Results of procedure seem GOOD !! Logs attached
Delighted to say, it seems gone . This process works well. Does take some time though but the penalty of some time versus the trojan ( or whatever it is ) is WELL worth it .
Thanks a bunch !
SmitFraudFix v2.128
Scan done at 10:34:39.02, Wed 12/06/2006
Run from C:\Documents and Settings\Administrator\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f2efa195-4785-4db1-9316-b48c64bb71da}"="blippers"
[HKEY_CLASSES_ROOT\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}\InProcServer32]
@="C:\WINDOWS\system32\xqpauzx.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f2efa195-4785-4db1-9316-b48c64bb71da}\InProcServer32]
@="C:\WINDOWS\system32\xqpauzx.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDOWS\system32\xqpauzx.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\xqpauzx.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\Program Files\Video ActiveX Object\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:28:46 PM 12/6/2006
+ Scan result:
Nothing found.
::Report end
Incident Status Location
Potentially unwanted tool:Application/Service9x Not disinfected C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCJtime.dll
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\antone1@ads.pointroll[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\antone1@go[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Service9x Not disinfected C:\Program Files\Lexmark 8300 Series\Drivers\I386\lxcjtime.dll[C:\Program Files\Lexmark 8300 Series\Drivers\I386\lxcjtime.dll]
Possible Virus. Not disinfected C:\Program Files\mediacodec-v4.588.exe[ecodec.exe]
Potentially unwanted tool:Application/Service9x Not disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_8300_seriesda3d\lxcjtime.dll
Possible Virus. Not disinfected C:\wxpdrive\repos\HOTKEY09\TPISETUP.DLL
Last edited by tetonbob; 12-06-2006 at 08:32 PM.
|