Safe mode not working thanks to Thinkpoint

View previous topic View next topic Go down

Safe mode not working thanks to Thinkpoint

Post by pwsmith on Thu 18 Nov 2010, 3:13 am

All the instructions I have read tell me to use safe mode to fight the Thinkpoint virus. However, the virus has disabled all safe mode options, any safe mode option I pick loops me back to the safe mode list of options. I AM STUCK. Any advice here?

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Safe mode, ThinkPoint cont'd

Post by pwsmith on Thu 18 Nov 2010, 3:25 am

Let me make it clear...when I boot, the machine goes to the safe mode list of options and loops back there no matter which option I choose...I do not have access to a command line, internet, Task Manager, etc.

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Thu 18 Nov 2010, 10:48 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri 19 Nov 2010, 2:06 am

I know you like to post a boilerplate answer to all ThinkPoint inquiries. BUT, as my posts made clear things like downloading an exe to my desktop doesn't work when I am stuck on the safe mode options screen!!!!! Please read my posts again.

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri 19 Nov 2010, 11:53 am

If you are using Safe Mode, you'll need to use Safe Mode With Networking for internet access.

Please try this while in Safe Mode too.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try downloading OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri 26 Nov 2010, 6:46 am

I used OTLPE Standard REATOGO to scan and here is an excerpt from the OTL.Txt (the full file is too big for this append). I would appreciate any help.

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.80 Gb Total Space | 46.43 Gb Free Space | 64.66% Space Free | Partition Type: NTFS
Drive X: | 282.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\ustedpqz.sys -- (ustedpqz)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\peulbcyg.sys -- (peulbcyg)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\ovyenrnk.sys -- (ovyenrnk)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | System] -- C:\WINDOWS\System32\drivers\cgkqhjcp.sys -- (cgkqhjcp)
DRV - [2010/11/04 18:32:00 | 000,052,224 | ---- | M] () [Kernel | System] -- C:\WINDOWS\PRAGMAtvpqsbpxpb\PRAGMAd.sys -- (PRAGMAtvpqsbpxpb)
DRV - [2009/06/18 00:59:58 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2009/03/04 06:27:32 | 000,031,744 | ---- | M] () [Kernel | On_Demand] -- C:\Documents and Settings\Marcus\Local Settings\Temp\bDMusicb.sys -- (bDMusicb)
DRV - [2008/08/21 07:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/01/13 13:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/01/24 17:28:02 | 000,176,128 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/10/27 17:36:52 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/10/10 00:35:30 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)
DRV - [2004/10/09 04:51:08 | 000,503,507 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0080Dev.sys -- (V0080Dev)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\antithinkpoint_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Mandela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Mandela_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKU\Other_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{8FA3D377-EADF-4147-995F-3C5752AAA3DE}: C:\Documents and Settings\Marcus\Local Settings\Application Data\{8FA3D377-EADF-4147-995F-3C5752AAA3DE} [2010/10/22 18:41:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{341C3846-05CC-4624-9A56-31F98E1DF826}: C:\Documents and Settings\Other\Local Settings\Application Data\{341C3846-05CC-4624-9A56-31F98E1DF826} [2010/10/23 10:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{5271F506-02F6-488C-9C9C-EE7A11FBD895}: C:\Documents and Settings\Mandela\Local Settings\Application Data\{5271F506-02F6-488C-9C9C-EE7A11FBD895} [2010/10/20 20:11:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C50F3662-0462-40FD-9E17-8D495BB951C3}: C:\Documents and Settings\antithinkpoint\Local Settings\Application Data\{C50F3662-0462-40FD-9E17-8D495BB951C3} [2010/10/24 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}: C:\Documents and Settings\NetworkService\Local Settings\Application Data\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}\ [2010/11/04 19:06:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/08/21 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Mandela_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Marcus_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Other_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE ()
O4 - HKLM..\Run: [Fpakepa] C:\WINDOWS\efasazasazasa.DLL (Ask.com)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4 .exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
O4 - HKU\.DEFAULT..\Run: [dfrgsnapnt.exe] C:\WINDOWS\Temp\dfrgsnapnt.exe ()
O4 - HKU\.DEFAULT..\Run: [Iqepo] C:\WINDOWS\rfat50.DLL (ArcSoft Inc.)
O4 - HKU\Mandela_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\Marcus_ON_C..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXl/yA\Marcus\LOCALS~1\Temp\757160358.exe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\757160358.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlkc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\cmd.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlmc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\mdm.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlne] C:\DOCUME~1\Marcus\LOCALS~1\Temp\lsass.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlo_] C:\DOCUME~1\Marcus\LOCALS~1\Temp\tih74.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlora] C:\DOCUME~1\Marcus\LOCALS~1\Temp\iexplarer.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlotc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\hexdump.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlpe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\csrss.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlppf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\services.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlprc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\install.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlq+] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win32.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqb] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winamp.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\user.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqse] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winlogon.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqvc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\svchost.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqW] C:\DOCUME~1\Marcus\LOCALS~1\Temp\drweb.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlrf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\smss.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlsPc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\nvsvc32.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlud] C:\DOCUME~1\Marcus\LOCALS~1\Temp\system.exe File not found
O4 - HKU\Marcus_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\Other_ON_C..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20081031-1700\preload.exe ()
O4 - HKU\Other_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - HKU\Mandela_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\antithinkpoint_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Mandela_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} [You must be registered and logged in to see this link.] (Checkers Class)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} [You must be registered and logged in to see this link.] ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [You must be registered and logged in to see this link.] (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_18)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} [You must be registered and logged in to see this link.] (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - C:\Documents and Settings\NetworkService\Application Data\hotfix.exe ()
O20 - HKU\Mandela_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marcus_ON_C Winlogon: Shell - (C:\Documents and Settings\Marcus\Application Data\hotfix.exe) - C:\Documents and Settings\Marcus\Application Data\hotfix.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {B6BA40C1-A501-59BD-F413-03B03A2C8952} - dfskea98e4iagjiufhg87df87u - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\DESKTOPGB.gif
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/09 10:56:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/09 09:18:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\IECompatCache
[2010/11/09 08:25:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Mandela\IECompatCache
[2010/11/04 19:07:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Creative
[2010/11/04 19:06:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\SendTo
[2010/11/04 19:06:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{A64541B8-1C2D-48DE-9F65-5DF87872EC56}
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Pictures
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents\My Music
[2010/11/04 19:06:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\My Documents
[2010/11/04 19:06:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\NetworkService\Recent
[2010/11/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Start Menu
[2010/11/04 19:06:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Desktop
[2010/11/04 18:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAtvpqsbpxpb
[2010/11/04 18:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/11/01 19:36:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IECompatCache
[2010/11/01 19:36:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\PrivacIE
[3 C:\Documents and Settings\Mandela\My Documents\*.tmp files -> C:\Documents and Settings\Mandela\My Documents\*.tmp -> ]
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri 26 Nov 2010, 12:03 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKLM..\Run: [Fpakepa] C:\WINDOWS\efasazasazasa.DLL (Ask.com)
    O4 - HKU\.DEFAULT..\Run: [dfrgsnapnt.exe] C:\WINDOWS\Temp\dfrgsnapnt.exe ()
    O4 - HKU\.DEFAULT..\Run: [Iqepo] C:\WINDOWS\rfat50.DLL (ArcSoft Inc.)
    O4 - HKU\Marcus_ON_C..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXl/yA\Marcus\LOCALS~1\Temp\757160358.exe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\757160358.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlkc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\cmd.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlmc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\mdm.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlne] C:\DOCUME~1\Marcus\LOCALS~1\Temp\lsass.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlo_] C:\DOCUME~1\Marcus\LOCALS~1\Temp\tih74.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlora] C:\DOCUME~1\Marcus\LOCALS~1\Temp\iexplarer.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlotc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\hexdump.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlpe] C:\DOCUME~1\Marcus\LOCALS~1\Temp\csrss.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlppf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\services.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlprc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\install.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlq+] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win32.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqb] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winamp.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\win.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\user.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqse] C:\DOCUME~1\Marcus\LOCALS~1\Temp\winlogon.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqvc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\svchost.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlqW] C:\DOCUME~1\Marcus\LOCALS~1\Temp\drweb.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlrf] C:\DOCUME~1\Marcus\LOCALS~1\Temp\smss.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlsPc] C:\DOCUME~1\Marcus\LOCALS~1\Temp\nvsvc32.exe File not found
    O4 - HKU\Marcus_ON_C..\Run: [HNUgkHXlud] C:\DOCUME~1\Marcus\LOCALS~1\Temp\system.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O7 - HKU\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
    O7 - HKU\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
    O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\NetworkService\Application Data\hotfix.exe) - C:\Documents and Settings\NetworkService\Application Data\hotfix.exe ()
    O20 - HKU\Marcus_ON_C Winlogon: Shell - (C:\Documents and Settings\Marcus\Application Data\hotfix.exe) - C:\Documents and Settings\Marcus\Application Data\hotfix.exe File not found
    O22 - SharedTaskScheduler: {B6BA40C1-A501-59BD-F413-03B03A2C8952} - dfskea98e4iagjiufhg87df87u - Reg Error: Key error. File not found
    [2010/11/04 18:32:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\PRAGMAtvpqsbpxpb

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Fix log is where?

Post by pwsmith on Sun 28 Nov 2010, 6:29 am

Thanks. I ran the fix in OTLPE. However, NotePad with the fix log did not appear. Where could I find it?

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Sun 28 Nov 2010, 11:48 am

Is it on your Desktop? or in C:\ drive?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Wed 01 Dec 2010, 12:39 am

I get to OTLPE via a desktp on CD.

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Wed 01 Dec 2010, 11:17 am

Ah well, either way.
Can you boot your system normally now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri 03 Dec 2010, 2:07 am

No, I cannot boot normally. Nothing has changed. I was encouraged when I could get to a desktop via REATOGO-X-PE on CD. However, the log file you were looking for did not popup after running the fix and I do not know the name of the file or where to find it. Suggestions?

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri 03 Dec 2010, 2:30 am

Aha! When I run the fix a msg pops that says to reboot to complete the fix. If I do NOT reboot, the log pops up. Here are the contents:

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fpakepa not found.
File C:\WINDOWS\efasazasazasa.DLL not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\dfrgsnapnt.exe not found.
File C:\WINDOWS\Temp\dfrgsnapnt.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Iqepo not found.
File C:\WINDOWS\rfat50.DLL not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_USERS\Marcus_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry key HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry key HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System not found.
Registry key HKEY_USERS\Other_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\NetworkService\Application Data\hotfix.exe deleted successfully.
File C:\Documents and Settings\NetworkService\Application Data\hotfix.exe not found.
Registry value HKEY_USERS\Marcus_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Documents and Settings\Marcus\Application Data\hotfix.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{B6BA40C1-A501-59BD-F413-03B03A2C8952} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6BA40C1-A501-59BD-F413-03B03A2C8952}\ not found.
Folder C:\WINDOWS\PRAGMAtvpqsbpxpb\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
-> No Temporary Internet Files cache folder defined!

User: All Users
-> No Temporary Internet Files cache folder defined!

User: antithinkpoint
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: Mandela
-> No Temporary Internet Files cache folder defined!

User: Marcus
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

User: Other
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.43.0 log created on 12022010_102406

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Fri 10 Dec 2010, 2:02 am

Not able to help me?

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Fri 10 Dec 2010, 11:43 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by pwsmith on Sat 11 Dec 2010, 5:15 am

As the Thinkpoint virus left me without access to the internet I have to download to a memory stick on a healthy computer and try to run Combo-Fix.exe from the stick. Both downloads result in a "corrupt file" message when I try to run them off the stick on the infected machine.

pwsmith

Newbie Surfer
Newbie Surfer

Posts : 10
Joined : 2010-11-18
Operating System : Windows XP

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Belahzur on Sat 11 Dec 2010, 11:47 am

Hello.

Your computer has multiple infections, including a backdoor. A backdoor gives intruders complete control of your computer, logs your keystrokes, steal personal information, etc.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
Do NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its backdoor functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS).

To help you understand more, please take some time to read the following articles:

What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
When should I do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Safe mode not working thanks to Thinkpoint

Post by Sponsored content Today at 9:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum