Jump to content

ThinkPoint got her computer

Recommended Posts

Hello Forum Members,

My gf, Pedalflower, and I have side-by-side PCs and hers is now in the grips of Thinkpoint. She was running Malwarebytes but hadn't updated it in a while. Now she has to log in with a newly created user name. If she tries to log in as an administrator then she can't get past the Thinkpoint blue screen. She can't even register for this forum because when she tried, and received the registration email, all that was there was the title of the email, nothing in the body!

So again, we've tried the various 'self-help' procedures but in every case, it wants her to log in as administrator and supply a password. She did not set it up with a password in the first place. Can anyone please help? Thanks!


for Pedalflower

Here is a copy of the HijackThis log from her computer:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:46:12 PM, on 10/23/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:


C:Program Files (x86)BonjourmDNSResponder.exe

C:Program Files (x86)IOISmart CopyButtonMonitor.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)Winampwinampa.exe

C:Program Files (x86)Common FilesJavaJava Updatejusched.exe

C:Program Files (x86)iPodbiniPodService.exe

C:Program Files (x86)Spyware DoctorpctsAuxs.exe

C:Program Files (x86)Spyware DoctorpctsSvc.exe

C:Program Files (x86)Spyware DoctorpctsTray.exe

C:Program Files (x86)Spyware DoctorTFEngineTFService.exe

C:Program Files (x86)Mozilla Firefoxfirefox.exe

C:Program Files (x86)Mozilla Firefoxplugin-container.exe

C:Program Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.gateway.com/g/startpage.html ... 710-UB801A

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.mirostart.com/?cfg=2-73-0-9ix

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.gateway.com/g/startpage.html ... 710-UB801A

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.gateway.com/g/startpage.html ... 710-UB801A

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =

R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll

O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:Program Files (x86)StumbleUponStumbleUponIEBar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:Program Files (x86)StumbleUponStumbleUponIEBar.dll

O4 - HKLM..Run: [smart Copy] "C:Program Files (x86)IOISmart CopyButtonMonitor.exe" -A

O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 8.0ReaderReader_sl.exe"

O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

O4 - HKLM..Run: [WinampAgent] "C:Program Files (x86)Winampwinampa.exe"

O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [iSTray] "C:Program Files (x86)Spyware DoctorpctsTray.exe"

O4 - HKLM..RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... 0ItSkhGTkg"&"inst=NzctNDczNjY4NzU5LVQ1LVU4NSsxLUJBKzEtS1YzKzctWEwrMS1GUDkrNi1CQVI5TysxLV


O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe

O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe

O4 - HKCU..Run: [AROReminder] C:Program Files (x86)Advanced Registry OptimizerARO.exe -rem

O4 - HKCU..Run: [WMPNSCFG] C:Program Files (x86)Windows Media PlayerWMPNSCFG.exe

O4 - HKCU..RunOnce: [shockwave Updater] C:WindowsSysWOW64AdobeSHOCKW~1SWHELP~1.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; SU 3.21; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.gamehouse.com/realarcade-webgames/dinerdash/index.jsp?pread=0&pread=0&ractype=fullclient"

O4 - HKUSS-1-5-19..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUSS-1-5-20..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUSS-1-5-21-74969210-3070149010-3327508617-1006..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Fredene')

O4 - Startup: OpenOffice.org 2.4.lnk = C:Program Files (x86)OpenOffice.org 2.4programquickstart.exe

O4 - Startup: World Community Grid - BOINC Manager.lnk = C:Program Files (x86)BOINCboincmgr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000

O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~2MICROS~2Office12ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2Office12REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} (CPlayFirstDoggieDashControl Object) - http://www.gamehouse.com/realarcade-web ... ieDash.cab

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.gamehouse.com/realarcade-web ... uncher.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab

O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} (Invoke Solutions Participant Control(MR)) -

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:WindowsSysWOW64atashost.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program Files (x86)BonjourmDNSResponder.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:Windowssystem32DFSR.exe (file missing)

O23 - Service: GameConsoleService - WildTangent, Inc. - C:Program Files (x86)Gateway GamesGateway Game ConsoleGameConsoleService.exe

O23 - Service: iPod Service - Apple Inc. - C:Program Files (x86)iPodbiniPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:Program Files (x86)Spyware DoctorpctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:Program Files (x86)Spyware DoctorpctsSvc.exe

O23 - Service: @%SystemRoot%system32SLsvc.exe,-101 (slsvc) - Unknown owner - C:Windowssystem32SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: StumbleUponUpdateService - stumbleupon.com - C:Program Files (x86)StumbleUponStumbleUponUpdateService.exe

O23 - Service: ThreatFire - PC Tools - C:Program Files (x86)Spyware DoctorTFEngineTFService.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

O23 - Service: XAudioService - Unknown owner - C:Windowssystem32DRIVERSxaudio64.exe (file missing)


End of file - 9365 bytes

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post DDS.txt directly into your reply.

After you post the DDS log:

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.