Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

smit.fraud

Started by drog , Apr 26 2005 06:28 AM

  • Please log in to reply

#1
drog
Posted 26 April 2005 - 06:28 AM

drog

    New Member

  • Member
  • Pip
  • 2 posts
My computer has had a blue screen with a warning about at trojan-spy smit.fraud creating a IE fatal error. I am presuming IE is Explorer. I have run ad-aware, spybot, Aol, Mcafee and nothing works. My log from HijackThis is below. Please help and explain how I can avoid this happening again. ;) and :tazz: thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 8:35:23 AM, on 4/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\winnt\system32\gdlnwo.exe
C:\wp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\PROGRA~1\COMMON~1\AOL\111061~1\EE\AOLHOS~1.EXE
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\Palm\HOTSYNC.EXE
C:\PROGRA~1\COMMON~1\AOL\111061~1\EE\AOLServiceHost.exe
C:\winnt\system32\calc.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\America Online 9.0\waol.exe
C:\Documents and Settings\Dell\Desktop\0DE34HUJ\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo
O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {BCDA3A15-4411-FF47-C6CD-1A5CE4A3C5F6} - C:\WINNT\system32\sysrh32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110610322\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [gdlnwo] c:\winnt\system32\gdlnwo.exe
O4 - HKCU\..\Run: [SPntnt] C:\WINNT\SPntnt.exe
O4 - HKCU\..\Run: [SPsy] C:\WINNT\SPsy.exe
O4 - HKCU\..\Run: [s-64SP] C:\WINNT\s-64SP.exe
O4 - HKCU\..\Run: [s-syhhSP] C:\WINNT\s-syhhSP.exe
O4 - HKCU\..\Run: [s-s-nt] C:\WINNT\s-s-nt.exe
O4 - HKCU\..\Run: [646432sy32] C:\WINNT\system32\646432sy32.exe
O4 - HKCU\..\Run: [sy32PEms32] C:\WINNT\sy32PEms32.exe
O4 - HKCU\..\Run: [SPmsPESPsy] C:\WINNT\SPmsPESPsy.exe
O4 - HKCU\..\Run: [PEnthh] C:\WINNT\system32\PEnthh.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {75503A94-27D1-48EA-BAD1-B3F047757D50} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {75503A94-27D1-48EA-BAD1-B3F047757D50} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\oyqlplhh.exe
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downlo...ACCESS_1057.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O19 - User stylesheet: (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINNT\system32\mfcgc.exe (file missing)
  • 0

Advertisements

#2
Metallica
Posted 03 May 2005 - 03:58 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Reboot and post a new HijackThis log.

Regards,
  • 0

#3
drog
Posted 03 May 2005 - 09:18 PM

drog

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:24:00 PM, on 5/3/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\winnt\system32\gdlnwo.exe
C:\PROGRA~1\COMMON~1\AOL\111061~1\EE\AOLHOS~1.EXE
C:\wp.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\winnt\system32\calc.exe
C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
C:\PROGRA~1\COMMON~1\AOL\111061~1\EE\AOLServiceHost.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Dell\Desktop\0DE34HUJ\HijackThis.exe

F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {BCDA3A15-4411-FF47-C6CD-1A5CE4A3C5F6} - C:\WINNT\system32\sysrh32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1110610322\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [gdlnwo] c:\winnt\system32\gdlnwo.exe
O4 - HKCU\..\Run: [SPntnt] C:\WINNT\SPntnt.exe
O4 - HKCU\..\Run: [SPsy] C:\WINNT\SPsy.exe
O4 - HKCU\..\Run: [s-64SP] C:\WINNT\s-64SP.exe
O4 - HKCU\..\Run: [s-syhhSP] C:\WINNT\s-syhhSP.exe
O4 - HKCU\..\Run: [s-s-nt] C:\WINNT\s-s-nt.exe
O4 - HKCU\..\Run: [646432sy32] C:\WINNT\system32\646432sy32.exe
O4 - HKCU\..\Run: [sy32PEms32] C:\WINNT\sy32PEms32.exe
O4 - HKCU\..\Run: [SPmsPESPsy] C:\WINNT\SPmsPESPsy.exe
O4 - HKCU\..\Run: [PEnthh] C:\WINNT\system32\PEnthh.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [WindowsFY] C:\wp.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks Basic\Components\QBAgent\qbdagent2002.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {75503A94-27D1-48EA-BAD1-B3F047757D50} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {75503A94-27D1-48EA-BAD1-B3F047757D50} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downlo...ACCESS_1057.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O19 - User stylesheet: (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Network Security Service (%AF夶À¨) - Unknown owner - C:\WINNT\system32\mfcgc.exe (file missing)
  • 0

#4
Metallica
Posted 04 May 2005 - 01:20 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

F1 - win.ini: run=C:\WINNT\..\PROGRA~1\COMMON~1\MICROS~1\MSInfo
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll (file missing)
O2 - BHO: (no name) - {BCDA3A15-4411-FF47-C6CD-1A5CE4A3C5F6} - C:\WINNT\system32\sysrh32.dll (file missing)

O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)

O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - HKLM\..\Run: [gdlnwo] c:\winnt\system32\gdlnwo.exe
O4 - HKCU\..\Run: [SPntnt] C:\WINNT\SPntnt.exe
O4 - HKCU\..\Run: [SPsy] C:\WINNT\SPsy.exe
O4 - HKCU\..\Run: [s-64SP] C:\WINNT\s-64SP.exe
O4 - HKCU\..\Run: [s-syhhSP] C:\WINNT\s-syhhSP.exe
O4 - HKCU\..\Run: [s-s-nt] C:\WINNT\s-s-nt.exe
O4 - HKCU\..\Run: [646432sy32] C:\WINNT\system32\646432sy32.exe
O4 - HKCU\..\Run: [sy32PEms32] C:\WINNT\sy32PEms32.exe
O4 - HKCU\..\Run: [SPmsPESPsy] C:\WINNT\SPmsPESPsy.exe
O4 - HKCU\..\Run: [PEnthh] C:\WINNT\system32\PEnthh.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess

O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Program Files\Q330994.exe
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downlo...ACCESS_1057.cab

O19 - User stylesheet: (file missing)

Click Start > Run type services.msc > OK
In the list of services find:
System Startup Service (SvcProc)
Rightclick that line and choose Properties.
On the General tab Stop and set the service to disabled.
In HijackThis click Config > Misc Tools > Delete an NT service
In the dialog box paste: Network Security Service

Reboot into safe mode and delete:
C:\Program Files\NaviSearch <= entire folder

I have left one infection alone (smitfraud) because itv requires a complicated removal and I like to do that separately.

So post back with a new HijackThis log.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP