WiredWX Hobby Weather ToolsLog in

 


Another Think Point Problem

3 posters

descriptionAnother Think Point Problem EmptyAnother Think Point Problem

more_horiz
Hi,

I am running windows XP
I don't know where the TP virus came from as housemate installed it whilst using my computer

I have read a couple other posts and so far done the following;

I have burnt Malawarebytes onto a CD at work and run the scan, it deleted 7 things. TP is still on the machine.
I am unable to download an update as i cannot connect to the internet

Today i then went into work in order to download the OTL file suggested in other posts. I ran it in normal mode and got 2 logs, both emtpy. I then ran it in safe mode and got a single log, however I have no way to get it off of the computer in order to post it here.

As such I am unsure as what to do next?
Should i buy an external harddrive so that i can get the log to work and post it?
Thanks

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Are you still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
hello, yes sorry i am still here, it just took me a few days to buy a usb stick in order to get the information onto the web via another computer

my malawarebytes log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

22/11/2010 00:35:04
mbam-log-2010-11-22 (00-35-04).txt

Scan type: Full scan (C:\|)
Objects scanned: 166118
Time elapsed: 20 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
OTL

OTL logfile created on: 22/11/2010 01:25:47 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.23 Gb Free Space | 75.46% Space Free | Partition Type: NTFS
Drive D: | 0.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAN-00ED881EF45 | User Name: Dan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/13 17:27:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
PRC - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 12:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/13 17:27:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 14:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 14:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/06 09:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2006/11/09 11:30:05 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 08:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:28:44 | 000,000,000 | ---D | M]

[2009/12/11 18:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Extensions
[2010/10/28 22:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g2llhl59.default\extensions
[2009/12/14 03:02:47 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g2llhl59.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/12/11 18:49:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g2llhl59.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/14 03:02:59 | 000,004,554 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\g2llhl59.default\searchplugins\aim-search.xml
[2009/12/11 18:46:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/27 12:08:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/27 12:08:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/27 12:08:03 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/27 12:08:03 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2008/04/14 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260556583094 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Dan\Application Data\hotfix.exe) - C:\Documents and Settings\Dan\Application Data\hotfix.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/11 16:25:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 01:25:23 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/11/12 22:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan\Application Data\Malwarebytes
[2010/11/12 22:57:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/12 22:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/12 22:57:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/12 22:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/11 14:54:56 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 00:18:53 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/22 00:17:49 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/22 00:17:49 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/22 00:13:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/22 00:13:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/15 22:43:42 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/11/15 22:42:41 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/14 00:04:57 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/13 17:27:56 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan\Desktop\OTL.exe
[2010/11/12 23:45:40 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/12 23:10:10 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 22:57:56 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/11 15:21:56 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/05 01:59:10 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\start
[2010/11/05 01:49:50 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 01:33:32 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\completescan
[2010/11/05 00:37:24 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\install
[2010/11/05 00:37:23 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\ThinkPoint.lnk
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/05 00:31:23 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 00:31:17 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\dkfjasdfshd.bat
[2010/11/05 00:31:15 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\hotfix.exe
[2010/11/05 00:31:11 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\mstsc.exe
[2010/10/26 11:52:57 | 000,001,463 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\DivX Movies.lnk
[2010/10/26 00:14:08 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/12 22:57:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/05 00:43:15 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\start
[2010/11/05 00:40:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\completescan
[2010/11/05 00:37:24 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\install
[2010/11/05 00:37:23 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ThinkPoint.lnk
[2010/11/05 00:31:23 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/11/05 00:31:22 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/11/05 00:31:21 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/11/05 00:31:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/11/05 00:31:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/11/05 00:31:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/11/05 00:31:20 | 000,000,414 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/11/05 00:31:17 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\dkfjasdfshd.bat
[2010/11/05 00:31:15 | 000,522,240 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\hotfix.exe
[2010/11/05 00:31:04 | 000,522,240 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\mstsc.exe
[2010/08/22 23:01:54 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Dan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/11 18:42:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009/12/11 16:08:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

< End of report >

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
and finally extras

OTL Extras logfile created on: 22/11/2010 01:25:47 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 289.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.23 Gb Free Space | 75.46% Space Free | Partition Type: NTFS
Drive D: | 0.62 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAN-00ED881EF45 | User Name: Dan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Microsoft Games\Age of Empires\Empires.exe" = C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Enabled:Age of Empires -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08716EF4-E4CC-4BC7-97D5-7B6990114ACD}" = Betfair Poker
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600820}" = MSN Messenger 7.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom NetXtreme Ethernet Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"InstallShield_{435E53AF-B62B-4094-AE12-F6ECF0BF3CE4}" = CM4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MANSION Casino" = MansionCasino
"Mansion Poker" = MansionPoker
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PokerStars" = PokerStars
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Titan Poker" = Titan Poker
"VLC media player" = VLC media player 1.0.3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/07/2010 12:40:25 | Computer Name = DAN-00ED881EF45 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2010 12:40:25 | Computer Name = DAN-00ED881EF45 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 11/07/2010 12:40:25 | Computer Name = DAN-00ED881EF45 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 29/07/2010 16:04:26 | Computer Name = DAN-00ED881EF45 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 31/07/2010 18:38:21 | Computer Name = DAN-00ED881EF45 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759331, P2 unspecified, P3 scanfile,
P4 2.0.6212.0, P5 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 03/08/2010 22:45:10 | Computer Name = DAN-00ED881EF45 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 07/08/2010 18:57:29 | Computer Name = DAN-00ED881EF45 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05429290.

Error - 07/08/2010 18:57:39 | Computer Name = DAN-00ED881EF45 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 07/08/2010 20:10:41 | Computer Name = DAN-00ED881EF45 | Source = Application Hang | ID = 1002
Description = Hanging application DivX Plus Player.exe, version 10.1.0.430, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/08/2010 18:48:47 | Computer Name = DAN-00ED881EF45 | Source = Messenger | ID = 1000
Description =

[ System Events ]
Error - 20/11/2010 20:06:45 | Computer Name = DAN-00ED881EF45 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/11/2010 20:14:09 | Computer Name = DAN-00ED881EF45 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/11/2010 20:15:18 | Computer Name = DAN-00ED881EF45 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP aswTdi Fips intelppm MpFilter

Error - 21/11/2010 20:24:06 | Computer Name = DAN-00ED881EF45 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 21/11/2010 20:24:06 | Computer Name = DAN-00ED881EF45 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 21/11/2010 20:24:06 | Computer Name = DAN-00ED881EF45 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.1092.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 21/11/2010 20:24:10 | Computer Name = DAN-00ED881EF45 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.1092.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6301.0&avdelta=1.93.1092.0&asdelta=1.93.1092.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6301.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 21/11/2010 20:24:10 | Computer Name = DAN-00ED881EF45 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.1092.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6301.0&avdelta=1.93.1092.0&asdelta=1.93.1092.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6301.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 21/11/2010 20:24:10 | Computer Name = DAN-00ED881EF45 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.1092.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6301.0&avdelta=1.93.1092.0&asdelta=1.93.1092.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6301.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved

Error - 21/11/2010 20:24:10 | Computer Name = DAN-00ED881EF45 | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.93.1092.0 Update Source: %%851 Update Stage:
%%852 Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86&eng=1.1.6301.0&avdelta=1.93.1092.0&asdelta=1.93.1092.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 1.1.6301.0 Error code: 0x80072ee7 Error description: The
server name or address could not be resolved


< End of report >

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
DragonMaster Jay wrote:
Are you still with us?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


I'm afraid i don't know of any of the above. I haven't been using the computer as most things i do are online and i am now unable to, so i am unsure of its speed. I don't know how to tell if the alerts are fake, but i have had alerts for months and i ignore them as i run a firewall and antivirus. No crashes, though computer has only been on for 10 minutes at a time

Thanks, i hope i have covered enough info to be of use to you! Thank You!

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    [2010/11/05 00:43:15 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\start
    [2010/11/05 00:40:21 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\completescan
    [2010/11/05 00:37:24 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Dan\Application Data\install
    [2010/11/05 00:37:23 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\Dan\Desktop\ThinkPoint.lnk
    [2010/11/05 00:31:17 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\dkfjasdfshd.bat
    [2010/11/05 00:31:15 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Dan\Application Data\hotfix.exe
    [2010/11/05 00:31:11 | 000,522,240 | ---- | M] () -- C:\Documents and Settings\Dan\Desktop\mstsc.exe

    C:\WINDOWS\tasks\At*.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
========== OTL ==========
File C:\Documents and Settings\Dan\Application Data\start not found.
File C:\Documents and Settings\Dan\Application Data\completescan not found.
File C:\Documents and Settings\Dan\Application Data\install not found.
File C:\Documents and Settings\Dan\Desktop\ThinkPoint.lnk not found.
File C:\Documents and Settings\Dan\Application Data\dkfjasdfshd.bat not found.
File C:\Documents and Settings\Dan\Application Data\hotfix.exe not found.
File C:\Documents and Settings\Dan\Desktop\mstsc.exe not found.

OTL by OldTimer - Version 3.2.17.3 log created on 12042010_180719

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

05/12/2010 00:41:10
mbam-log-2010-12-05 (00-41-10).txt

Scan type: Quick scan
Objects scanned: 117571
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
I still don't have internet access to the update didn't work

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

07/12/2010 02:40:54
mbam-log-2010-12-07 (02-40-54).txt

Scan type: Quick scan
Objects scanned: 117686
Time elapsed: 6 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Another Think Point Problem CF_download_FF

    Another Think Point Problem CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Another Think Point Problem Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Another Think Point Problem Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
Hello,
i D/L combo-fix and put it onto my computer. It didn't find a recovery console and wasn't able to download it. It did however still run without this. here is the log




ComboFix 10-12-11.03 - Administrator 11/12/2010 23:06:57.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.283 [GMT 0:00]
Running from: E:\Combo-Fix.exe
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Outdated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan\Start Menu\Programs\ThinkPoint.lnk
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-04 18:05 . 2010-12-04 18:05 -------- d-----w- C:\_OTL
2010-11-14 00:43 . 2010-11-14 00:44 -------- d-----w- c:\documents and settings\Administrator
2010-11-12 22:58 . 2010-11-12 22:58 -------- d-----w- c:\documents and settings\Dan\Application Data\Malwarebytes
2010-11-12 22:57 . 2010-04-29 15:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-12 22:57 . 2010-11-12 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-11-12 22:57 . 2010-11-12 22:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-12 22:57 . 2010-04-29 15:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2009-12-11 18:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-11-03 23:19 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09D2C017-E73B-4008-B3F8-8F3A77CAD4DC}\mpengine.dll
2010-10-07 23:21 . 2009-12-14 14:33 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-11 149280]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Dan\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires\\Empires.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18/10/2010 18:00 165584]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18/10/2010 18:00 17744]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/10/2010 18:00 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 18:00]

2010-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 18:00]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 17:36]

2010-12-07 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-12-11 22:18]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -

AddRemove-MANSION Casino - c:\casino\MansionCasino\_SetupMANSIONCasino_44a311.exe
AddRemove-Mansion Poker - c:\poker\MansionPoker\_SetupPoker_ef4b59.exe
AddRemove-Titan Poker - c:\poker\Titan Poker\_SetupPoker_b67acc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 23:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-11 23:13:08
ComboFix-quarantined-files.txt 2010-12-11 23:13

Pre-Run: 60,338,384,896 bytes free
Post-Run: 61,362,368,512 bytes free

- - End Of File - - D448F2B64C4C73B32D944537612AE2F8

descriptionAnother Think Point Problem EmptyRe: Another Think Point Problem

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum