[natasha]

Hi, i got this virus and i have no idea how to remove it. i've tried all the possible anti-spyware programs and they don't work. i have a blue screen that says the name of the virus "trojan-spy.html.smitfraud.c" and that it is a fatal error. I ran Hijack This and this is the result:

Logfile of HijackThis v1.97.7
Scan saved at 9:19:37 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\DELL\HijackThis.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://216.130.185.122/sidesearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AtxBrw] C:\WINDOWS\IEXPLOR.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SRFirstRun] rundll32 srclient.dll,CreateFirstRunRp
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [DXDllRegExe] C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKLM\..\RunOnce: [MSPCLOCK] RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
O4 - HKLM\..\RunOnce: [MSPQM] RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
O4 - HKLM\..\RunOnce: [MSKSSRV] RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
O4 - HKLM\..\RunOnce: [WDM_SYSAUDIO] rundll32.exe streamci.dll,StreamingDeviceSetup {A7C7A5B0-5AF3-11D1-9CED-00A024BF0407},{9B365890-165F-11D0-A195-0020AFD156E4},{A7C7A5B1-5AF3-11D1-9CED-00A024BF0407},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SYSAUDIO.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD0] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD1] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DRMKAUD2] rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER0] rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{AD809C00-7B88-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_KMIXER1] rundll32.exe streamci.dll,StreamingDeviceSetup {B7EAFDC0-A680-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_KMIXER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC0] rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC1] rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_AEC2] rundll32.exe streamci.dll,StreamingDeviceSetup {4245FF73-1DB4-11d2-86E4-98AE20524153},{9B365890-165F-11D0-A195-0020AFD156E4},{BF963D80-C559-11D0-8A2B-00A0C9255AC1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_AEC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI0] rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI1] rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SWMIDI2] rundll32.exe streamci.dll,StreamingDeviceSetup {6C1B9F60-C0A9-11D0-96D8-00AA0051E51D},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SWMIDI.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DMUSIC0] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{2EB07EA0-7E70-11D0-A5D6-28DB04C10000},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DMUSIC1] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{DFF220F3-F70F-11D0-B917-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_DMUSIC2] rundll32.exe streamci.dll,StreamingDeviceSetup {8C07DD50-7A8D-11d2-8F8C-00C04FBF8FEF},dmusic,{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_DMUSIC.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_WDMAUD] rundll32.exe streamci.dll,StreamingDeviceSetup {CD171DE3-69E5-11D2-B56D-0000F8754380},{9B365890-165F-11D0-A195-0020AFD156E4},{3E227E76-690D-11D2-8161-0000F8775BF1},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_WDMAUD.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER0] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{9EA331FA-B91B-45F8-9285-BD2BC77AFCDE},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKLM\..\RunOnce: [WDM_SPLITTER1] rundll32.exe streamci.dll,StreamingDeviceSetup {2F412AB5-ED3A-4590-AB24-B0CE2AA77D3C},{9B365890-165F-11D0-A195-0020AFD156E4},{6994AD04-93EF-11D0-A3CC-00A0C9223196},C:\WINDOWS\INF\WDMAUDIO.inf,WDM_SPLITTER.Interface.Install
O4 - HKCU\..\RunOnce: [MyApp] C:\WINDOWS\help\rundll32.exe
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://protect.micro...b?1107984140406
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.micros...ntent/opuc2.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} (Installer Class) - http://downloads.sho...l_mamma1003.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1092947142234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.ma...h/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8171.7423726852
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...alls/yab_af.cab
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0006.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.micro...ate/sdkinst.cab

Please help me! thank you

[Advertisements]

Hi Natasha,

Welcome to Geeks2go. Sorry about the delay in getting to your post, we have been very busy.

If you still require help, please post a new HJT log in this thread;
if your problems have been resolved please let me know,

Regards,

Usetobe

[natasha]

thanks for your reply, but i just reformated my drive and everything is working