Hey guys,

I followed tashi's guide to desktops hijacks, but I'm still having problems. There's a bunch of processes that I have no idea about.

Here's the rapport.txt log:

SmitFraudFix v2.121

Scan done at 16:23:48.28, Wed 11/15/2006
Run from C:\Documents and Settings\Christopher Vincent\Desktop\SmitFraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}"="archenteric"

[HKEY_CLASSES_ROOT\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\System32\impgsje.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d7bdd42a-7e69-4bb8-aac3-d76ff65a3aa3}\InProcServer32]
@="C:\WINDOWS\System32\impgsje.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ff170564-36c8-43f7-9100-559e166405cf}"="cussers"

[HKEY_CLASSES_ROOT\CLSID\{ff170564-36c8-43f7-9100-559e166405cf}\InProcServer32]
@="C:\WINDOWS\System32\cfltygd.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{ff170564-36c8-43f7-9100-559e166405cf}\InProcServer32]
@="C:\WINDOWS\System32\cfltygd.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\impgsje.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\impgsje.dll -> Deleted

C:\WINDOWS\System32\cfltygd.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\cfltygd.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\a.exe Deleted
C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\migicons.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\drvkup.dll Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\CHRIST~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\CHRIST~1\STARTM~1\VirusBursters 6.2.lnk Deleted
C:\DOCUME~1\CHRIST~1\STARTM~1\PROGRAMS\VirusBursters Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End