Thinkpoint Virus!Need Help.

View previous topic View next topic Go down

Thinkpoint Virus!Need Help.

Post by MixedBoi on Thu 28 Oct 2010, 2:55 pm

i had followed some steps and got rid of thinkpoint and the viruses but then something happened and wouldnt let me get onto the internet. So i restored my computer and now i have the virus again.Help me get rid of it and keep my internet.im on a wifi connection btw.

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sneakyone on Fri 29 Oct 2010, 7:55 am

Hi,

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 10:28 am

OTL Extras logfile created on: 10/28/2010 6:57:49 PM - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\krisKrisys\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 34.14 Gb Free Space | 45.86% Space Free | Partition Type: NTFS

Computer Name: KRISKRISYS-PC | User Name: krisKrisys | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- C:\Users\krisKrisys\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{139D3AA1-B653-477B-9FF8-79CBBD471F77}" = Symantec AntiVirus Win64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Ask Toolbar_is1" = Ask Toolbar
"avast5" = avast! Internet Security
"ENTERPRISE" = Microsoft Office Enterprise 2007
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"LimeWire" = LimeWire 5.5.16
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/28/2010 4:01:02 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8175

Error - 10/28/2010 4:01:03 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/28/2010 4:01:03 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9173

Error - 10/28/2010 4:01:03 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9173

Error - 10/28/2010 4:01:04 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 10/28/2010 4:01:04 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10171

Error - 10/28/2010 4:01:04 AM | Computer Name = krisKrisys-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10171

Error - 10/28/2010 6:49:07 PM | Computer Name = krisKrisys-PC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!W32.SillyFDC in File: c:\users\kriskrisys\appdata\roaming\microsoft\windows\shell.exe
by: Startup scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 10/28/2010 6:49:08 PM | Computer Name = krisKrisys-PC | Source = Symantec AntiVirus | ID = 16711685
Description = in File: c:\users\kriskrisys\appdata\roaming\microsoft\windows\shell.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. in File: c:\users\kriskrisys\appdata\roaming\microsoft\svchost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. in File: c:\users\kriskrisys\appdata\local\temp\dwm.exe by:
Startup scan. Action: Leave Alone succeeded. Action Description: The file was
left unchanged. in File: c:\users\kriskrisys\appdata\roaming\microsoft\windows\shell.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. in File: c:\users\kriskrisys\appdata\roaming\microsoft\svchost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. in File: c:\users\kriskrisys\appdata\local\temp\dwm.exe by:
Startup scan. Action: Leave Alone succeeded. Action Description: The file was
left unchanged.

Error - 10/28/2010 6:49:09 PM | Computer Name = krisKrisys-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!W32.SillyFDC in File: c:\users\kriskrisys\appdata\roaming\microsoft\windows\shell.exe
by: Startup scan. Action: Terminate Process Required. Action Description:

[ System Events ]
Error - 10/26/2010 6:16:06 PM | Computer Name = krisKrisys-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 40. The internal error state
is 107.

Error - 10/27/2010 12:30:33 AM | Computer Name = krisKrisys-PC | Source = DCOM | ID = 10016
Description =

Error - 10/27/2010 12:30:33 AM | Computer Name = krisKrisys-PC | Source = DCOM | ID = 10016
Description =

Error - 10/27/2010 3:01:45 AM | Computer Name = krisKrisys-PC | Source = DCOM | ID = 10010
Description =

Error - 10/27/2010 3:01:50 AM | Computer Name = krisKrisys-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80080005: Update for Windows 7 for x64-based Systems (KB2388210).

Error - 10/27/2010 4:40:42 PM | Computer Name = krisKrisys-PC | Source = BROWSER | ID = 8032
Description =

Error - 10/27/2010 7:12:39 PM | Computer Name = krisKrisys-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec AntiVirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 10000 milliseconds:
Restart the service.

Error - 10/27/2010 7:47:06 PM | Computer Name = krisKrisys-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 10/27/2010 7:47:06 PM | Computer Name = krisKrisys-PC | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 10/27/2010 8:20:21 PM | Computer Name = krisKrisys-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 10:45 am

=

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sneakyone on Fri 29 Oct 2010, 1:23 pm

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    PRC - [2010/10/26 21:15:41 | 000,552,448 | ---- | M] () -- C:\Users\krisKrisys\AppData\Local\Temp\167659594.exe
    PRC - [2010/10/26 18:06:24 | 000,140,288 | ---- | M] () -- C:\Users\krisKrisys\AppData\Local\Temp\dwm.exe
    PRC - [2010/10/26 18:06:12 | 000,128,512 | ---- | M] () -- C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe
    PRC - [2010/10/26 18:06:01 | 000,115,200 | ---- | M] () -- C:\Users\krisKrisys\AppData\Roaming\Microsoft\svchost.exe
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    O4 - HKCU..\Run: [167659594] C:\Users\KRISKR~1\AppData\Local\Temp\167659594.exe ()
    O4 - HKCU..\Run: [svchost] C:\Users\krisKrisys\AppData\Roaming\Microsoft\svchost.exe ()
    O4 - HKCU..\Run: [upd32.exe] C:\Users\KRISKR~1\AppData\Local\Temp\upd32.exe File not found
    F3:64bit: - HKCU WinNT: Load - (C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe) - C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe ()
    F3 - HKCU WinNT: Load - (C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe) - C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe ()
    [2010/10/27 17:05:08 | 000,000,006 | ---- | M] () -- C:\Users\krisKrisys\AppData\Roaming\start
    [2010/10/27 16:50:58 | 000,000,006 | ---- | M] () -- C:\Users\krisKrisys\AppData\Roaming\completescan
    [2010/10/27 16:46:35 | 000,000,010 | ---- | M] () -- C:\Users\krisKrisys\AppData\Roaming\install

    :files
    C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe

    :commands
    [emptytemp]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

===========

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 2:22 pm

All processes killed
========== OTL ==========
No active process named 167659594.exe was found!
No active process named dwm.exe was found!
No active process named shell.exe was found!
No active process named svchost.exe was found!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\167659594 deleted successfully.
C:\Users\KRISKR~1\AppData\Local\Temp\167659594.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.
C:\Users\krisKrisys\AppData\Roaming\Microsoft\svchost.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\upd32.exe deleted successfully.
C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe moved successfully.
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe deleted successfully.
File C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\KRISKR~1\AppData\Local\Temp\dwm.exe deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully.
C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe moved successfully.
C:\Users\krisKrisys\AppData\Roaming\start moved successfully.
C:\Users\krisKrisys\AppData\Roaming\completescan moved successfully.
C:\Users\krisKrisys\AppData\Roaming\install moved successfully.
========== FILES ==========
File\Folder C:\Users\krisKrisys\AppData\Roaming\Microsoft\Windows\shell.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 136 bytes
->Temporary Internet Files folder emptied: 52388 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: krisKrisys
->Temp folder emptied: 1954428251 bytes
->Temporary Internet Files folder emptied: 78165929 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 856432 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1396 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4396 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,939.00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10282010_231356

Files\Folders moved on Reboot...
C:\Users\krisKrisys\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF1C9B216E71EA8156.TMP not found!
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF5162A3E6906082E2.TMP not found!
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF5430177EC9F79BBE.TMP not found!
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF5C954A1C0CB9912C.TMP not found!
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF76666C515CAA3FE2.TMP not found!
File\Folder C:\Users\krisKrisys\AppData\Local\Temp\~DF805542C33509450F.TMP not found!
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZW1JJY0Q\ai[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZW1JJY0Q\history_manager[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZW1JJY0Q\morestories[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZW1JJY0Q\thinkpoint-virusneed-help-t24450[5].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8K3GZ3W\AssessmentLanding[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C8K3GZ3W\KeepAlive[10].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XG6LJ2V\01[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XG6LJ2V\ddc[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5XG6LJ2V\facebook_com[1].htm moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0ZIIF3LD\redirectiframe[1].html moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\krisKrisys\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 2:33 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4982

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/28/2010 11:32:49 PM
mbam-log-2010-10-28 (23-32-49).txt

Scan type: Quick scan
Objects scanned: 151593
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\krisKrisys\Desktop\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 2:39 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4982

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/28/2010 11:32:49 PM
mbam-log-2010-10-28 (23-32-49).txt

Scan type: Quick scan
Objects scanned: 151593
Time elapsed: 5 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\krisKrisys\Desktop\mstsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sneakyone on Fri 29 Oct 2010, 2:51 pm

Hi,

Please run a free online scan with ESET Online Scanner by downloading it from 'here' and save it to your Desktop.

  • Please ensure that you're logged into an Administrator account before running the scanner. The ESET Online Scanner will not work if you're on a limited account.
  • Double-click esetsmartinstaller_enu.exe to execute the program.
  • Check the box next to 'YES, I accept the Terms of Use'. Press 'Start'.
  • If this is your first time installing the scanner, allow the ActiveX Control to install.
  • Database download may take some time.
  • On the next page, ensure the box next to 'Remove found threads' has been checked. Also ensure that the box next to 'Scan unwanted applications' is checked. Proceed by clicking on 'Start'.
    • The ESET Online Scanner will update the Virus Signature Database and begin the scan.
    • Please allow it to complete successfully and ensure that any current downloads are stopped.

  • Once the scan's completed, please open 'Notepad' by navigating to 'Start', then 'Run', and type in 'Notepad'. Open the file located at 'C:\Program Files\ESET\ESET Online Scanner\log.txt'.
  • Please Copy & Paste this log into your next reply.
  • Press 'Finish'.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Fri 29 Oct 2010, 5:12 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f2e3af1aaf652e41a2e4ada22fbb716b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 04:51:37
# local_time=2010-10-29 12:51:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 39869141 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95724
# found=0
# cleaned=0
# scan_time=2206
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=f2e3af1aaf652e41a2e4ada22fbb716b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-29 05:56:28
# local_time=2010-10-29 01:56:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 39872865 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=96513
# found=0
# cleaned=0
# scan_time=2373

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sneakyone on Sat 30 Oct 2010, 3:45 am

Hi,

How is your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by MixedBoi on Sat 30 Oct 2010, 11:30 am

its runnin great thank u very much!!

MixedBoi

Newbie Surfer
Newbie Surfer

Posts : 8
Joined : 2010-10-28
Operating System : Windows 7

View user profile

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sneakyone on Sun 31 Oct 2010, 2:34 am

Hi,

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: [You must be registered and logged in to see this link.]

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

=====

Let me know how the updates went. This is important, because any issues in updating may be a sign of more malware on your computer or system errors that are interfering.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Thinkpoint Virus!Need Help.

Post by Sponsored content Today at 11:14 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum