Hey guys,

I followed tashi's guide to desktops hijacks, but I'm still having problems. There's a bunch of processes that I have no idea about.

Here's the rapport.txt log:

SmitFraudFix v2.121

Scan done at 16:23:48.28, Wed 11/15/2006
Run from C:\Documents and Settings\Christopher Vincent\Desktop\SmitFraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\System32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\System32\impgsje.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ff170564-36c8-43f7-9100-559e166405cf}"="cussers"

[HKEY_CLASSES_ROOT\CLSID\{ff170564-36c8-43f7-9100-559e166405cf}\InProcServer32]
@="C:\WINDOWS\System32\cfltygd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ff170564-36c8-43f7-9100-559e166405cf}\InProcServer32]
@="C:\WINDOWS\System32\cfltygd.dll"


Killing process


Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\impgsje.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\impgsje.dll -> Deleted

C:\WINDOWS\System32\cfltygd.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\cfltygd.dll -> Deleted


Deleting infected files

C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\migicons.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\drvkup.dll Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\CHRIST~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\CHRIST~1\STARTM~1\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\CHRIST~1\STARTM~1\PROGRAMS\VirusBursters Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End