I've used the Grinler fix as posted here: http://www.bleepingcomputer.com/forums/t/43659/how-to-remove-spyfalcon-removal-instructions/
It does give temporary relief - after performing all steps including the final virus scan it seems as if the problem has gone. Back in normal mode with no sign of Spy Falcon, Panda scan shows nothing and neither do Ad-Aware, Spybot S&D, or Ewido.
Windows Defender/AntiSpyware does show a "Zolob" registry entry for running wininet.dll which I know is related to the various smitfraud bits & pieces. Defender removes it but it will show up again if you restart the machine and scan again.
From the Grinler fix Panda should be fixing this problem, but it sees nothing wrong with wininet.dll. I've replaced wininet.dll with an XP CD expanded copy but that hasn't helped.
I can only assume that something else is creating the wininet.dll reference and causing the program to re-download.
Hijackthis log is clean (I look at many HJT logs). I can post it if you really really want, but you won't find anything.
But SF will re-appear about 24-48 hours later, after visiting no websites at all (as mentioned, it is re-downloading, I've seen netstat -a connections to various websites known to be affiliated with these smitfraud scams).
Ideas? Things I can upload for analysis?