WiredWX Hobby Weather ToolsLog in

 


can't open Internet Explorer after removing Thinkpoint

4 posters

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 Emptycommy.exe results

more_horiz
Thanks, commy.exe was able to run:

ComboFix 10-11-15.05 - Laurie 11/18/2010 16:40:16.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1049 [GMT -5:00]
Running from: F:\Commy.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Laurie\AppData\Roaming\Microsoft\stor.cfg
c:\windows\ST6UNST.000
c:\windows\system32\Ijl11.dll
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-10-18 to 2010-11-18 )))))))))))))))))))))))))))))))
.

2010-11-18 21:57 . 2010-11-18 21:57 -------- d-----w- c:\users\Laurie\AppData\Local\temp
2010-11-18 21:57 . 2010-11-18 21:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-10 19:57 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-05 07:27 . 2010-11-05 07:27 -------- d-----w- c:\program files\Windows Portable Devices
2010-11-05 07:06 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-11-05 07:06 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-11-05 07:06 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-11-05 07:04 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2010-11-05 07:03 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-11-05 07:03 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-11-05 07:03 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-11-04 11:52 . 2010-11-04 11:52 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-03 20:58 . 2010-11-03 20:59 -------- d-----w- c:\windows\system32\ca-ES
2010-11-03 20:58 . 2010-11-03 20:59 -------- d-----w- c:\windows\system32\eu-ES
2010-11-03 20:58 . 2010-11-03 20:59 -------- d-----w- c:\windows\system32\vi-VN
2010-11-03 19:56 . 2010-11-03 19:56 -------- d-----w- c:\windows\system32\EventProviders
2010-11-03 18:16 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-03 18:16 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-03 18:16 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-03 18:16 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-03 18:16 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-01 22:12 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-11-01 22:12 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-01 22:11 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-11-01 22:11 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-11-01 22:11 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-11-01 22:11 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-11-01 22:11 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-11-01 22:10 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-11-01 22:10 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-11-01 22:10 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-11-01 22:08 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-11-01 22:08 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-11-01 22:08 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-11-01 22:07 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-11-01 22:07 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-11-01 22:07 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-11-01 22:07 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-01 22:01 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-11-01 21:01 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-11-01 21:01 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-11-01 21:00 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-11-01 20:59 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-11-01 20:59 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-11-01 20:59 . 2010-06-17 18:08 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-11-01 20:59 . 2010-06-17 16:16 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2010-11-01 20:58 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-11-01 20:58 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-11-01 20:58 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-11-01 20:57 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-11-01 20:53 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-11-01 20:53 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-11-01 20:52 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-11-01 20:50 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-11-01 20:49 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-01 20:49 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-31 13:59 . 2010-10-31 13:59 -------- d--h--w- c:\programdata\Common Files
2010-10-31 13:58 . 2010-11-01 20:25 -------- d-----w- c:\programdata\AVG Security Toolbar(28)
2010-10-31 13:55 . 2010-11-18 20:59 -------- d-----w- c:\programdata\AVG10
2010-10-31 11:56 . 2010-10-31 12:08 -------- d-----w- c:\programdata\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-03 10:21 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 01:37 . 2008-04-17 21:52 286720 ------w- c:\windows\Setup1.exe
2010-08-26 16:33 . 2010-11-01 22:08 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-11-01 22:08 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 16:33 . 2010-11-01 22:08 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-11-01 22:08 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-10 417792]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-03 1045800]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"NDSTray.exe"="NDSTray.exe" [BU]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2006-11-01 413696]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-01-19 421888]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"PINGER"="c:\toshiba\IVP\ISM\pinger.exe" [2006-07-20 151552]
"DLBTCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-12 73728]
"dlbtmon.exe"="c:\program files\Dell Photo AIO Printer 922\dlbtmon.exe" [2007-02-28 431600]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-03 293168]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-26 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-08 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-09-09 1553920]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2007-5-3 130864]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 20:33 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
R3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\DRIVERS\PTDCWWAN.sys [2007-05-01 58240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 NEOFLTR_630_14715;Juniper Networks TDI Filter Driver (NEOFLTR_630_14715);c:\windows\system32\Drivers\NEOFLTR_630_14715.SYS [2009-09-23 64480]
S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-05 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2010-06-28 20:57]

2010-11-17 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-11-17 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

2010-10-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: navy.mil\webmail.east.nmci
Trusted Zone: osd.mil\dtsproweb.defensetravel
Trusted Zone: turbotax.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - hxxps://portal.connectra.bah.com/SNX/CSHELL/extender.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.bah.com/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-TPwrMain - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\QuickCam10\QuickCam10.exe
AddRemove-Cayman 3000 series USB Network - c:\program files\Netopia\Cayman 3000 series USB Network\CnxUnist.exe -w7 Netopia\Cayman 3000 series USB Network



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-18 16:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i???????['C~????\?8?\?p?\???\???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-18 17:15:50
ComboFix-quarantined-files.txt 2010-11-18 22:15

Pre-Run: 42,665,795,584 bytes free
Post-Run: 42,402,762,752 bytes free

- - End Of File - - 1810225477064B4D1AB8D06F4071A0E5

Do I need to run OTL next?

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Hi,

can't open Internet Explorer after removing Thinkpoint - Page 2 Bf_new Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Hi! Here are the results from malwarebytes, no infections. but I still can't access Internet Explorer. what would you suggest next?

Thank you!

11/19/2010 4:21:24 PM
mbam-log-2010-11-19 (16-21-24).txt

Scan type: Quick scan
Objects scanned: 151792
Time elapsed: 11 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
I'm back on the internet!!! Bravo!! Thank you so very much.

Now, what anti-virus would you recommend? I had the free AVG 9.0 which apparently ThinkPoint can get through.

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Hi,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyESET results

more_horiz
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=117f2cb53e5b7946bd10570d3a1f48e5
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-22 12:53:24
# local_time=2010-11-21 07:53:24 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1029 16777214 0 1 181451 181451 0 0
# compatibility_mode=5892 16776573 100 100 0 126985847 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=183083
# found=6
# cleaned=6
# scan_time=8886
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp1.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Spybot - Search & Destroy\Recovery\CoolWWWSearchOleHelp3.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Laurie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\65891f0d-262d755f multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Laurie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\73769d5f-69703d2c multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Laurie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\46f5156a-238c7c33 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Laurie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\2371d6c6-30057b15 multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Hi,

How is your computer running now?

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Perfectly. What anti-virus software would you recommend?

You are the best!!!

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Hi,

Sorry for the delay, Thanksgiving week is crazy.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE.


You now have a clean restore point.

To get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do a calculation of temporary/old files, and then display a dialogue box.
  • Select the More Options Tab.
  • At the bottom will be a System Restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done.


========

Removing the tools

Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


============

Service Pack upgrade

Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

============

Update Programs

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===============

Staying Protected

If you don't have a Anti-Virus I recommend to download these free Anti-Virus programs:
1. Avast!
2. Avira
3. Microsoft Security Essentials

If you don't have a good firewall I recommend these free firewalls:
1. Comodo Firewall
2. Tallemu Online Armor

I recommend using MalwareBytes Anti-Malware for a anti-malware program.

If you don't have a anti-spyware I recommend to download these free programs to help keep you spyware free:
1. SpywareBlaster
2. Spybot - Search & Destroy

Please don't download more than one Anti-virus, firewall, or anti-spyware because they will conflict with each other making your computer slow, data loss, and false results so please just don't do it.

================

Here are some prevention tips:

1. Torrents are a conduit of malware; this is why we highly recommend not using them as chances are extremely high that you will be infected from them.

2. Cracks/warez/keygens are another conduit of malware and are illegal so don't use them.

3. Disable auto-run to prevent auto-run worms from infecting your machine through USB drives.XP or Vista/7

4. Always make sure you have the latest Windows update.

5. Use a Site Advisor so you don't go to sites that will infect you. Web-of-Trust or Mcafee Siteadvisor

6. Also there are many holes and flaws in Internet Explorer I recommend using Firefox or Google Chrome to keep you more safe.

7. Always keep your Java and Adobe Reader updated and all older versions removed to keep clear from exploits.

8. Don't fall for Scareware. What is Scareware? A rogue anti-virus on your system that will scare you into buying their fake software due to false detections.

9. Be sure to always have a firewall and anti-virus installed at all times.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information on keeping yourself safe please visit Here

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
none of this works for me at all i tried malwarebytes it removed thinkpoint still cant acces the internet and eset doesnt work it does not let install active x controls

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
Please start a new thread of your own in the malware forum and I will be glad to help you. I will lock this thread.

descriptioncan't open Internet Explorer after removing Thinkpoint - Page 2 EmptyRe: can't open Internet Explorer after removing Thinkpoint

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum