think point virus problem

View previous topic View next topic Go down

think point virus problem

Post by nenasav on Mon Oct 18, 2010 5:06 pm

I have a problem removing think point virus. As soon as I type my log in password and the Windows starts coming the "thing" pops up and starts scanning my computer without allowing me to even come to my desktop icons. I tried pressing F8 to go to safe mode but nothing happens. I also downloaded this Malwarebytes to remove the virus and I saved it on my USB, however when I plugged the USB I started task manager and was able to run the Malware program, and it said that it removed 2 trojans, and it did restart my comp...but then I wasn't able to go to my desktop again because the think point was still there...Please help :-(

nenasav
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2010-10-18
OS : Vista

View user profile

Back to top Go down

Re: think point virus problem

Post by Belahzur on Mon Oct 18, 2010 11:09 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

think point help please

Post by theone3609 on Thu Oct 21, 2010 12:44 am

OTL logfile created on: 10/20/2010 5:41:04 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\fixed\My Documents\Downloads
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

495.00 Mb Total Physical Memory | 174.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 23.35 Gb Free Space | 62.66% Space Free | Partition Type: NTFS

Computer Name: BRANDY-TCUJC86G | User Name: fixed | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/20 17:40:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixed\My Documents\Downloads\OTL.exe
PRC - [2010/10/19 13:11:13 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\SysWin\lsass.exe
PRC - [2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\system32\d3dpmesh32.exe
PRC - [2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\system32\cscui32.exe
PRC - [2010/09/17 08:32:14 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/17 08:32:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2001/08/23 08:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/20 17:40:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\fixed\My Documents\Downloads\OTL.exe
MOD - [2001/08/23 08:00:00 | 000,921,088 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
MOD - [2001/08/23 08:00:00 | 000,685,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\opengl32.dll
MOD - [2001/08/23 08:00:00 | 000,338,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2001/08/23 08:00:00 | 000,267,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2001/08/23 08:00:00 | 000,201,728 | ---- | M] () -- C:\WINDOWS\ofasuqer.dll
MOD - [2001/08/23 08:00:00 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\glu32.dll
MOD - [2001/08/23 08:00:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2001/08/23 08:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/10/20 00:37:38 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\6to4v32.dll -- (6to4)
SRV - [2010/10/14 10:20:04 | 001,330,688 | R--- | M] () [Auto | Running] -- C:\WINDOWS\system32\cscui32.exe -- (Dnscache32)
SRV - [2001/08/23 08:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 43 6E 3C 01 03 6E ED 4A 91 B3 6F DB EB 30 63 45 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.12.178
FF - prefs.js..extensions.enabledItems: {81a80b33-11a6-46f4-be20-8bb1fa06bda5}:1.0
FF - prefs.js..extensions.enabledItems: {13C4FF9A-1656-4982-B337-D2A65FBDE08E}:1.9.1
FF - prefs.js..extensions.enabledItems: {021CAD49-2231-44AD-A31D-F2D0F8C3AE06}:1.9.1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{13C4FF9A-1656-4982-B337-D2A65FBDE08E}: C:\Documents and Settings\fixed\Local Settings\Application Data\{13C4FF9A-1656-4982-B337-D2A65FBDE08E} [2010/10/19 13:15:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{021CAD49-2231-44AD-A31D-F2D0F8C3AE06}: C:\Documents and Settings\Brandie\Local Settings\Application Data\{021CAD49-2231-44AD-A31D-F2D0F8C3AE06} [2010/10/19 14:38:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/07 12:42:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 08:32:18 | 000,000,000 | ---D | M]

[2010/10/19 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixed\Application Data\Mozilla\Extensions
[2010/10/19 12:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixed\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/10/20 14:22:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixed\Application Data\Mozilla\Firefox\Profiles\n9tc5b0s.default\extensions
[2010/10/20 16:59:19 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\fixed\Application Data\Mozilla\Firefox\Profiles\n9tc5b0s.default\extensions\{81a80b33-11a6-46f4-be20-8bb1fa06bda5}
[2010/10/19 14:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\fixed\Application Data\Mozilla\Firefox\Profiles\n9tc5b0s.default\extensions\toolbar@ask.com
[2010/10/20 16:27:45 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\Mozilla\Firefox\Profiles\n9tc5b0s.default\searchplugins\askcom.xml
[2010/10/20 14:22:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {013C6E43-6E03-4AED-91B3-6FDBEB306345} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
O2 - BHO: (no name) - {015C8A4E-6281-4A48-BFCA-A7787860E6F5} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
O2 - BHO: (no name) - {0278DC87-6E03-4AED-91B3-6FDBEB306345} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
O2 - BHO: (20d8e760) - {CBAD59C8-8F91-C892-D54B-04B9699C2A3E} - C:\WINDOWS\system32\d3dim32.dll (Inprise Corporation)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [ClamWin] C:\Program Files\ClamWin\bin\ClamTray.exe (alch)
O4 - HKLM..\Run: [Vpuqikoqatuza] C:\WINDOWS\ofasuqer.DLL ()
O4 - HKCU..\Run: [Jpeyukijaduxoxu] C:\WINDOWS\lilp6mfg.DLL ()
O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Documents and Settings\fixed\Local Settings\Temp\Bsl.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Tgbh_PreA1T] C:\Program Files\Adware Pro\Adware_Pro.exe File not found
O4 - Startup: C:\Documents and Settings\fixed\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\fixed\Application Data\SysWin\lsass.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.121.85.2 24.121.74.2 207.192.213.44 207.192.213.45
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - AppInit_DLLs: (C:\WINDOWS\System32\d3dim32.dll) - C:\WINDOWS\system32\d3dim32.dll (Inprise Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/23 00:57:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 16:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\MSN6
[2010/10/19 16:11:02 | 000,359,936 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cmdial3232.dll
[2010/10/19 14:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\Macromedia
[2010/10/19 14:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\Adobe
[2010/10/19 13:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Local Settings\Application Data\{13C4FF9A-1656-4982-B337-D2A65FBDE08E}
[2010/10/19 13:12:29 | 000,212,992 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\Blanua.exe
[2010/10/19 13:11:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2010/10/19 13:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2010/10/19 13:11:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1654247506
[2010/10/19 13:11:31 | 000,359,936 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dmintf32.dll
[2010/10/19 13:11:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\fixed\Application Data\SysWin
[2010/10/19 13:11:15 | 000,248,320 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\d3dim32.dll
[2010/10/19 13:11:12 | 000,360,960 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cryptui32.dll
[2010/10/19 12:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\My Documents\LimeWire
[2010/10/19 12:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\LimeWire
[2010/10/19 12:58:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/10/19 12:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/10/19 12:51:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\AVP 2009
[2010/10/19 12:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\My Documents\Downloads
[2010/10/19 12:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Local Settings\Application Data\Mozilla
[2010/10/19 12:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\Mozilla
[2010/10/19 09:33:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\Sun
[2010/10/19 09:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\.clamwin
[2010/10/19 09:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Application Data\Identities
[2010/10/19 09:28:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixed\My Documents\My Pictures
[2010/10/19 09:28:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixed\My Documents\My Music
[2010/10/19 09:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Local Settings\Application Data\Microsoft
[2010/10/19 09:27:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fixed\Application Data\Microsoft
[2010/10/19 09:27:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\fixed\Cookies
[2010/10/19 09:27:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixed\SendTo
[2010/10/19 09:27:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixed\Recent
[2010/10/19 09:27:55 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\fixed\Application Data
[2010/10/19 09:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixed\Start Menu
[2010/10/19 09:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixed\My Documents
[2010/10/19 09:27:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\fixed\Favorites
[2010/10/19 09:27:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixed\Templates
[2010/10/19 09:27:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixed\PrintHood
[2010/10/19 09:27:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixed\NetHood
[2010/10/19 09:27:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\fixed\Local Settings
[2010/10/19 09:27:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\fixed\Desktop
[2010/10/19 09:22:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/10/19 09:22:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
[2010/10/19 09:22:14 | 000,000,000 | ---D | C] -- C:\Program Files\ClamWin
[2010/10/19 09:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\.clamwin
[2010/10/19 09:12:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/10/18 13:53:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/10/15 12:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/10/15 12:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\fixed\*.tmp files -> C:\Documents and Settings\fixed\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/20 17:40:31 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\550620233
[2010/10/20 16:58:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pqiwo.dat
[2010/10/20 07:49:22 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/20 07:49:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lvipuqolezi.bin
[2010/10/20 07:47:07 | 000,002,856 | ---- | M] () -- C:\WINDOWS\System32\GnuHashes.ini
[2010/10/20 00:48:00 | 000,000,198 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/20 00:37:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/20 00:34:57 | 000,000,296 | -HS- | M] () -- C:\WINDOWS\System32\16508773
[2010/10/20 00:34:40 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\YUKXV.job
[2010/10/20 00:34:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/19 16:11:02 | 000,359,936 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cmdial3232.dll
[2010/10/19 13:12:22 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\oobeb.dll
[2010/10/19 13:12:21 | 000,212,992 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Blanua.exe
[2010/10/19 13:11:46 | 000,000,234 | ---- | M] () -- C:\WINDOWS\System32\sl1629124087
[2010/10/19 13:11:35 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2010/10/19 13:11:31 | 000,359,936 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dmintf32.dll
[2010/10/19 13:11:16 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\705011778
[2010/10/19 13:11:15 | 000,248,320 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\d3dim32.dll
[2010/10/19 13:11:12 | 000,360,960 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cryptui32.dll
[2010/10/19 13:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/19 12:59:38 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\fixed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/19 12:58:32 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\fixed\Desktop\LimeWire 5.5.16.lnk
[2010/10/19 09:28:51 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/19 09:28:50 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/19 09:28:47 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/10/19 09:28:47 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/19 09:23:17 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/19 09:22:25 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ClamWin Antivirus.lnk
[2010/10/19 08:27:38 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/18 14:20:37 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\System32\d3dpmesh32.exe
[2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\System32\cscui32.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\fixed\*.tmp files -> C:\Documents and Settings\fixed\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/20 00:37:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2010/10/19 13:18:59 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
[2010/10/19 13:15:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pqiwo.dat
[2010/10/19 13:15:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Lvipuqolezi.bin
[2010/10/19 13:12:33 | 000,000,296 | -HS- | C] () -- C:\WINDOWS\System32\16508773
[2010/10/19 13:12:29 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/10/19 13:12:23 | 000,000,198 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/10/19 13:12:22 | 000,063,488 | RHS- | C] () -- C:\WINDOWS\System32\oobeb.dll
[2010/10/19 13:12:22 | 000,000,308 | -HS- | C] () -- C:\WINDOWS\tasks\YUKXV.job
[2010/10/19 13:12:12 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\550620233
[2010/10/19 13:11:46 | 000,000,234 | ---- | C] () -- C:\WINDOWS\System32\sl1629124087
[2010/10/19 13:11:35 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2010/10/19 13:11:16 | 001,330,688 | R--- | C] () -- C:\WINDOWS\System32\d3dpmesh32.exe
[2010/10/19 13:11:14 | 001,330,688 | R--- | C] () -- C:\WINDOWS\System32\cscui32.exe
[2010/10/19 13:11:14 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\705011778
[2010/10/19 12:59:38 | 000,001,538 | ---- | C] () -- C:\Documents and Settings\fixed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/19 12:58:57 | 000,000,234 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/10/19 12:58:32 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\fixed\Desktop\LimeWire 5.5.16.lnk
[2010/10/19 09:28:50 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/10/19 09:28:43 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/19 09:28:42 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\fixed\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/19 09:22:25 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ClamWin Antivirus.lnk
[2006/01/23 02:00:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/22 16:48:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/02/17 16:55:00 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2001/08/23 08:00:00 | 002,195,456 | RHS- | C] () -- C:\WINDOWS\System32\prllvxr.dll
[2001/08/23 08:00:00 | 000,201,728 | ---- | C] () -- C:\WINDOWS\ofasuqer.dll
[2001/08/23 08:00:00 | 000,152,576 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2001/08/23 08:00:00 | 000,077,312 | ---- | C] () -- C:\WINDOWS\lilp6mfg.dll
[2001/08/23 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

< End of report >

theone3609
Beginner
Beginner

Status :
Online
Offline

Posts : 1
Joined : 2010-10-21
OS : xp

View user profile

Back to top Go down

Re: think point virus problem

Post by Belahzur on Fri Oct 22, 2010 12:06 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/10/19 13:11:13 | 000,171,008 | ---- | M] () -- C:\Documents and Settings\fixed\Application Data\SysWin\lsass.exe
    PRC - [2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\system32\d3dpmesh32.exe
    PRC - [2010/10/14 10:20:04 | 001,330,688 | R--- | M] () -- C:\WINDOWS\system32\cscui32.exe
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.6.12.178
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW4&o=16794&locale=en_US&q="
    O2 - BHO: (no name) - {013C6E43-6E03-4AED-91B3-6FDBEB306345} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
    O2 - BHO: (no name) - {015C8A4E-6281-4A48-BFCA-A7787860E6F5} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
    O2 - BHO: (no name) - {0278DC87-6E03-4AED-91B3-6FDBEB306345} - C:\WINDOWS\system32\dmintf32.dll (Inprise Corporation)
    O2 - BHO: (20d8e760) - {CBAD59C8-8F91-C892-D54B-04B9699C2A3E} - C:\WINDOWS\system32\d3dim32.dll (Inprise Corporation)
    O4 - HKLM..\Run: [Vpuqikoqatuza] C:\WINDOWS\ofasuqer.DLL ()
    O4 - HKCU..\Run: [Jpeyukijaduxoxu] C:\WINDOWS\lilp6mfg.DLL ()
    O4 - HKCU..\Run: [KOO9RV9K4Z] C:\Documents and Settings\fixed\Local Settings\Temp\Bsl.exe (Trend Micro Inc.)
    O4 - HKCU..\Run: [Tgbh_PreA1T] C:\Program Files\Adware Pro\Adware_Pro.exe File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\System32\d3dim32.dll) - C:\WINDOWS\system32\d3dim32.dll (Inprise Corporation)
    [2010/10/20 17:40:31 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\550620233
    [2010/10/20 16:58:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pqiwo.dat
    [2010/10/20 07:49:22 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/10/20 07:49:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Lvipuqolezi.bin
    [2010/10/20 07:47:07 | 000,002,856 | ---- | M] () -- C:\WINDOWS\System32\GnuHashes.ini
    [2010/10/20 00:48:00 | 000,000,198 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010/10/20 00:37:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\6to4v32.dll
    [2010/10/20 00:34:57 | 000,000,296 | -HS- | M] () -- C:\WINDOWS\System32\16508773
    [2010/10/20 00:34:40 | 000,000,308 | -HS- | M] () -- C:\WINDOWS\tasks\YUKXV.job
    [2010/10/19 16:11:02 | 000,359,936 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cmdial3232.dll
    [2010/10/19 13:12:22 | 000,063,488 | RHS- | M] () -- C:\WINDOWS\System32\oobeb.dll
    [2010/10/19 13:12:21 | 000,212,992 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Blanua.exe
    [2010/10/19 13:11:46 | 000,000,234 | ---- | M] () -- C:\WINDOWS\System32\sl1629124087
    [2010/10/19 13:11:35 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
    [2010/10/19 13:11:31 | 000,359,936 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dmintf32.dll
    [2010/10/19 13:11:16 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\705011778
    [2010/10/19 13:11:15 | 000,248,320 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\d3dim32.dll
    [2010/10/19 13:11:12 | 000,360,960 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cryptui32.dll
    [2010/10/19 13:01:02 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum