SpyFalcon removal - fixquake.reg

Probably very stupid question, but....
I followed the instructions re SpyFalcon removal, then ran into the following problem.
I copied the files for the fixquake.reg to my notepad and saved it to my desk top. Then rebooted in safe mode. Then, when I double clicked the fixquake.reg file, it opened up as a Microsoft Word file. No how was I able to find where the prompt to "Add in to the registry" was. Help???

 

Do the following:

Start -> Run
type regedit
click 'OK'

Registry Editor will Open
click 'File'
select 'Import Registry File...'
navigate to fixquake.reg
click 'Open'

The rest you all ready know.

 

Thanks Shadow Puter Guy. Your suggestion worked, and I inserted the fixquake.reg file into my registry (I guess).
However, new problem. I did not find a single one of the .dll files I need to rename, i.e. dxmpp.dll, ginuerep.dll, stickrep.dll, etc. I have no idea what to do next. Do I go on anyway, opening the smitRem folder? And what happened to the fixquake.reg file? Anyone have any suggestions? I am lost.
By the way, my computer still seems to be working, so the insertion of the fixquake.reg files at least have not hurt things, so far. Help!!!

 

Just continue with the fix, the files we ask you to look for and deleted aren't always there.

 

Thanks again, Shadow Puter Dude. I did what you suggested. Everything seems ok, except I still get the redrimmed popup re stating that my computer is infected with a virus and I should buy the program from SpyFalcon. Seems the only infection is this pop-up, though. When I ran the rest of the instructions, I found none of the files I was supposed to delete.
Any other suggestions on how to stop this annoying popup? It's really the only thing wrong. It has an icon on the bottom of the screen of a green handicapped sign, with a red circle with a line through it, like a stop sign.

 

OK, something else is going on here.

Do the following:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis

When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too (these scans are covered in steps 6 & 7 of the READ & RUN ME sticky)

• Bitdefender
• Panda Scan
• HijackThis

And attach smitfiles.txt from the SpywareQuake procedure; in additon to the above logs.

 

Hi SPD:
I followed your instructions. Ran the SpyWareQuake& SpyFalcon removal procedure. None of the C:\Windows\System32 files were found. Of the files in section starting with C:\ProgramFiles\AdwareSheriff, the only file I found was the C:\Windows\System32\appmagr.dll. When I went to delete it I got message Cannot delete, access denied.
Attached are all files you requested except the Panda Scan log. The scan ran ok, but the window would only open 25%, and I could not get to the button to request the report. Thanks again for your continued patience with helping me with this.
********
Hmmm, the bdscan.txt won't attach because it's 1.07 MB. What would you like me to do?

 

Zip the bitdefender log and attach it. Your other logs are clean. We'll remove C:\Windows\System32\appmagr.dll after I see what BitDefender found. WIth Panda you're going to have to drag the window around till you find the button.

 

Okee dokee SPD, here is the zipped bdscan and I moved around in the Activescan window as you suggested and got it to work. Thanks again for all your help.

 

Download
- Pocket Killbox
- ExplorerXP

Empty the Symantec Quaratine Folder

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

To flush all your restore points and create a new clean one for your system.

Disable And Enable System Restore

OK, now what is you Antivirus program and BitDefender Finding?

 

Dear SPD:
That cleared everything up. Thank you so much for all your help. I can't thank you enough. caldoc

 

You're welcome.

How to Protect yourself from malware!

Safe surfing.