Spy Falcon removal (again)

You did not attach the required logs from step 6 of the READ ME. Please attach them.
You also did not install HJT properly per step 7. Please fix this.

How did you get CWShredder installed as a service?????
O23 - Service: CWShredder Service - InterMute, Inc. - C:\My Downloads\cwshredder.exe

There is no reason why it should be running this way and normal installs do not do this. In fact, there is no install. You just download the program and run it.


Do you have anything installed on this PC related to Prestige Software?

Notice the below that were in your smitfiles.txt log:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}"="Prestige Software"

[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D}\InProcServer32]
@="C:\WINDOWS\system32\ginuerep.dll"

These seem questionable and could be a new form!
Do you see the ginuerp.dll file? Right click on it and get Properties and Version info. Let's see who it belongs to.

 

Okay! Seems my intuition was correct and that file is bad. Let's use a modified fix. Also note that Spy Falcon still seems to be installed.

First, make sure you have followed the steps in this link: How to view hidden, system files & folders!

Now copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixfalcon.reg and then click save. it to your Desktop. We will use it later after a reboot into safe mode.

• Now download smitRem.exe written by noahdfear and save the file to your Desktop.
• Double click on the smitRem.exe file to extract it to it's own folder on the desktop. (this should be the default selection). Do not run the program yet!
• Now you will need to print or save these instructions locally (to a text file on your Desktop) for later reference. This is necessary because you must not have any browers open and must not connect to the internet while following the below steps.
• Now disconnect your cable to the internet (physically unplug it).
• After saving the instructions, reboot into Safe mode
• Now once in safe mode, goto Add/Remove programs and uninstall SpyFalcon.
• Now double-click on the fixfalcon.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.
• Run Windows Explorer by right clicking Start & Select Explore
• Locate the C:\Windows\system32 \dxmpp.dll and right click on it and select delete. If it will not delete now. We will retry later.
• Also locate C:\WINDOWS\system32\ginuerep.dll and delete it too.
• Now open the smitRem folder on your Deskop, double click on it to access the folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish.
• The tool will create a log named smitfiles.txt in the root of the drive that you ran the batch file on, eg; Local Disk C: or partition where your operating system is installed. Upload this file later after reboot.
• Now reboot your system into normal mode.
• If you had any problems deleting the dxmpp.dll or the ginuerep.dll files, try deleting them again now.
• Now also locate the below files and delete them:

C:\WINDOWS\hh.ico
C:\Documents and Settings\Noel Munson\Local Settings\Temp\sa1.exe
C:\Documents and Settings\Noel Munson\Local Settings\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Reece Munson\Local Settings\Temporary Internet Files\Content.IE5\JVR7BDZU\channels_02[1].gif
C:\Documents and Settings\Vanessa Munson\Local Settings\Temporary Internet Files\Content.IE5\2D41SFM3\Installer[1].exe
C:\Documents and Settings\Vanessa Munson\Local Settings\Temporary Internet Files\Content.IE5\KZW9MJKV\Installer[1].exe
C:\Program Files\SpyFalcon <--- the whole folder

• Reconnect your cable to the internet.
• Now attached your smitfiles.txt log to a message and provide information about the steps above and what your current status is with SpyFalcon.

NOTE: You may need to cleanup each user account on this PC as each appear to have problems.

 

Okay so then can I assume you are not having anymore problems?

If you are not having any other malware problems, it is time to go back to step 1 of the READ & RUN ME to Disable System Restore which will flush your Restore Points. Then reboot and enable System Restore to create a new clean Restore Point.

After that, you should work thru the below link:

How to Protect yourself from malware!