Run HijackThis and search the log for these two entries:
O4 - HKLM \. \ Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O23 - Service: Windows Log - Unknown to owner - C:\WINDOWS\system32\nvsvcd.exe
Start -> run -> "services.msc" and click in OK.
look in the services for "Windows Log", right click -> Properties, Startup type Disabled, and Stop it.
Open HijackThis and click Misc Tools -> Delete an NT service.
Delete: "Windows Log" and OK,
DO NOT RESTART.
Reboot into safe mode, (hit F8 repeatedly just before WinXP starts to boot and browse to "C:\WINDOWS\system\" and delete "smss.exe"
Browse to "C:\WINDOWS\system32\" delete "nvsvcd.exe"
Scan with the HijackThis again fix, the above quoted problems.
Close HijackThis and run CCleaner again. This will remove temp files left behind by the malware.
Restart normally. Run HijackThis again and post up the log file here.
Bookmarks