Explore topic-wise InterviewSolutions in .

Good Morning,

Can you install more than one firewall in an OS?

If so, can you give me an example of what firewalls are being used?

Just a curious question....You can, but it's generally not advisable to do so.One AV program and one firewall one a computer. More than that and you will have problems.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to USE only one firewall at the same time.HOW DOES ONE REMOVE THE WINDOWS FIREWALL?Quote from: oleger on August 13, 2010, 08:26:55 PM

HOW DOES ONE REMOVE THE WINDOWS FIREWALL?

One AV program and one firewall one a computer. More than that and you will have problems.

Hello There!

All those of you who have put the safe bet on Trend Micro to shield your machines against the known & unknown threats would be disappointed to read the following story::

Check out:::

Infected link removed. How IRONIC that clicking on that link makes avast pop-up telling me a trojan was found on that page.

Quote from: Saurabhdua on August 16, 2010, 06:44:20 AM

All those of you who have put the safe bet on Trend Micro to shield your machines against the known & unknown threats would be disappointed to read the following story::

How ironic that clicking on that link makes avast pop-up telling me a trojan was found on that page.

It's not coming up anymore. Must have been an ad or something. Unusually though, I get the "Additional addons are required..." message and there is some kind of Java applet on the page also. I can't find it.

Hey Guys!


Trend Micro disappointed Indian Ministry of Home affairs.

hjt says i have no anti-virus but i have m s essentials


Logfile of Trend Micro HIJACKTHIS v2.0.4
Scan saved at 22:05:16, on 15/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
E:\Program Files\WhatPulse\WhatPulse.exe
C:\[emailprotected]\[emailprotected]\[emailprotected]
C:\[emailprotected]\[emailprotected]\FahCore_b4.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\psi.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\harry\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SEARCH Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WhatPulse] E:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: [emailprotected] - Shortcut.lnk = C:\[emailprotected]\[emailprotected]\[emailprotected]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file MISSING)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 8603 bytes


[recovering disk space - old attachment deleted by admin]Harry. Your HJT log looks good except that it's running from the wrong place. It should be in Program Files. What problems are you having?i found hjt in downloads , i had prolems getting it to run and i found that i had to run it as administrator , so i ran a scan and seen all at the bottom

( files missing ) and thought it was a problem , so they must be ok then to leave in , will i drag it into programs , harryHijackThis will show a lot of (file missing) entries on 64 bit machines because the 64 bit OS stores files in different locations to 32 bit.Quote from: kpac on August 17, 2010, 12:29:09 PM

HijackThis will show a lot of (file missing) entries on 64 bit machines because the 64 bit OS stores files in different locations to 32 bit.

Note for 64-bit system users: Anti-malware scanners and some specialized fix tools have problems enumerating the drivers and services on 64-bit machines so they do not always work properly. Microsoft created a new folder (C:\Windows\SysWOW64) that contains all the 32-bit .dll files required for compatibility which run on top of the 64-bit version of Windows. WOW64 is the x86 emulator that allows 32-bit Windows-based applications to run on 64-bit Windows but x86 applications are re-directed to the x86 \syswow64 when seeking the x64 \system32. For a more detailed explanation, please refer to Making the Move to x64: File System Redirection and WOW64 Implementation Details. Since this is the case, be aware that most of the tools we use for malware removal are designed for 32-bit systems and do not work or can give misleading results on 64-bit machines. For instance, running HijackThis on a 64-bit machine may show log entries which indicate indicate (file missing) when that is NOT always the case. As such, any assistance we can offer is limited at this time and there is no guarantee all types of infections can be completely removed.

Hi,

I have Vista and I got the virus when I went to the MLB.com website, at least that's whenmy computer when carzy. I got the blue screen of death 2 times , once almost immediately and then a second time whe I restarted the computer, not knowing what I had yet. I got the basci security suite main screen telling me I had tons of virues, which i figured out fairly quickly it was a scam virus. I went to Bleeping computer and several other forums and site in safe mode and on my laptop, to get some answers.

Everyone says that you need to go into the Internet options and turn on the proxy settings, but with me it's the opposite. My proxy settings were checked and when checked I cannot access the Internet. when I uncheck them I can get online no problem.

Also, in Safe mode, I am still getting redirected to other sites (which I somehow got a couple of weeks ago and can't seem to get rid of), but also when I first signed on in safe mode I opened up the help for IE8. Now whenever I do anything in safe mode, like open IE, or even trying to open RKill.com, the window for that exact hlep pops up, every time. I cannot run rkill as it closes and reports after 1 second. On the bleeping computer site they say to keep clicking until it cathes, but I have clicked it over 200 times and nothing will stay open to run. I have run malware in safde mode, and hijack this, trojen removal, AVG, and DONE everything I can from every forum I can find.

My problenm doesn't seem to match up with everyone elses. I would appreciate any help I can get here.

I have a working knowledge of computers, so I can do whatever I am told to do, I just don't know what to delete unless I am told to now.

Thanks for any help
BillScratch this question......I actually had read a forum wrong and I didn't have a different problem, especially with the proxy button in the LAN settings under connection in internet options. Not a big deal, but wanted to clear that up.

I actually got rid of the Security suite virus by following the soft sailor directions and doing a few other things I saw on this forum, deleting some things from the registry like Tkbell and the proxy with 127.0.0.1=xxxx it was not the exact NUMBER most forums list in the xxxx area, but I knew it was bad. I googled every odd looking registry entry from hijack this and found good quality answers for each entry. Deleting the bad ones worked for me.

This was much easier than I expected when combining information from this site and bleeping computer and soft sailor. All these guy and gals are great for what they post to help, I thank them all

I managed to do this a strange way but it worked and my system is holding NICELY now. I think I cleaned everything on my computer, but in the end it was worth it, good luck to allok and good luck , but be careful what you delete

First, I said Java was enabled. I do not know about JAVASCRIPT or how to find out.

When I pinged the address you gave me, it was very hard to read the results. After about 4 pings, I was able to make out 4 replies, I think. There was a lot of copy that followed, but it STAYED up for only a microsecond before closing.

Sorry I'm so dumb on this.
GQuote from: oleger on August 14, 2010, 01:34:34 PM

First, I said Java was enabled. I do not know about Javascript or how to find out.

Awesome - thanks again. I will post the hijack log in a couple of hours.Ok - I have been unable to get either of the scans to complete. Both just pause, the timer continues to count down, but the scanning stops.

Also - the Super Anti Spyware does not start when windows starts; it is set to, but it does not.

And - Windows in non-safe mode will not boot, it just re-boots. This seemed to start after Super Anti spyware was installed.

Any suggestions?Please uninstall SAS and see if will reboot normally. Please run MBAM either in safe mode.I was trying to run both of the scans in safe mode.

Now - when I try to boot in non-safe mode, Windows says that the OS needs to be authenticated.

Also - I can only run MBAM one time - if I try to run a second time I get two VBS errors and it stops running. I have to uninstall and then re-install in order to get it to run the scan again.

Nasty piece of work whatever this is. Please try this even though your XP CD is at home. If it finds a bad file it will ask for the CD. At least we'll narrow it down.

•Click on Start > Run and type sfc /SCANNOW then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue PROGRESS bar goes away
SFC - Which stands for System File Checker, retrieves the CORRECT version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.Hello Dave,

In the interim I downloaded xp via the technet subscription. The file is an iso - do you happen to know off hand how I can get this to usb? Thanks.Quote

do you happen to know off hand how I can get this to usb? Thanks.

• Place a blank CD-R disc in to your CD burning drive.
• Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  
• Reboot your system using the boot CD you just created.

• Your system should now display a REATOGO-X-PE desktop.
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
• Change Drivers to Non-Microsoft
  
• Press Run Scan to start the scan.
  
• When finished, the file will be saved in drive C:\_OTL\MovedFiles
  
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.
  

my laptop has been INFECTED with malware before. All kinds of fake antivirus alerts POPUP and whenever I try to run malwarebytes the infamous "application cannot be executed" box pops up. I have been able to remove it before by running malwarebytes in safemode but I ran a full scan twice in safe mode last NIGHT and nothing came up, so I have no idea what to do. Any HELP is appreciated.anyone? give this link a read.

Hi I have never heard of Security SUITE before but now when I try and run Malware bytes it pops up, and it ALSO says MBAM is infected and can not run.
I have never had a problem with malware bytes before please help me, I am sure I have a virus but I can't use my MBAM or Super Anti SPYWARE...

PLEASE HELP MEtry booting to safe mode and then reattempt your malwarebtes and super antispyware scans. Hopefully they get thru this time so you can post your logs for a malware specialist to look at.Well I have TRIED running Malwarebytes in safe mode and also spyware cease.... it gets to a certain point and then turns off the laptop.
Please help I am freaking out!!!P.S out of 13000 items scanned malwarebytes is saying I have 131 infected files Alright it seems to not be turning off this time.
I am still running Malwarebytes and it has detected 160 infected files... It has scanned 28000 now.
I will post the log if it finishes succesfully.
Thanks in advance everyone

I uses internet daily for my online business.But i had faced many TIME viruses witch disturb my computer and also my business.Can any body tell me some good anti virus? If you do a search on this site you'll find dozens of threads asking the same question. I'm sure some of those will provide the answers you are looking for.
Or wait a few DAYS, this question gets asked once a week. We COULD provide a list a page long, but the answer will always come down to personal preference.

Try GOOGLING the questionQuote from: businessman1927 on August 19, 2010, 05:18:15 AM

witch disturb my computer

Thanks, Dave.
I'm afraid I've got a problem with the Secunia Software Inspector. It says a software requirement is SunJava JRE 6.21 and won't run without it, but after downloading that from Java.com and trying to install it, a box came up with "Error 1721. There is a problem with this Windows Installer package. A program required for this install to complete could not be run." I gave it a break and tried again with the same result.
After that, the computer froze for a while and when I tried to close down and disconnect, it wouldn't. I tried to turn off from Start and after several TRIES the 'Do you want to turn off... you will lose everything not SAVED' message came up. When I pressed yes, the logging off screen came up about 1/8" normal size - but at least it shut down. Quote

but at least it shut down.

I'm afraid I've got a problem with the Secunia Software Inspector.

My wife has had some one use her email to spam her entire address book. It seems like they used her web based email to do this, but I am not sure. I have Norton Internet Security 2010 and it did not find ANYTHING during its full SYSTEM scan. I also scanned with Malware bytes, and SuperAntiSpyware free edition using the preferences mention in this FORUM. All these programs uncovered were tracking cookies. Should I be worried about my Windows Live email client or is this a web based email issue. What measures should I take to ensure this doesn't happen again.a FRIEND had the same problem i did all the scans for her and i was told all you can do is change the e-mail NAME

e.g + another to a.n.other

here you go.

[recovering disk space - old attachment deleted by admin]As near as I can tell from the limited number of tools your computer will allow me to use your computer is clean. Are you still having problems?

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp BUTTON.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

I just registered my avast antivirus protection, and the first thing it said to do was remove symantec antivirus from my computer because it is corrupted. after searching the internet and numerous attempts at differnt soulutions i am STILL stuck. please help.
Try this

http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_USI already have. when i tried to remove it with that program it said that i had to use add/remove, which i have tried also. i don't have a password and i have already tried symantec as the defalt password. this symantec antivirus program has a VIRUS in it and it keeps loading bogus antispy and malware programs onto my computer.Please try this to see if HJT can see it and remove it.

Please download: HiJackThis to your Desktop.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will INSTALL to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press ENTER (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.I put in the CD, but I didn't get the option to click start. Immediately it ran the CD and went to the Windows setup.
The options are: Setup Windows XP now, repair using recovery console, or quit setup.

I'll leave this screen alone until prompted any further.Use the Recovery Console. You won't loose any data.Everything works great now! Thanks SuperDave, you were a tremendous help.What programs would you recommend I get so the same thing doesn't happen again? If your computer is booting in Normal Mode please do as instructed in Reply # 13

Quote

What programs would you recommend I get so the same thing doesn't happen again?

Hello,

My desktop computer was hit with a virus of some sort that blows pop ups left and right saying "the file (insertname).exe is infected would you like to activate your anti virus? "

They are blocking everything so I cannot open the web, any software or task manager. I have researched and tried to see if I can do anything but everything I have found has stated that I need to download this or that and I cannot open anything on that PC (on laptop now)

The PC is a

eMachine
model: et1161-07
os: Vista 32 bit
Processor : amd athelon dual core 4050e 2.10 ghz
Ram : 3g
Memory : 300g

What can I do?What are your current Antivirus? Antispyware? Firewall? Read this before requesting malware removal helpHello and welcome to Computer HOPE Forum. My name is Dave. Sorry for being so late. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or SCANS while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and TRANSFER any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Please go into Safe Mode and run MBAM. Then reboot into Normal mode and run the other scans, if you can.
Here's how to get into Safe Mode.

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be PROMPTED to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the ENTIRE report in your next reply.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

Hy guys..
Sorry if I'm posting in the wrong place but I don't have much time..
My pc just goes intro sleep mode and I can't get it back on...
Or it crashes, meaning the image TURNS the color of the taskbar (the hole desktop image) and I can't do nothing, music STOPS, everything stops...
Pleaseeee help me.
My STAND by and hibernate modes are turned off...
please help meh

I have a windows 7 computer. Recently I downloaded a PROGRAM, shut down my computer, turned it on, and after the loading screen, a blank black screen. I couldn't even get into safe mode by pressing F8. What can I do? I'll appreciate it. Thank you.

This is meaning that I have no access to my desktop, cmd prompt, or safe mode.

The program that I downloaded was a PRINTER driver update from the HP website. I always make SURE the SITE is trusted before downloading anything.We are sorry for being so late in getting to your thread. Everyone is so busy. Do you still NEED help?

Hi ,
I have a Toshiba laptop.
Recently Hotmail updated their layout and suddenly I can't upload photos from my pc onto an email.
If I click 'attachments' it appears to make them too big, and if I click photos-then compressed photos, up comes the familiar layout and I click each pic or 'select all' ...but then it goes ping when I click on 'Upload now' and does nothing...
Frustrating and bewildering.

There is a banner that comes up saying:
Internet explorer has blocked this site from using an Activex control in an unsafe manner. As a result, this page might not DISPLAY correctly.

I have updated my anti-virus and switched pc off... this problem has been with me for several days. (maybe even longer without me being aware of it)

Can you help please

What windows are you using? What IE version are you using?Hello, thanks for replying.

I am on windows vista home premium.
I cannot figure out how to find my IE as I am a total novice and can't understand the terms and technicalities.
Sorry to be such a duffer. hi julia,

welcome to the world of computers. i hope you'll like it here.

I hope this is not too technical for you and you can do it:

Quote

In the Browser Toolbar:
Tools -> Internet Options -> choose the Security tab
Click the Custom Level button
Enable the following settings:
Run ActiveX controls and plug-ins
Initialize and script ActiveX control not marked as safe.

To find out which version of Internet Explorer you're using, the cipher strength (SSL) it is using, the product identification number, or to see when the latest update was applied, follow these steps.

Open Internet Explorer by clicking the Start button , and then clicking Internet Explorer.

Press ALT+H, and then click About Internet Explorer.

go to the tools --> click on help --> about Internet Explorer

First, I apologize if this topic is already in the Forum. Because of this PROBLEM, I cannot use the Forum Search function. Here's the problem.

Whenever I try to use Google, I watch a blank screen for minutes, then I get a "...timed out" intercept. I tried to flush the DNS (maybe not the right initials) and it will not flush. If I use the numerical address (66.102.7.104) I get the Google site, but, then, get the timed out thing when I try to search. It MAY sound like I know a lot, but all of the above was done via my ISP Customer SERVICE who went beyond what they normally would do, but had to GIVE up.

Sound familiar to anybody?
GerryJust want to add some info. I noticed today that Search.yahoo.com will not download either.

What happens when you CREATE a new icon for ex. SI.Com-Golf?They don't work.
A Firefox shortcut COPIED to the desktop will not work.
System tray internet shortcuts don't work either.
Any non internet shortcut desktop icon will work.
IE favorites don't work. An IE favorite copied to the desktop does not work.
Links in email (Outlook Express 6) do not work.It works for me. When I was on a site I went to File, Send to, shortcut to desktop. Try it and see if it will work.
I don't believe that this problem with the icons are caused by MALWARE. Perhaps, you should start a new thread in one of the software forums on this site.Well of course it works for you!

I am 99% sure this problem was caused by the Desktop Security malware.

I will look elsewhere on this site for help.

Did you try creating a new icon to one of those sites you mentioned?Yes, I tried that too. It doesn't work.Could you please run ESET scan again and this time make sure that the "Remove Found threats" box is checked.Log below. Within ESET should I delete these files?

C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1570271F-33DC-4C63-B828-70C579138C9A}\Microsoft\Outlook Express\Emails0106to1208.dbxWin32/Sober.O wormunable to clean
C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{1570271F-33DC-4C63-B828-70C579138C9A}\Microsoft\Outlook Express\inboxcopy0407.dbxWin32/Sober.O wormunable to clean
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL.vira variant of Win32/Toolbar.MyWebSearch applicationcleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL.virWin32/Toolbar.MyWebSearch applicationcleaned by deleting - quarantined
C:\WINNT\Fonts\navdb.dbxIRC/Zcrew.A trojancleaned by deleting - quarantined
C:\WINNT\Fonts\nordb.dbxIRC/Zcrew.A trojancleaned by deleting - quarantined
C:\WINNT\system32\BNC.MRCprobably a variant of Win32/Randon.G1 wormcleaned by deleting - quarantined
Quote

Within ESET should I delete these files?

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Click the CleanUp button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.

Hoping that someone can help me with this -- for the PAST MONTH or so my Dell laptop has had a problem with UNCONTROLLABLE scrolling up and to the left. This is now getting worse and happens in all programs including Word, Adobe, all internet browsers, etc. Even to type this message is DIFFICULT because the cursor periodically jumps back to the top left corner of this text box. I have tried attaching a new external mouse but this does not help. The problem occurs even when not using the touchpad. I have scanned my computer with multiple anti-virus programs but no LUCK. It is getting difficult to use the computer for anything. Even holding the down / right arrows does not help. PLEASE ADVISE!!

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is INSTALLED. With malware INFECTIONS being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

In May or June of this year, my computer seemed to have GOTTEN a really bad bug. It ruined my desktop by hiding my icons away from me and I wasn't able to access a lot of things. After running some scans (Malewarebytes AntiMalware & SuperAntiSpyware), the virus seemed to have gone away; however, my computer had another issue.

It seems as if my .exe files are not opening correctly. Every time I click on a program on the desktop (such as Microsoft Word or WordPerfect), it gives me the place where the program is located and it SAYS "Application Not Found." I found a way to OPEN my writing programs by opening up Start>My Documents>Document Name, but it is still a problem because it asks for me to "choose the program you want to use to open the FILE" every time I want to access anything such as the internet, paint, etc.

I was wondering if there was a way to FIX this issue. I've looked online for help and I was wondering if this: http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html
would be of any use?

Thanks for your time.

Hey guys, looking for some help here.
As you can tell from the heading, my girlfriends laptop isn't booting in normal mode. Im pretty certain its due to a virus that has done damage or may still be present somewhere on the computer. It was one of the viruses that acts as an anti-virus trying to get you to pay money to download it and fix it.
I'v tried so many DIFFERENT things (scans with mbam,avast,ccleaner,spybot,esetcleaner,sdfix) but nothing has worked so far. I'v tried using system restore but it came back, and now system restore wont work for me when I try to reboot to an earlier state.
Anyone have any idea how to help? I dont have the windows xp cd here to upload it again, which doesnt help me at all.

Thanks in advance.
Can you boot in Safe Mode (by repeatedly pressing F8 before As you boot up), then run scans in Safe Mode.

Or maybe try 'Last Known Good Configuration' firstsorry, i should have mentioned that i tried those. Have done multiple scans today,usually something is picked up and delEted but doesnt seem to fix the problem.
Using last know good configuration doesnt seem to work at all.
and posting the question in 2 different PLACES doesn't MAKE it any easier, especially because if i'd read the other posts you've received, i wouldn't have bothered with mine. Somebody else is looking after you sufficientlySingleTwin: the malware specialists are GOING to need the logs from the THREAD you were linked to in your other thread. Follow the guide here.

The malware expert(s) are going to need at the least the hijackthis log and MBAM log. Post them in a reply here, then have patience, a malware expert should get around to this thread in a day or two

I am new to using a computer. In ORDER to REMOVE malware accquired by using the internet, can I learn to do this in a fairly shsort time, or do I need to use a computer support COMPANY?Since you are new to computers you will probably have to STUDY for over two years. I've been studying for over 3 years. There is a LOT of information to learn.

I did a repair of XP and then scanned with ESET online scan.
Here is the log from it.

C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\winlogon.exe.virWin32/Bamital.DX trojandeleted - quarantined

It seems to be runnig fine.
Thank youGood job!


If there are no more malware issues we can finish up now.


Let's clear out the programs we've been USING to clean up your computer, they are not suitable for general malware removal and could cause damage if launched accidentally. These steps will also help secure the work you have done.

* Click START then RUN
* Now type Combofix /Uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter.

The above procedure will:
* Delete: ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

----------

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

----------

Use the Secunia Software Inspector to check for out of date software.

* Click Start Scanner
* Check the box next to Enable thorough system inspection.
* Click Start
* Allow the scan to finish and scroll down to see if any updates are needed.
* UPDATE anything listed.

----------

Go to Microsoft Windows Update and get all critical updates.

----------

If you are using or have installed IE6 you are using an outdated and soon to be unsupported version of Internet Explorer and I strongly suggest you update to the latest version directly from Microsoft Internet Explorer 8: Home page.

----------

I recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no realtime protection so will not interfere with each other. They do not use any significant amount of resources (except a little disk space) until you run a scan.

I also suggest keeping CCleaner Slim. It is an excellent and safe disk cleaner. Running CCleaner on a daily basis helps to protect your privacy and make your computer faster and more secure.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, SPAM, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster - Secure your Internet Explorer to make it HARDER for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy.
* Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It May Not Be Malware for free cleaning/maintenance tools to help keep your computer running smooth.

I've been asked by a friend to fix their virus problem and after looking at their computer it showed they had 3 anti-virus programmes INSTALLED PLUS My Security SHIELD and still had a good few infections. Having never heard of My Security Shield I Googled it, and every page said it was malicious and suggested programmes to download to get rid of it. Seeing as it was not my computer, I was not going to pay for any software (any link given would have scanned the computer and just shown me what was INFECTED & then REQUEST me to pay for it to actually remove anything).

The processes and registry keys given to remove it manually were not actually on the computer and the other users on the computer could not find anything if it was searched for. I'm thinking the easiest thing to do is just delete this user! But I'm still puzzled as to why it was only one user affected!

Has any one had any experience of a rogue antivirus programme affecting just the one user on a computer?Quote

and every page said it was malicious and suggested programmes to download to get rid of it. Seeing as it was not my computer, I was not going to pay for any software (any link given would have scanned the computer and just shown me what was infected & then request me to pay for it to actually remove anything)

Hi all,

My computer with Windows XP became infected with the "Security Suite" virus, which I managed to remove (I think) using Malwares and AVG FREE. After my computer became infected when I already had AVG Free anti-virus I decided to change to Avast. Whilst my computer was installing Avast it turned off. When I restarted it, it opened and I saw the BSOD before it quickly restarted itself. I did as it SAID and started it in safe mode, again the BSOD, and if I don't get that the computer turns itself off in safe mode. If it doesn't turn off it just keeps going in a cycle restarting itself, getting to the BSOD and then restarting. I don't have time to read the errors on the BSOD before it restarts.. plus my MACHINE is in French so it takes me awhile to translate into English in my head!

Is there anything I can do?

Thanks in advance for your help,

Kim
Hello and welcome to Computer HOPE Forum. My name is Dave. I will be helping you out with your particular problem on your computer. I am working under the guidance of one of the specialist of this forum so it may take a bit longer to process your logs.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

*****************************************
Do you have your OS CD?
You could try this but from what you're telling us is that it's not working.

We Need to Diagnose Your BlueScreen
1.When you boot your machine, press F8 to list the STARTUP options, exactly as you would if you were trying to enter Safe Mode
2.Select "Disable Automatic Restart on System Failure", as shown here:


3.When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:


Hi Dave,

Thank you for your help. I didn't get a chance to see your message again before I turned on my computer today. When I turned on my computer today the BSOD had disappeared and I've not seen it since?! While it was not there I took the opportunity to run my antivirus and malware which picked up and quarantined lots of infections. One of which it couldn't delete (and I can't either) a file called lluzdzlq.dat although it says it was created in 2004 (and I've not even had this computer that long). I also backed up all my data. Windows however told me that "it had encountered a serious problem.." and my computer is unusually slow. Even the internet is really really slow with both firefox and IE and I have a reasonably good internet connection. Is there anything else you'd recommend I do? I do have the windows OS cd's available to me if I need.

Kind regards,

KimSUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************
Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Double Click the HijackThis icon, located on your Desktop.
  
• By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
• Accept the license agreement.
• Click the Open the Misc Tools section button.
  
• Place a checkmark beside Calculate MD5 of files if possible. Then, click Back.
  
• Click Do a System Scan and Save a Logfile. Or, if you see a white screen, click Scan.
  
• Please post the log in your next reply.
  

Attached is the log of the Combofix, let me know if you need any translation - I realise that the headings maybe in French.

Through reading this forum I've come to realise that the windows firewall is not enough, what firewall would you recommend?

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the quotebox below into it:
  Quote

  KillAll::
  
  DirLook::
  c:\windows\system32\NtmsData
  
  DDS::
  uInternet Settings,ProxyServer = http=127.0.0.1:6522
  
  

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
  
• Please post the contents of the log in your next reply.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
• Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

I keep receiving the same email from the person that used to be in my contact LIST. (i used hotmail).
She informed me that she no longer uses this email (ALSO hotmail). I have blocked this email address, but still keep receiving EMAILS from this address every day promoting some STORE.
Could someone explain to me why it happens? and how should i stop receiving these emails?

many thanks
Their account has probably been HACKED. It is probably sending you emails to spam your inbox.

It seems my subscription to mcaffee is going to run out and I don't want to renew it though it has served me well. I've heard great comments about AVAST and the fact that it is free is very appealing, but it has no firewall. I was just wondering if any one knows of a good FREE firewall out here on the web or has any reccomendations THX.I don't use 3rd party FIREWALLS on any systems, but I've always heard good things about comodo and zonealarm.use the windows firewall its good and also windows security ESSENTIALS from microsoft downloads
Online Armor has always worked for meFirewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only INSTALL ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing CONNECTIONS. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.Thank yous very much I now have DIRECTION

Try not entering anything when it asks for a password. Ok, that worked.

Now what do I type in. It gives me this:

C"/WINDOWS>Please try it again. After you get by the password box, you should get this:
To set up windows xp now, press enter.

To repair a windows xp installation using recovery console, press R.

To quit setup without installing windows xp, press f3.
Press R for repair.I am there. Which one should I pick. And what happens after that.
Thank you.
Choose R for repair and it will repair anything in your OS that needs repairing but all your data will remain intact.Ok, I get to this screen:

To set up windows xp now, press enter.

To repair a windows xp installation using recovery console, press R.

To quit setup without installing windows xp, press f3.

I Pressed R for repair and I get this screen:

Microsoft windows xp(tm) recovery console.
The recovery console provides system repair and recovery functionality.
Type exit to quit the recovery console and restart the computer.

1: C:/windows

Which windows installation would you like to log onto
(to CANCEL, press enter)?

I pressed 1 and enter at this point I pressed 1 because that's all I see.
Then it asks for administrator password, and I pressed enter with no
password and it worked. And it gives me this prompt:

C:/WINDOWS> What do I enter here.

I tried to enter R here but it does'nt work. Here is what it says when I enter R:

The command is not recognized Type HELP for a list of supported commands.I'm sorry but the main PROBLEM now is that there is too little free space and you will have to get at least 15% free space. The only way I of doing this on your computer is to remove the Harddrive and slave it to another computer. Once that is done, you can transfer some files/folders of your data to some DVD's. I realize this is a drastic step but it's the only way I know of GETTING some more space on your C: drive.

Is there a way for me to just start over and wipe it clean. I have braced myself for the fact that I might loose all of my STUFF anyway.

Thank you.That might be the way to go but you can still save all your important data. You can remove the Harddrive and slave it to another computer and save your data on DVD's. You you slave a harddrive on another computer it becomes just another storage device. You can go into it and copy all your data to an external harddrive or to DVD's. If this is a laptop, you can do the same thing but you will need to buy a cable to hook the harddrive to another computer. I've sent a message to my mentor about this problem and I'll contact you when he gets back to me.Try following this guide. http://michaelstevenstech.com/XPrepairinstall.htmOk, I have windows xp back again. Thank you.
I still have no space on my hard drive because it actually kept all of
my programs and files. Now I have to find out how to delete a bunch
of stuff.
Is there a program that I COULD run to tell me what I could safely get
rid of.

Thanks again.
•Start HijackThis
•Click on the Misc Tools button
•Click on the Open Uninstall Manager button.
•Click on the Save list... button and specify where you would like to save this file. When you press Save button a Notepad will open with the contents of that file. Save the file to your desktop.
Copy and paste this file in your next reply.

Once I see the list I will be able to help you determine which ones can go and which you need to keep. Ok, Here it is. Thank you.

Broadcom 440x 10/100 Integrated Controller
Dell ResourceCD
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Mozilla Firefox (3.6.
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB982381)
SoundMAX
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Windows XP Service Pack 3

The only program you can uninstall is HJT. You must have a ton of personel files, pictures, movies etc. to take up that much of your harddrive. The programs that you have presently installed should not take up that much room on your drive. You will have to check you files/folders to see which ones you can move to another drive.Install WinDirStat and see what is taking up the space.

You never said which PC to run it from.
The OTL were run off the good PC, since there is no way I could download OTL on the infected PC with no IP access.

Which PC do you want the sfc scan run from?
Could I request in the future, may you specify which PC to do scans/other things from?

Thanks.


Also...since we fixed the infected PC to now sign on normally, why is it that I can not access the internet even though I am connected and what can be done?OK when I tried on the good PC the black cmd screen popped up and vanished instantly.

I tried on the infected PC....it ran until this message popped up

Quote

Files that are required for windows to run properly must be copied to the DLL Cache.

Insert your Windows XP Professional CD-ROM now.

Which PC do you want the sfc scan run from?
Could I request in the future, may you specify which PC to do scans/other things from?

Let's just work on the originally infected computer. You will have to download any programs and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

Ok. We need to clear your DNS cache.

Please navigate to Start>Run and type cmd

in the window that pops up type ipconfig /flushdns

***************************************

Windows IP Configuration

An internal error occured: The request is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

Download the Fix IE Utility to your desktop.

Before running the utility, make sure that all your Internet Explorer windows are closed!

* Extract the contents of the .zip file to your desktop.
* Double click the Fix IE Utility button to run the tool.
* Click Run Utility
* Click OK when you see 'Re-registered all files'
* Open Internet Explorer and see how it works.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/25/2010 at 02:34 AM

Application Version : 4.41.1000

Core Rules Database Version : 5189
Trace Rules Database Version: 3001

Scan type : Complete Scan
Total Scan Time : 01:56:25

Memory items scanned : 513
Memory threats detected : 0
Registry items scanned : 6647
Registry threats detected : 0
File items scanned : 63752
File threats detected : 0

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4476

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/25/2010 12:29:46 PM
mbam-log-2010-08-25 (12-29-46).txt

Scan type: Quick scan
Objects scanned: 141086
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3436ec28-ccde-4a49-83a6-0b8dee619be3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{486bdd1d-bac7-4f82-8b68-38b1bd5378f2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\settingsxx.exe (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\vugip.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zugip.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\settingsxx.exe\config.bin (Spyware.SpyEyes) -> Quarantined and deleted successfully.

Logfile of Trend MICRO HijackThis v2.0.2
Scan saved at 1:23:59 PM, on 8/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot MODE: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Emsisoft\Online Armor\OAcat.exe
C:\Program Files\Emsisoft\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Emsisoft\Online Armor\oaui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Emsisoft\Online Armor\OAhlp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=70001
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.com/?cid=xfactiv_eg_self_main
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-630328440-725345543-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215897936109
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Online Armor Helper Service (OAcat) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Program Files\Seagate\Sync\SeaSyncServices.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Emsi Software GmbH - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9823 bytes

1) Installed unlocker...under downloads in my documents it is now deleted.
-However....in my computer it still shows in the E drive.

-Next time I re-start my PC will it be gone?
-If not how can I remove it from E drive...or is it moot...is it gone?

2) Otherwise given my logs, is my PC now given a clean bill of health?

3) What was the big problem with it, and was this one of the worst you have seen?

4) Thanks again, how can I officially thank you?

C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001487.EXEa VARIANT of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001488.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001489.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001490.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001491.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001492.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001493.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001494.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001495.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001496.exea variant of Win32/TrojanDropper.Agent.OCN trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001497.exea variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001498.exea variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001499.EXEa variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001500.EXEa variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001501.EXEa variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001502.EXEa variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP2\A0001503.EXEa variant of Win32/Kryptik.HT trojancleaned by deleting - quarantined
If there are no other issues, we can do some clean-up.

* Click START then RUN - Vista users press the Windows Key and the R KEYS for the Run BOX.
* Now type COMBOFIX /uninstall in the runbox
* Make sure there's a SPACE between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

***********************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

*******************************************
Download OTC by OldTimer and save it to your desktop.

1. Double-click OTC to run it.
2. Click the CleanUp! button.
3. Select Yes when the "Begin cleanup Process?" prompt appears.
4. If you are prompted to Reboot during the cleanup, select Yes
5. OTC should delete itself once it finishes, if not delete it yourself.

******************************************************

Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
****************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Dave – thanks for the help in sorting out the trouble I had with my computer and for the advice on preventing further trouble. Today I did the cleanup and installed Comodo Personal Firewall and WOT. Will try SpywareBlaster and SpyBot tomorrow. Again, many thanks.

I have the exact PROBLEM described be evilfantasy "read this before requesting malware removal help", I have Windows XP, service pack 2 installed, AVG Free 8.5, and windows defender, however, I am trying to download the FIRST step, and I cannot get online, the malware is redirecting to porn sites. I am sending this from my work computer with an aircard. NEED to figure out how to get to the sites to download. Help!Download on your work computer, transfer them to the INFECTED SYSTEM, run the logs and copy them back to your work system to post.

Pardon my english as it is not my first language. Let me try to explain.

When I turn on the computer, it automatically goes online through a wi-fi connection (although the stability of the connection is not very GOOD since Qandr Rootkit infected the laptop). I can use the internet, for example, to connect to Pokerstars or Full Tilt Poker to play online poker. But, when I open IE or Firefox or Chrome, I can't get any webpage to open for a period of around 30 minutes (even if I'm playing poker online at the same time). This only happens with the browsers, but not with any other programs I use online (eg.: Poker programs, P2P). After about 30 minutes of being online, the browsers suddenly start working on an off and I can get to see my email or this forum or whatever website.

Hope I have MADE myself clear

Thanks for your time and patience. Quote

Pardon my english as it is not my first language. Let me try to explain.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

Not sure where my 1st post went, but I'll try again. I have 3 machines ( Desktop, Laptop and Netbook all infected with nodqq.exe/ca.exe virus. Bought a Verbatim 500G usb drive to sync all my stuff between the three about 2 weeks ago. Noticed Friday night that I couldn't access any hidden files with my laptop, either in the drive or on the comp hdd.
Tried on the desktop and found the same issue. Any attempt to show hidden files by Start>MyDocuments>Tools>Folder Options>View didn't work. Selection goes right back to not show.
Have spent most of the weekend fighting this. 1st I updated all my Norton to Internet Security 2010 and ran back to back scans. 2nd downloaded and ran Hijackthis and posted results (Previous post #1 not listed anymore?) 3rd downloaded and ran CCleaner and posted results. Eventually Norton ID'd nodqq and ca.exe among some other unfavorable stuff and removed them from the desktop and laptop.

The problem is that my netbook is still infected. I thought I had it beat yesterday when I found and changed some items in the registry and got it working again. All seemed ok until I restarted and went back to the same issues. This is what I have figured/found out:

I'm not sure where the virus got picked up, but it installed itself into my USB drive disguised as "autorun.inf"
When the drive got plugged in to my netbook, it used autorun to install itself into the windows inf folder. It also added the value "nod32 = %Local Settings%\Temp\nodqq.exe" under the registry key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

and changes the value Hidden = 02
ShowSuperHidden = 00

under the key

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\folder\showall

I can get into msconfig and deselect nodqq.exe but when I click OK I get an access error message that tells me to sign in as an admin.

I found and deleted 1 exe and 2 dll files with the name nodqq I found by running search, selecting search hidden files and folders. Now no more files with that name are found.
Norton keeps finding and quarantining Trojan.Packed.NsAnti
Each time it says its rosolved but it keeps coming back. It has also picked up and resolved ca.exe once and rpw.exe twice.

I've ran and am running Norton Internet security 2010, CCleaner, Hijackthis and SPYBOT S&D.

I've changed registry values back to normal and removed added items only to have them go back. I need to find where this thing is hiding, how it's coming back and changing reg entries and how I can kill and remove it permanently. I hope I've included enough info. By the way:

ASUS EeePC
Intel Atom
CPU N270 @ 1.60 GHz 0.99Mb RAM
XP Home 2002 SP3
Norton Internet Security 2010
SPybot S&D

Let me know if you want logs posted have the ones from Hijackthis, Norton, and CCleaner.

Also downloaded and running NOautorun USB defender and was able to get into my drive and remove the virus on that front.Hey man, I've registered just to tell you how I finally MANAGED to kill nodqq and its variants.

I was using my USB stick on a networked, public computer at school and when I got home and plugged it into my laptop and PC, I noticed Windows Live Messenger and IE were crashing.

Malwarebytes has always been my go to for getting rid of this kind of thing and it found and deleted nodqq.exe and dlls, repaired registry, etc.

However, upon reboot, the virus managed to keep regenerating itself. I even deselected it from start up in msconfig, but it would magically reappear in the list.

Anyways, I downloaded this PeeTech fix advertised on some tech-blog site and it worked PERFECTLY. Upon reboot, I could instantly see hidden files that nodqq had been BLOCKING. I was weary at first to d/l something that I didn't know anything about, but I figured I'd try it first on my laptop where the damage would be minimal.


Anyways, here's the link to the blog and directly to the fix. Just download, unrar and run. Made my DAY- I'd been losing my mind.

Blog: http://hotzone-it.blogspot.com/2010/04/how-to-remove-dqmexe-nodqqexe.html

Fix: http://www.mediafire.com/?mmlwxnmn2yz

Hope this helps!

Oh, and PS, I'm planning on just throwing the USB drive in the garbage hahaha. rusty , please wait for a malware expert to help you in this topicWanted to update those who were interested. To recap, Norton Internet Security 2010 was able to kill three viruses identified as trojans. Specifically they were: ca.exe, nodqq.exe and pwe.exe. The virus showed up in my Verbatim USB HDD and was named "autorun.inf". As soon as the drive was plugged in to a machine, Bam it downloaded itself to 3 different locations. It also created registry keys, and changed registry values. The keys were created start them on bootup, even if removed from msconfig startup list. The registry values seemed to make them hard to find by not allowing access to hidden files.

All 3 had to be removed in short order or they would be replaced by one of the other two.
When pwe.exe was removed by Norton, you could get access to hidden files by changing them back to a value of (1) in the registry. When this worked I ran search and located each file (nodqq.exe, ca.exe, and pwe.exe, along with nodqq.dll) and deleted them. I also found copies of them in the %temp% file and deleted them. The first try was a bust, but the second time I remembered to empty the recycle bin and then they didn't return.

It was quite a blur, with 3 machines running simultaneously so I'm having trouble recalling it all, but between Norton 2010, CCleaner, Hijackthis & Spybot S&D it seemed to work out. I also installed Noautorun which allowed me to find and kill the original threat disguised as "autorun.inf". All 3 are up and running, the only thing I found is that Norton finds and removes a different trojan 3-4 times/day so something is still going on there. Hope this info helps someone.
Rusty

That looks good. If there are no other issues, it's time for some clean-up. You can uninstall HJT, ESET and Security Check. You may keep SAS and MBAM, if you wish. Update them and run them on a regular basis.

To uninstall ComboFix

• Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  
• In the field, type in commy /uninstall
  

• Then, press Enter, or click OK.
  
• This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
  

every TIME i CLOSE eset nod32 it will come again n again what should i do,how to solve it,this is happing BCS of spyware or MALWARE or eset settings,
thanks Please do not post malware advice. If you WANT to help please go to this thread.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet EXPLORER 7.0.5730.13

5/11/2010 9:14:49 AM
mbam-log-2010-05-11 (09-14-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 169617
Time elapsed: 56 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
FOLDERS Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\dllcache\termsrv.dll (Trojan.Downloader) -> Quarantined and deleted successfully. Hi

Please download HAMeb_check.exe and save it to your desktop.

• Double-click on HAMeb_check.exe to run the utility and it will create a log.
• Copy and paste the contents of that log in your next reply.

Avast! Now speaks more than 27 Languages...

I want to use it in my PC but have so many doubt ........

Is Avast! Is better than other antivirus like Norton or AVG??


ANYONE can help.. ?I never tried avast. Usage of anti virus is of one's personal INTEREST....
Just check some anti virus rating web sites for further details. Try it once and compare it with your previous anti virus. You can get the difference and you may get experience with them too......
avast
is FREE antivirus with spyware protection --& a package of applications
GO ........I think Avast! is very good. For personal use, I definitely choose the free version of Avast! over Norton or McAfee. I agree totally. I've had Norton and McAfee and paid for both. I have been using Avast free version now for some time and find that is every bit as good. No, better.AVAST is very good. It works very well.

AVG is doing ok I guess, it's on my mom's old pentium 3 computer and it's not giving her problems when she uses the old PC to watch videos.

In my opinion, Avast is loads better than Norton. As for AVG...well, that's really your call. I'd say Avast and AVG are just about even, so it's mostly a matter of which one you like it better. You might as well give it a shot. If you don't like it, all you have to do is uninstall.All support avast
I think that there are better programs, such as pure Kasparsky . But it is not freeI have heard great things about Kaspersky , and I know it's rated very high. Possibly the best? Avast though certainly does the job and I'm very satisfied with it.. So my thinking is; if I can get the milk and meat without cost, why should I buy the cow?CORRECTLY. avast gives the meat and milk
But non-free programs like kaspersky & non-free avira . Add a lot of spices to the meat

Well ,I suppose being Canadian, I don't require a lot of spices.MicroSoft Security Essentials works very well for me. Very effecient and not a resource hog.I personally use (as well as the company) ESET NOD32 Anti Virus. I have had no problems with this anti-virus at all. AVG (especially the free version) wouldn't really be my choice at all. Their detection rates of Newly-Released viruses isn't very good (as tested by ourselves within a controlled environment). Also, it tends to have a file-SCAN lag.. Making full scans TAKE longer. As for Norton, I personally wouldn't bother. It uses too many system resources in order to run, the scan times take long and also it tends to leave alot of files behind once "fully uninstalled".

Hey guys,

I'm not sure if this is a registry or virus problem, but I will do my best to EXPLAIN to you what happened.

A couple of days ago, I was trying to clean up my gaming PC. I gave it to my parents to replace their old PC while I went off to college. Unfortunately, my dad did not do a good job keep up with it. Using CCleaner, a program that cleans the registry (missing .dll, unused extensions, ActiveX and Class issues. I am sure you guys are aware of the program). It FOUND 400-odd problems, and I told it to fix them. Before it fixed, I backed up the registry. After the fix, everything appeared normal.

Then,

I uninstalled the free version of Avast, and installed McAfee enterprise edition, that my University gives to students. I figured that McAfee would be better software, so why not use it. I ran a scan, and about 10% of the way through, I check and see that it has found 314 detections. Soon after, then theme of Windows reverts to Windows CLASSIC (like Windows 98). I checked to see what happened, and I saw that McAfee found another detection, making 315 total detections. I tried to switch the theme back, and it said that I have to use the "Computer Management Tool" and TURN the service back on. I try to find the service, and I cannot find it.

So, I reboot, and when it's time to login, it tells me that I have "3 days left to active your windows product." So I ignore it, and when I log in, my desktop bar is gone. I can only see about 5pixels of the very top of it (it is STILL in windows 98 theme). When I finally manage to get it up, I click on the start button and try to do a system restore. It tells me "Your system is not protected. Please restart and try again." So, I restart in Safe-Mode, and got the same error.

I reboot, and login in normally, getting the same errors. I then restore the old registry file that backed up prior to the CCleaner action. I reboot, and got the same problem.

I have the OS re-installation disk if worst comes to worst. However, my dad does his taxes through TurboTax, and the files are on the HD. I tried to save them into my thumb drive, but it will not allow me to transfer them. I tired using Copy and Paste, Send To, and even the CMD promt. Nothing seems to work. I can however save Word and PowerPoint files by opening the program, and saving them to the thumbdrive. Excel will not open correctly, nor will TurboTax.

So I am in kinda of a dilemma. I need those tax files before I can reformat, and I have no idea how to get them.

Any thoughts??

Thanks so much for the help!Your best bet would be to remove your harddrive and slave it to another computer and recover your files. I would get a hdd emclosure from like Best Buy or another electronic retailer and install the hdd in that and hook it up to another computer even a laptop and then you can possibly transfer the files that way. I would also scan the files with the other computer to make sure they are not infected with the virus. Oooh that's sounds painful haha. I have another computer that I can try that with. My dad has an IT employee at work that can take a look at it, but I really dont want to bother him with non-work related issues.

Some type of virus has caused the following problem: After log-in, an Anti-Virus PROTECTION PROGRAM immediately downloads and scans for viruses, followed by a window that asks for registration. I understand that this is BOGUS and some type of Ad-ware or Malware, but I can't seem to get past that scan or registration screen to any kind of start MENU. Neither window has a close button, and although I was able to finally close the window using "alt + f4", my Start toolbar is nowhere to be found. I tried the "ctrl + esc" as well as the windows button to no avail. I can't seem to take a step TOWARD removing this virus without at least getting to the Start menu. Any suggestions?

I'm on Windows 7. I have this virus I can't GET rid of, and everything I try to start an application it won't let me. How do I begin to fix this? Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.Thanks.

I downloaded this on a different computer, and tried opening it on the computer with the virus, but it won't let me install it.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try once more.Ok. a lot of hurdles to jump through. I started safe mode with network, but in order to install malware and SPYWARE programs, I had to create a new registry key to add an MSIServer.

I installed and ran the following applications:
rkill, exehelper, superantispyware, malwarebytes, hijackthis, tfc, avri antivir.

I have a OS compability issue with comboFix and a proxy issue with eset online scan-- any alternatives for these guys?

I assume the problem has been FIXED, but want to run combofix and eset online scan just to sure, any suggestions for this?

Thanks.

Hi

Download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in

• Click the Run Scan BUTTON. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please COPY (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
    

Unless I can get some guidance, it seems I will have no other alternative but to throw my laptop in the trash. I have an HP with Windows XP Professional. My son obviously downloaded something (a long story-some other time) which has completely taken over. After log-in, an anti-virus/malware program downloads and gives me a summary of all the nasty things that are on my computer, then directs me to the screen where I can remove all the nastiness by purchasing and registering their product.

I understand that this is all bogus, but nevertheless, I have lost all control with the laptop. All of the windows related to this bogus program have no close or minimize capability and it was obviously designed to stay put until the user purchases the product (or until they get your credit card info). I can clear the screen by keying the "alt + f4", but once the anti-virus window closes, I have no tool bar or "Start" key. I've tried to key the "Windows" key and have tried to key the "ctrl + esc", but to no avail. No toolbar.

I have also tried to boot-up in safe mode, but the anti-virus still downloads in the same manner as described above. I viewed some of the suggestions contained within this forum, but with no toolbar or "Start" key, I can't even attempt step one. It also appears that most of the suggestions on how to rid a virus depend on downloading something or visiting some on-line site. I can't even get to a point where I can connect to the internet (or anything else for that MATTER). I see no other alternative but to throw the thing away.

I had thought about trying to change the configuration and settings BACK to the configuration and settings that were in place when I purchased the laptop, but when I boot-up and key "F8" I don't seen to have that OPTION. I heard there are reasons for the inability to do this, but I don't know what they are.

Having read the FORUMS here, I know there some very big brains out there. I am hoping someone can help me rid my laptop of this monster, or at least show me how to I can wipe the slate clean and start over. Please?
You can either reinstall Windows or use the makers system restore feature if there is one.
Thank you for your reply.

Can re-installing Windows be done without having any control over the laptop? Also, if a CD is necessary, I'm not sure I have one anymore. Am I able to purchase one somewhere?

Can you or someone else walk this novice through the steps necessary to re-install Windows or help me locate where the makers system restore feature might be located and/or initiated?
what make and model is it?
As best I can tell (its been awhile) HP Compaq nc 6220If you had the machine from new, did you create a set of recovery CDs when you got it, as advised? if not, you can order an OS install disk

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00810334
Thank you, sir. I will order one today.Go to this link to create a Rescue CD or to this site to create a Rescue USB. Carefully follow all the instructions for whichever method you choose.Hello, just one more tip.
Your collection of photos and documents may be quite valuable to you. If so, you should give attention to some method of making a backup of all your my documents folder before you attempt to reinstall Windows.
One method is remove and slave the laptop hard drive to a desktop machine using a suitable external USB adapter. This way you can save the contents of the my documents to a backup folder on the desktop machine.

I have a rather strange situation on my hands.

XP Antivirus Pro 2010 (or some variation on that name) installed itself on my laptop - despite the fact I had Avast! Home working the whole time.

Not wanting to bother with the never-ending process of ATTEMPTING to remove it, I simply planned to back-up my files and restore the OS.

However, I didn't have the time to restore and still needed to access my files on the laptop, so I simply turned off my WiFi so the XP Antivirus Pro 2010 would be unable to communicate with the web.

After about 2 weeks of barely using my laptop, I turned it on and FOUND no trace of XP Antivirus Pro 2010: it didn't start up with Windows, it wasn't present in my system tray, and it didn't block my internet navigation...

Did it literally remove itself or is it likely still present, lurking in the background?

Any reason for me into restore my system?

My Startup:

I really doubt that it REMOVED itself and System Restore does not cure infections. In fact, some infections actually hide in your System Restore files just waiting to re-infect your computer. The only sure way to check if your computer is clean is to follow the ADVICE in instructions below.
Please go to this LINK and follow the directions and post the required logs.