7257247bff
###########################REGISTRY MD5 DATA###########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=Recguard Data=C:\WINDOWS\SMINST\RECGUARD.EXE FileSize = 212992 MD5=d3cc7a3813123e955b3a497c04b404e2
Name=CHotkey Data=zHotkey.exe FileSize = 543232 MD5=
Name=VTTimer Data=VTTimer.exe FileSize = 49152 MD5=
Name=VTTrayp Data=VTtrayp.exe FileSize = 143360 MD5=
Name=NeroFilterCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=3e4c03cefad8de135263236b61a49c90
Name=SoundMan Data=SOUNDMAN.EXE FileSize = 67584 MD5=
Name=QuickTime Task Data="C:\Program Files\QuickTime\qttask.exe" -atboottime FileSize = 98304 MD5=c341ccfbe98bc7df6e0b856bb9fc265a
Name=RemoteControl Data="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" FileSize = 32768 MD5=915a106a2fb87292cef0ad4f36adf313
Name=SunKistEM Data=C:\Program Files\Digital Media Reader\shwiconem.exe FileSize = 135168 MD5=3b9723245419456c846f140dc148bf9f
Name=ADUserMon Data=C:\Program Files\Iomega\AutoDisk\ADUserMon.exe FileSize = 147456 MD5=d6e82206798f57521805bbb46d79c3a8
Name=Iomega Drive Icons Data=C:\Program Files\Iomega\DriveIcons\ImgIcon.exe FileSize = 86016 MD5=8bb8b8d1150c344586c46752953c2da6
Name=Deskup Data=C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART FileSize = 32768 MD5=68ebc55f843bd47a2eb30fc95cfd55e5
Name=SSBkgdUpdate Data="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot FileSize = 155648 MD5=1c3ca3e7807f915933bb4e08e599ddab
Name=PaperPort PTD Data=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe FileSize = 57393 MD5=631376a55da14c8bf2cf38d1543a15a2
Name=IndexSearch Data=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe FileSize = 40960 MD5=3e29e032f022a9044c3ac463d682f8a3
Name=SetDefPrt Data=C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe FileSize = 49152 MD5=129b277c10339efe2907834e9295d16d
Name=ControlCenter2.0 Data=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun FileSize = 851968 MD5=7c280ebdf43724636289d50cf26f2ab0
Name=NeroCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=3e4c03cefad8de135263236b61a49c90
Name=InCD Data=C:\Program Files\Ahead\InCD\InCD.exe FileSize = 1155122 MD5=a000996432c5e59b7eff4fc3538be17a
Name=RoxioDragToDisc Data="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" FileSize = 1179648 MD5=f1278019ebbf962bf19430056c099c83
Name=WinampAgent Data="C:\Program Files\Winamp\winampa.exe" FileSize = 33792 MD5=11aa6662a1be30375afd1a8407811e7e
Name=AVG7_CC Data=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP FileSize = 347695 MD5=849ce18226be5645f47d8079b07f162f
Name=gcasServ Data="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" FileSize = 473928 MD5=e8177b5150cab1509d2e9807c3f6366c
Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2469888 MD5=b0966fa7fbc70d83e6bdbf7257247bff
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=MSMSGS Data="C:\Program Files\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259
Name=TClockEx Data=C:\Program Files\TClockEx\TCLOCKEX.EXE FileSize = 75264 MD5=f491bc9a16205e841784b59c3fe02568
Name=Spyware Doctor Data="C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
FileSize = 1466368 MD5=41762e6e039f8b581f514f5931ad7e5c
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=AVG7_Run Data=C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
FileSize = 77870 MD5=e5f47c7d685eabcfbf3ded53bf31a3ac
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
#############################FILE MD5 DATA#############################
<C:\Documents and Settings\Owner\Start Menu\Programs\Startup>
File Path = C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
#############################SERVICES DATA#############################
Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = f1958fbf86d5c004cf19a5951a9514b7
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Avg7Alrt Service Display Name = AVG7 Alert Manager Server Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe Binary Size = 330291 Binary MD5 = 9023309e63e3c808a359835460288264
Service Name = Avg7UpdSvc Service Display Name = AVG7 Update Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe Binary Size = 39987 Binary MD5 = 0c07536704f29608e79a3561eb5f1039
Service Name = AVGEMS Service Display Name = AVG E-mail Scanner Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\PROGRA~1\Grisoft\AVG7\avgemc.exe Binary Size = 233524 Binary MD5 = 4e4f6991561a78186f18f26dff3b7b5a
Service Name = brmfrmps Service Display Name = Brother Popup Suspend service for Resource manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\WINDOWS\system32\Brmfrmps.exe" -service Binary Size = 0 Binary MD5 =
Service Name = Brother XP spl Service Service Display Name = BrSplService Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\brsvc01a.exe Binary Size = 57344 Binary MD5 = d3facb34fff5db91adb70987838f8ba7
Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ewido security suite control Service Display Name = ewido security suite control Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\Program Files\ewido anti-malware\ewidoctrl.exe Binary Size = 13888 Binary MD5 = 26830b750372ab1bf29c95deebeb802f
Service Name = ewido security suite guard Service Display Name = ewido security suite guard Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\Program Files\ewido anti-malware\ewidoguard.exe Binary Size = 151616 Binary MD5 = 34a50717ad686900f078f5208f8e908e
Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = InCDsrv Service Display Name = InCD File System Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\Program Files\Ahead\InCD\InCDsrv.exe Binary Size = 786484 Binary MD5 = 3c8132016ae9e9806fba2c9cf7fff96c
Service Name = Iomega App Services Service Display Name = Iomega App Services Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\PROGRA~1\Iomega\System32\AppServices.exe" Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = c6ce6eec82f187615d1002bb3bb50ed4
Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = PrismXL Service Display Name = PrismXL Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS Binary Size = 172032 Binary MD5 = 33d7285f12d934268a34206dfc4ad1b3
Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = 84885f9b82f4d55c6146ebf6065d75d2
Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Secondary Logon Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = 7435b108b935e42ea92ca94f59c8e717
Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = Windows Image Acquisition (WIA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = UMWdf Service Display Name = Windows User Mode Driver Framework Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\wdfmgr.exe Binary Size = 38912 Binary MD5 = c81b8635dee0d3ef5f64b3dd643023a5
Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Automatic Updates Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = _IOMEGA_ACTIVE_DISK_SERVICE_ Service Display Name = Iomega Active Disk Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program Files\Iomega\AutoDisk\ADService.exe" Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 597504 File MD5 = efc958396a7a7ef7e6d4a52b97512e18
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = cad4aa32e7eca00c23cc39c0eb833f9d
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = 587729679b4fe04ce06a5c61d6c56dcd
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 20992 File MD5 = d636fa41e50671160d838ea2dace3330
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 92672 File MD5 = a599e5e366c1408e48aa5d37882d4e3e
##########################BROWSER ADD-ON DATA##########################
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a
CLSID = {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} FilePath = C:\WINDOWS\system32\Shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
CLSID = {53707962-6F74-2D53-2644-206D7942484F} FilePath = C:\PROGRA~1\SPYBOT~1\SDHelper.dll File Size = 853672 File MD5 = 250d787a5712d7768ddc133b3e477759
CLSID = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} FilePath = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll File Size = 272384 File MD5 = bd4d7feea076da052cee6797b380d19d
CLSID = {B56A7D7D-6927-48C8-A975-17DF180C71AC} FilePath = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll File Size = 274432 File MD5 = 5bb9e9b13394d06702ca94820d5a3522
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
CLSID = {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\shdocvw.dll File Size = 1483776 File MD5 = b8523c2149d8eda89d116aa90423155a Description =
##########################LSP CHAIN DATA##########################
<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = 90491683abd587c702b16f181ab0d99d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 245248 File MD5 = 4e74af063c3271fbea20dd940cfd1184
##########################UNINSTALL DATA##########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Active Disk DisplayName = Active Disk
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-Aware SE Personal DisplayName = Ad-Aware SE Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ADS Tech Master Installer V3.0 DisplayName = ADS Tech Master Installer V3.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ADS Tech V3.1 DVD Xpress CapWiz DisplayName = ADS Tech V3.1 DVD Xpress CapWiz
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AmazingMIDI DisplayName = AmazingMIDI
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\America Online us DisplayName = America Online (Choose which version to remove)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Audacity_is1 DisplayName = Audacity 1.2.3 InstallLocation = C:\Program Files\Audacity\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall DisplayName = AVG Anti-Virus 7.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BigFix DisplayName = BigFix
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner DisplayName = CCleaner (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1 DisplayName = SoftV92 Data Fax Modem with SmartCP
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Coding Workshop Ringtone Converter DisplayName = Coding Workshop Ringtone Converter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Shrink_is1 DisplayName = DVD Shrink 3.2 InstallLocation = C:\Program Files\DVD Shrink\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantimalware DisplayName = ewido anti-malware InstallLocation = C:\Program Files\ewido anti-malware
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ImageConverter Basic DisplayName = ImageConverter Basic
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ImageForge version 3.60_is1 DisplayName = ImageForge version 3.60
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InCD!UninstallKey DisplayName = Ahead InCD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield Uninstall Information
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} DisplayName = Digital Media Reader InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InterActual Player DisplayName = InterActual Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IomegaWare DisplayName = IomegaWare 4.0.2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IrfanView DisplayName = IrfanView (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873333 DisplayName = Windows XP Hotfix - KB873333
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB883939 DisplayName = Security Update for Windows XP (KB883939)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885250 DisplayName = Windows XP Hotfix - KB885250
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887742 DisplayName = Windows XP Hotfix - KB887742
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887797 DisplayName = Windows XP Hotfix - KB887797
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888113 DisplayName = Windows XP Hotfix - KB888113
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Security Update for Windows XP (KB890046)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890175 DisplayName = Windows XP Hotfix - KB890175
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893066 DisplayName = Security Update for Windows XP (KB893066)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893086 DisplayName = Windows XP Hotfix - KB893086
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB894391 DisplayName = Update for Windows XP (KB894391)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Security Update for Windows XP (KB896358)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896422 DisplayName = Security Update for Windows XP (KB896422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Security Update for Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Security Update for Windows XP (KB896428)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Update for Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899588 DisplayName = Security Update for Windows XP (KB899588)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Security Update for Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB903235 DisplayName = Security Update for Windows XP (KB903235)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Security Update for Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LimeWire DisplayName = LimeWire 4.9.30
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M886903 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB886903)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Media-Codec DisplayName = Media-Codec 4.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MGI_PRISM_V1_0 DisplayName = MGI PhotoSuite II (Remove Only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Money2005b DisplayName = Microsoft Money 2005
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSNINST DisplayName = MSN
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey DisplayName = Ahead Nero Burning ROM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero BurnRights!UninstallKey DisplayName = Nero BurnRights
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NeroMediaHome!UninstallKey DisplayName = Nero MediaHome CE
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NeroRecode!UninstallKey DisplayName = Nero Recode CE
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NeroShowTime!UninstallKey DisplayName = Nero ShowTime CE
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NeroVision!UninstallKey DisplayName = Ahead NeroVision Express
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NMIX!UninstallKey DisplayName = Ahead NeroMIX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Port Magic DisplayName = Pure Networks Port Magic InstallLocation = C:\PROGRA~1\PURENE~1\PORTMA~1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PrintKey2000 DisplayName = PrintKey2000
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\RealPlayer 6.0 DisplayName = RealPlayer Basic
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Registry Mechanic_is1 DisplayName = Registry Mechanic 5.0 InstallLocation = C:\Program Files\Registry Mechanic\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ringtone Converter DisplayName = Ringtone Converter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3 DisplayName = UniChrome Pro IGP Display Driver and Utilities
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Macromedia Flash Player 8
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spybot - Search & Destroy_is1 DisplayName = Spybot - Search & Destroy 1.4 InstallLocation = C:\Program Files\Spybot - Search & Destroy\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Spyware Doctor_is1 DisplayName = Spyware Doctor 3.1 InstallLocation = C:\Program Files\Spyware Doctor\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ST6UNST #1 DisplayName = Ringtone Converter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\StaffFTPv DisplayName = Staff-FTP v2.80
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\StreetPlugin DisplayName = Learn2 Player (Uninstall Only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer DisplayName = Viewpoint Media Player
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTConfig3D DisplayName = S3 S3Config3D
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTDisplay DisplayName = S3 S3Display
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTGamma2 DisplayName = S3 S3Gamma2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTInfo2 DisplayName = S3 S3Info2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTOverlay DisplayName = S3 S3Overlay
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTRefreshLock DisplayName = S3 S3RefreshLock
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VTTrayPlus DisplayName = S3 S3TrayPlus
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp DisplayName = Winamp (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Connect DisplayName = Windows Media Connect
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime DisplayName = Windows Media Format Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player DisplayName = Windows Media Player 10
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip DisplayName = WinZip InstallLocation = C:\PROGRA~1\WINZIP\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} DisplayName = Google Toolbar for Internet Explorer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{40A6C96D-808E-41DD-8716-617AB6B0F1F1} DisplayName = Brother MFL-Pro Suite InstallLocation = C:\Program Files\Brother\Brmfl04a
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} DisplayName = Microsoft Works InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{536F7C74-844B-4683-B0C5-EA39E19A6FE3} DisplayName = Microsoft AntiSpyware InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} DisplayName = PowerDVD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{7148F0A8-6813-11D6-A77B-00B0D0142000} DisplayName = Java 2 Runtime Environment, SE v1.4.2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0} DisplayName = Ulead VideoStudio 7 SE DVD InstallLocation = C:\Program Files\Ulead Systems\Ulead VideoStudio 7 SE DVD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{76EFFC7C-17A6-479D-9E47-8E658C1695AE} DisplayName = Windows Backup Utility InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1} DisplayName = Digital Media Reader InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A42F680-2DD6-11D4-9A8C-0040F6982C20} InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{94FB906A-CF42-4128-A509-D353026A607E} DisplayName = REALTEK Gigabit and Fast Ethernet NIC Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A17EABB6-D0C6-44E5-820C-72DC7F495064} DisplayName = PaperPort InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2529672-574A-4A99-86A5-C1770A0E31FE} InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A70000000000} DisplayName = Adobe Reader 7.0 InstallLocation = C:\Program Files\Adobe\Acrobat 7.0\Reader\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} DisplayName = Microsoft .NET Framework 1.1 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB4544EA-C189-41FE-9E3A-76591DDB852B} DisplayName = Roxio Easy Media Creator 7 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} DisplayName = Windows Media Connect InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB08F381-6533-4108-B7DD-039E11FBC27E} DisplayName = Realtek AC'97 Audio
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} DisplayName = HighMAT Extension to Microsoft Windows XP CD Writing Wizard InstallLocation = C:\Program Files\HighMAT CD Writing Wizard\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{FF262740-C85A-11D5-BBEC-00D0B740900A} DisplayName = Multimedia Keyboard Driver

TiJay 1 Junior Poster in Training · Answer 6 · 2006-05-12T02:14:32+00:00

Did you notice what Jhey and Tayspen said before you posted that? It may be more simple than walking you through searching for files through your harddrives, and risking you playing deep in the registry, which I am not willing to suggest until we gather it is the last possible solution. (it's possible to cause more problems than fix, if you aren't 100% confedent in the editor)

Ghostrider007 0 Newbie Poster · Answer 7 · 2006-05-12T02:24:20+00:00

All SpyHunter found were some cookie files, I have my doubts that is the problem. I could be wrong.

'Stein 150 Lapsed Skeptic Team Colleague · Answer 8 · 2006-05-12T10:13:59+00:00

Hmmm, well the HJT log is clean, and it seems that SFF took out all the infected folders. However, there still a possiblity of it.

1) Open Ewido, update full definitions, and run a full scan in safe mode, saving the log.

2) We're gonna run CCleaner:

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Now, we're gonna use Adaware:

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.

Download Ad-Aware SE Personal 1.06:
- Download Ad-Aware SE Personal.
- Save aawsepersonal.exe to a convenient location (eg. the Desktop).
Install Ad-Aware SE Personal
- Double-click on aawsepersonal.exe to install the program.
- Follow the default settings for installation.
- After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
Update Ad-Aware SE Personal
- Double-click the Ad-Aware SE Personal icon on your Desktop.
- Click "Check for updates now" then click "Connect".
- It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
Configure Ad-Aware SE Personal
- Click on the Gear button at the top of the window.
- Click "General" on the left hand side to display the General Settings box.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Automatically save logfile"
    - "Automatically quarantine objects prior to removal"
    - "Safe Mode (always request confirmation)"
    - "Prompt to update outdated definitions" - change to 7 days from the default 14.
- Click "Scanning" on the left hand side to display the Scan Settings box.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Scan within archives"
    - "Select drives & folders to scan" - select your hard drive(s).
    - "Scan active processes"
    - "Scan registry"
    - "Deep-scan registry"
    - "Scan my IE favorites for banned URLs"
    - "Scan my Hosts file"
- Click "Advanced" on the left hand side to display the Advanced Settings box.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Move deleted files to Recycle Bin"
    - "Include additional object information"
    - "Include negligible objects information"
    - "Include environment information"
- Click "Defaults" on the left hand side to display the Default Settings box.
  - Make sure the following items have your preferred settings in them.:
    - "Default homepage"
    - "Default searchpage"
- Click "Tweak" on the left hand side to display the Tweak Settings box.
  - Click the + (plus) sign next to the Log Files section. This will expand the section.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Include basic Ad-Aware settings in log file"
    - "Include additional Ad-Aware settings in log file"
    - "Include reference summary in log file"
    - "Include alternate data stream details in log file"
  - Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Unload recognized processes & modules during scan"
    - "Scan registry for all users instead of current user only"
    - "Obtain command line of scanned processes"
  - Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
  - Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    - "Always try to unload modules before deletion"
    - "During removal, unload Explorer and IE if necessary"
    - "Let Windows remove files in use at next reboot"
    - "Delete quarantined objects after restoring"
- Once you are done with these settings, click "Proceed" to save them.
- This will take you back to the main screen.
Run Ad-Aware SE Personal
- Click the "Start" button.
- Uncheck the "Search for negligible risk entries" entry.
- Choose the "Use custom scanning options" scan mode.
- Click the "Next" button.
- Ad-Aware will begin to scan for malware residing on your computer.
- Allow the scan to finish.
- Right-click on any entry in the list and click "Select All" to select the whole list.
- Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

Lastly, restart the computer and post back here with the Ewido scan log, and a new HJT log.

Thanks.

Kn10 0 Light Poster · Answer 9 · 2006-06-01T08:56:13+00:00

Some good instructions here if all the previous ones have failed:
http://www.technibble.com/how-to-remove-spyfalcon/

Hope it helps.

Spy Falcon removal

Recommended Answers Collapse Answers

All 12 Replies

Recommended Answers