Trojan smitfraud need help

Unknown

Hello I need help removing this from my pc. Here is the log results of hijackthis. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:34:28 PM, on 4/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\wp.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\Airsvcu.exe
C:\Hp\register\Remind32.exe
C:\Documents and Settings\bobby mathes\Local Settings\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphiapowerpage.com/index.cfm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Web Directory Toolbar Helper - {441354C5-911B-409B-9A66-A11D6D4E1A22} - C:\WINDOWS\system32\sdmtb.dll
O2 - BHO: Starware - {FC17BFE4-B5E4-4a7b-A71C-2DF28849C4BE} - C:\Program Files\Starware\bin\Starware.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Starware - {0A0DCA4C-F72F-49f9-B7B3-480AE39CA062} - C:\Program Files\Starware\bin\Starware.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\System32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [cwdiali] C:\WINDOWS\System32\cwdiali.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [capq] C:\WINDOWS\System32\capq.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Media Manager Indexer.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE
O4 - Global Startup: Introducing Media Manager.lnk = C:\Program Files\Common Files\Microsoft Shared\Media Manager\SPLASHA.EXE
O4 - Global Startup: Reminder-hpc40608.lnk = C:\HP\register\REMIND32.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OSA.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {5C56D6CC-765C-495E-ABAE-D77D65E7E77D} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5C56D6CC-765C-495E-ABAE-D77D65E7E77D} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'inetcntrl.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/usa/html.chm::/html.exe
O16 - DPF: {CA356D79-679B-4B4C-8E49-5AF97014F4C1} - http://files-pl.starware.com/installs/3.0.0.200503311601/10003/Starware_10003.cab

Buckeye_Sam

Please download CWShredder but don't run it yet.
http://cwshredder.net/bin/CWSInstall.exe


Download Ad-aware SE 1.05 from: http://www.majorgeeks.com/download506.html
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


Make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: Web Directory Toolbar Helper - {441354C5-911B-409B-9A66-A11D6D4E1A22} - C:\WINDOWS\system32\sdmtb.dll
O4 - HKLM\..\Run: [cwdiali] C:\WINDOWS\System32\cwdiali.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/usa/html.chm::/html.exe



Reboot your computer into Safe Mode


Now run CWShredder, making sure to click "Fix".


Then delete these files or directories (Do not be concerned if they do not exist)

c:\wp.exe
C:\WINDOWS\System32\cwdiali.exe
C:\WINDOWS\system32\sdmtb.dll


Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new log.

bgmathes

Thanks I will do this tonight.

bgmathes

Thanks Sbuckeye_sam, It seems to have worked, However I am still having some other problems, there's a popup that's been on my pc for a long time and I have just ignored it. It usually pops up when I long on, and when you try to close it it keeps reappearing and moving to a different location on the screen, and usually will eventually quit popping up if you close it enough times. It says it is a messenger service and message from registry to error and says microsoft windows has encountered an internal error and microsoft recommends a complete system scan and tells you a website to visit to do this. The other issuse is pornsites keep loading themselves onto my favorites list.
Thanks for your help
Bobby

Buckeye_Sam wrote:

Please download CWShredder but don't run it yet.
http://cwshredder.net/bin/CWSInstall.exe


Download Ad-aware SE 1.05 from: http://www.majorgeeks.com/download506.html
Install the program and launch it. First, in the main window, look in the bottom right corner and click on Check for updates now and download the latest reference files. Exit Adaware for now.


Make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: Web Directory Toolbar Helper - {441354C5-911B-409B-9A66-A11D6D4E1A22} - C:\WINDOWS\system32\sdmtb.dll
O4 - HKLM\..\Run: [cwdiali] C:\WINDOWS\System32\cwdiali.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O16 - DPF: {11010101-1001-1111-1000-110112345678} - mk:@mSItSTORE:Mhtml:FiLE://C:\html.mHT!http://205.177.122.27/docs/usa/html.chm::/html.exe



Reboot your computer into Safe Mode


Now run CWShredder, making sure to click "Fix".


Then delete these files or directories (Do not be concerned if they do not exist)

c:\wp.exe
C:\WINDOWS\System32\cwdiali.exe
C:\WINDOWS\system32\sdmtb.dll


Run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new log.

Buckeye_Sam

Please post a new hijackthis log.