While browsing Bulbapedia, I noticed my internet becoming increasingly unfriendly, in a word, (ie, having to reload pages, slow loading). Then a notice, not unlike my antivirus, popped up in the corner of my screen. My attention was focussed elsewhere, so I agreed to have my antivirus (Trend Micro) perform a scan for a trojan it detected. Then, Thinkpoint, ostensibly an antivirus program uploaded itself to my computer and restarted the system. Now, whenever I turn on the computer, it performs a "scan" and refuses to let me access anything else at all without installing an advanced system to deal with it's found "threats".

Now, how do I get rid of this thinkpoint, or at least, manually bring the computer to it's last restore point?

Backup + Reformat is a garunteed solution to your problem.

Otherwise, you can try going into regedit and looking for the registry key that launches the program. Writedown what the filepath is, then rename the key to something like ThinkPoint.old. By changing the name of the key, you are making it unable to be referenced, thereby turning it off. Just do a Ctrl + F search of your regiestry for the guilty party and kaibosh it. I'd recommend against flat out deleting anything from your registry, as this could potentially do serious damage to your computer, but renaming things makes it fairly simple to restore them simply by renaming them back.

If you need some inspiration, hit Ctrl + Alt + Delete and check out what processes are running. Google the .exe processes running to figure out what they do. When you come across one that google says is associated with ThinkPoint, write down what the process is. Go into regedit and do the same as above, then go into msconfig and go to the startup tab and uncheck any .exe files that share that name.

* Do note that messing with your registry is potentially VERY dangerous. If you screw something up, you might have to reformat anyway. Make sure you have your windows install discs handy before you go messing with anything like that. Keld Denar is not responsible for any semi-permanent damage that may occur as a result of this advise.

I can't do that, I am unable to access anything on the computer at all. Unless there's a secret code I can type in, or a hidden switch somewhere, I'm stumped.

Why can't you? Are you not admin? Just go into Start > Run and type regedit and see what happens. Let me know what errors you get.

If you really installed something that is really tenacious to get off, you won't be able to just uninstall it. You have to do some serious digging, or just cleanslate reformat. There really aren't a whole lot of other options.

If its because it won't boot due to the program, try booting in safe mode. While the machine is booting, mash the F8 key repeatedly until you get to the boot screen. Select "Boot in safe mode" and continue. Most programs won't launch in safemode, so you'll be ThinkPoint free while you fix the bugs.

Okay, so for a relative computer novice, what would be the safest course of action after gaining access to the computer?

Reformat always works
EDIT:http://www.2-spyware.com/remove-thinkpoint.html

Okay, what is it, and how do I do it?

Do you have the OS disk for your PC?

I don't want to completely restart if I can avoid it. Though it's backed up on disks, we have a lot of photos stored and organized. And I have my itunes library, which I don't know if it is stored online.

Yea...reformatting is pretty easy. Copy any files like documents or music to a flash drive or other extenal location. Then pop in the windows install disc and restart the computer. When it boots, it'll go straight into OS installation mode. Do a full reformat and you'll be 90% home. The other 10% is googling around for drivers for your video card, sound card, and periferals like special keyboards or printers or such. Oh, and then getting everything configured right, like reinstalling games and other programs like Winzip and Winamp and whatnot.

I'd consider that a last resort. Did you have any luck getting into the registry? Its pretty simple to get into. Just open the command prompt (Start button + run) and type regedit.

EDIT: If you don't have a flash drive, go out and buy one. You can get a 4gig flash drive for about $5-10. They are infinitely useful.

I'm away from the infected computer at the moment, I'm looking for a plan of attack right now.

I second the safe mode startup option.

Personally, I've always had issues starting in safe mode. I found an alternate way (which I'm sure is a bad idea, but whatever) of accessing that feature when the key-mashing won't cut it. You wait until Windows says it's loading, then you force-shut-down the computer (I.E. keeping the power button pressed on a laptop/ disconnecting a desktop). Windows will register that it tried to start up but failed. It will then automatically give you the boot options next time you start up, no button-mashing required.

Once you're there, check if, by some miracle, the program is in the uninstall options. If not... well... a manual check with regedit (generally by looking for the program name and the filename) and what Keld Denar said should help.

There's also getting into the start menu and typing "msconfig" in the run option (or search if you have Vista/7). That will load the utility that lets you edit the windows startup items. In the startup tab, check if the rogue program is there and disable it.

Then I also recommend HijackThis. It's a program that lets you see the startup items in the registry (in my experience more than msconfig lets you see). You can see if you can find the filepath and name of the virus and delete it from there.

ALSO! It's important that you disable the recovery options on the disk. Otherwise, a virus will LOOOOOVE re-installing itself. Find the "My Computer" icon, click on properties. System Restore is what you want to disable. Disable it, delete the virus, restart. Once the computer is free, enable it again.

I hope that helps..

I was hit by this thing a few weeks ago. Nasty bugger of a virus.

It pretty much ate the startup programs so I couldn't even fully turn the computer on. That and everything was considered 'corrupted' when I tried to run anything. And I mean ANYTHING.

But yes, I'm going to add to the consensus that Reformatting is your friend here.