Thread: Computer controlled!
View Single Post
Old 11-12-2008, 08:18 AM   #9 (permalink)
TheBruce1
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,093
OS: XP


Re: Computer controlled!
Hello again

Open notepad and copy/paste the text in the box below into it:

Code:
@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"
for %%g in (
c:\temp\NT32
c:\windows\system32\im
c:\windows\system32\NPX 
c:\windows\system32\QI19 
c:\windows\system32\uvb 
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
Save this as Delete.bat Choose to "Save type as - All Files"
It should look like this:
Double click on Delete.bat & allow it to run

Let me know if it was successful.

=========

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries (If they still exist, make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

Keep the first one and delete the rest

O18 - Protocol: bw+0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {647EAA95-7EBA-4EC2-ADD5-88F0855EBCED} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Please remember to close all other windows, including browsers then click Fix checked.

=========

Try this scanner instead:

ESET Online Scanner
  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start

    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button

    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

=========

Open HijackThis and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

==========
Logs Required
Eset scan report
Hijackthis Log
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
Last edited by TheBruce1; 11-12-2008 at 08:23 AM.
TheBruce1 is offline