My computer has been recently infected by the trojan-spy.html.smitfraud.c virus. I tried to do my best in order to get rid of it, but it seems that the problems have not disappear. When windows begin, an IE window opens, it then does not respond and cannot be closed until I force it to close by clicking End Now several times. The most annoying symptom is that msconfig or task manager cannot stay open more than a second! I count very much on your help. This is my current hijackthis logfile:
Logfile of HijackThis v1.99.1
Scan saved at 2:26:40 μμ, on 13/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
D:\BITWARE\NT\bwprnmon.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\WINDOWS\System32\win32.exe
D:\MATLAB\webserver\bin\win32\matlabserver.exe
D:\WINDOWS\System32\NTC.EXE
D:\Program Files\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
D:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\Maratsos\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\Maratsos\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mysearch.cc
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\Maratsos\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mysearch.cc
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mysearch.cc
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.mysearch.cc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*
O1 - Hosts file is located at: D:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - D:\WINDOWS\system32\appwiz.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E011E223-47F1-4E75-9FC6-9DB636680D6C} - D:\WINDOWS\System32\dmb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [bwprnmon.exe] D:\BITWARE\NT\bwprnmon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Disc Detector] D:\Creative\ShareDLL\ctnotify.exe
O4 - HKLM\..\Run: [AudioHQ] D:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Windows Configs] NTC.EXE
O4 - HKCU\..\Run: [wupd] D:\WINDOWS\System32\win32.exe
O4 - HKCU\..\RunOnce: [Windows Configs] NTC.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {1E32284D-D796-4452-B1E4-4DCC72C982F4} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E32284D-D796-4452-B1E4-4DCC72C982F4} - (no file) (HKCU)
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.mysearch.cc/index.php?%00
O13 - WWW Prefix: http://www.mysearch.cc/index.php?%00
O13 - Home Prefix: http://www.mysearch.cc/index.php?%00
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Filter: text/html - {F3B4AE12-119A-4E71-A82D-5367F9E31CDF} - D:\WINDOWS\System32\dmb.dll
O18 - Filter: text/plain - {F3B4AE12-119A-4E71-A82D-5367F9E31CDF} - D:\WINDOWS\System32\dmb.dll
O21 - SSODL: MSThreadMode - {12545303-1234-4321-C321-000000000123} - D:\WINDOWS\system32\MSoGT1.dll (file missing)
O21 - SSODL: System - {7B0EB905-C6C5-4F7C-9B60-5A0F664D958D} - v_sys.dll (file missing)
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - D:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - D:\WINDOWS\System32\CTsvcCDA.EXE (file missing)
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - D:\MATLAB\webserver\bin\win32\matlabserver.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - D:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe