PDA

View Full Version : just folloing instructions



neonx18
2006-06-17, 07:38
rapport log:

SmitFraudFix v2.61

Scan done at 22:07:10.67, Fri 06/16/2006
Run from C:\Documents and Settings\Benny\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ed39ecef-902e-4ed1-8434-71e8db89e5ca}"="decorin"

[HKEY_CLASSES_ROOT\CLSID\{ed39ecef-902e-4ed1-8434-71e8db89e5ca}\InProcServer32]
@="C:\WINDOWS\system32\oybgrql.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{ed39ecef-902e-4ed1-8434-71e8db89e5ca}\InProcServer32]
@="C:\WINDOWS\system32\oybgrql.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\dxole32.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\Program Files\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\oybgrql.dll -> Hoax.Win32.Renos.gen.b
C:\WINDOWS\system32\oybgrql.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

neonx18
2006-06-17, 07:38
ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:44:12 PM, 6/16/2006
+ Report-Checksum: BE3AECF

+ Scan result:

HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup
HKLM\SOFTWARE\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\KMiNT21\FamilyKeyLogger -> Adware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\\kernel32.dll -> Trojan.Small : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup
HKU\S-1-5-21-1343024091-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{736B5468-BDAD-41BE-92D0-22AE2DDF7BCB} -> Adware.Generic : Cleaned with backup
C:\Documents and Settings\All Users\Downloaded Programs and other STUFF\get.php -> Downloader.IstBar.u : Cleaned with backup
C:\Documents and Settings\Anja\Cookies\anja@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Anja\Cookies\anja@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wfk4opdpwep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wfk4wgdzwkq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wfloghczkfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wflogkcpwcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wfloskdzigp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wgk4kgajaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wgkigkajaao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wgkoaiczgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wgl4onczacp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wglokpc5cgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6whkiegdpcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjk4aiczehp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjkoamd5efo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjkoapd5ggq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjkyakd5wfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjlyencpwco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjny-1nc5ia.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjnyghazokp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjnyojcjiep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@e-2dj6wjnywocpodo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Benny\Local Settings\Temp\Cookies\benny@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Benny\Shared\carlos mencia no strings attached.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Benny\Shared\carlos mencia not for the easily offended.zip/Setup.exe -> Worm.VB.dw : Cleaned with backup
C:\Documents and Settings\Benny\Shared\Macromedia Dreamweaver 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\MsMovies\p.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\v.tmp -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Adware.Comet : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\system32\CTF\ctfmon.dll_tobedeleted -> Not-A-Virus.Monitor.Win32.HomeKeyLogger.170 : Cleaned with backup
C:\WINDOWS\system32\CTF\ctfs.dll_tobedeleted -> Not-A-Virus.Monitor.Win32.GoldenKeylogger.130 : Cleaned with backup


::Report End

neonx18
2006-06-17, 07:39
hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:48:13 PM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=4.0&Cd_Key=MV983K741J449154&Company=Company&FName=Benny&Lang=Enu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: offline-8876480 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\Symantec Shared\Script Blocking\SBServ.exe

neonx18
2006-06-17, 07:40
so what now i still have problems and when ever i tried to get into safe mode my computer crashed ????? what do i do please help

LonnyRJones
2006-06-20, 18:52
Welcome

1. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.

Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
2. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As")
save as text Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
If it was saved as alcanshorty.bfu.txt rename to alcanshorty.bfu

3. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.Post a new HiJackThis log.
also, delete smithfraudfix and get another copy, run it choose option 1 and post that log.
Its constantly being updated

neonx18
2006-06-20, 19:02
hijack this log after bfu

Logfile of HijackThis v1.99.1
Scan saved at 11:01:22 AM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gocyberlink.com/registration/registration1.asp?SoftWare=POWERDVD&Version_Num=4.0&Cd_Key=MV983K741J449154&Company=Company&FName=Benny&Lang=Enu
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bw+0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} - D:\CDS300\__CDS2.dll (file missing)
O18 - Protocol: offline-8876480 - {7F6CC8EE-FE60-435C-9EB5-CD59BC442A39} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\Symantec Shared\Script Blocking\SBServ.exe

thanks for your help

LonnyRJones
2006-06-20, 19:18
Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Nothing - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
====================================
Hit fix checked and close Hijackthis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Just ot iof curiousty try safe mode again , any problems ? if there is an error message write it down.

Is norton uninstalled or not working ?

Im not sure you saw this

also, delete smithfraudfix and get another copy, run it choose option 1 and post that log.
Its constantly being updated

LonnyRJones
2006-06-28, 08:59
Due to lack of responses this thread is closed
If you still need assistance a new log will be needed, send me or Tashi a PM and we will re-open it.