etavares

Which program, the PC Optimizer? If so, I don't recommend registry cleaners as they can do more harm than good. Programs don't search the registry, they know where to look for their settings so orphaned entries don't slow down your computer. The consequences of deleting a legitimate key by mistake can be huge. -etavares

I'm not sure it's the PC. We could try Thunderbird, it's another email program like Outlook Express that's free. Can you log in ok via the web? (I"m assuming Sky has webmail access?) -etavares

Hi, Outlook Express is no longer supported by Microsoft....outlook.com webmail replaced that. Also, as a security guy, I'd be remiss if I didn't suggest you immediately upgrade from XP to at least Vista since XP is no longer getting security updates. We could use a third party email program (e.g. Thunderbird). I don't have much experience from Sky, but I'm guessing they tried this setup? http://help.sky.com/articles/get-emails-on-your-windows-desktop-client -etavares

Sounds good. Keep us posted.

Hi PEV, Lots of ways this could happen. First, I would counsel you to use a computer you believe is free of malware and immediately change passwords on all accounts...email, financial and other ones are the most critical. Especially if you use the same email/password combination for those as you do for your email It's best to have strong passwords (random words, mix of letters and numbers and special characters) and to use a different one for each website/login. You can use a password manager to keep track of them. You should also immediately contact your email provider and let them know what happened. Hopefully they can reset your password. We don't know if they got their password from malware on your computer, or if they intercepted a different way (hack of the mail website, snagged it if you connected without SSL over a public network, they got when you logged in via different computer, brute force, etc.) So, let's take a look at your computer. Please follow the instructions in the link below and post your logs here. I'll look them over. http://extremetech.support/threads/15547-Before-posting-for-Malware-Removal-help-WinXP-Vista-Win7-Win8-amp-Win8-1 Thanks, -etavares

Hi Gadgie, Happy to take a look. Please follow these instructions and post the requested logs. It it slow at all times? Or does it take a bit before it becomes slow? Or is just the internet speed slow? http://extremetech.support/threads/15547-Before-posting-for-Malware-Removal-help-WinXP-Vista-Win7-Win8-amp-Win8-1 -etavares

It's a matter of personal preference to some extent. I don't have much experience with Windows 8, but Bitdefender, Avira Antivir, ESET, etc. all work well. In some cases, one that works well on one computer may slow down another computer. It can depend on hardware and other software. -etavares

Have to agree with Starbuck. Although, IE did have that fatal flaw that required an offcycle update. :) But, they all have those at some point. I use Chrome since that's what I've been using for a long time now. I use IE11 for some websites that don't render well in Chrome. -etavares

Hi Ray, Glad to hear it's back up and operational. -etavares

That's the actual realtime antivirus component. I don't use AVG, but that should be included in AVG Free. From the AVG website. Do the opposite to try and enable it. [h=3]Computer protection (Resident Shield)[/h]The Computer component ensures full protection of your computer from the inside, which makes it useful even if your computer is not connected to any network at the moment. It can detect all known types of viruses and spyware, including sleeping threats and rootkits. To disable the component: Open the AVG program. Click the Computer component. In the Anti-Virus section, change the switch to Disabled. -etavares

+1 for what Starbuck said. He beat me to it. The new one is not fun. The only surefire way is to backup your files frequently and in a way that's not connected to your network (e.g. flash drive, external hard drive that is unplugged, etc.)

OK, was it in your browser window, or a popup? We can update flash player via this link. Go ahead and try that. http://get.adobe.com/flashplayer/ Was there a name to the registry cleaner they wanted you to download? -etavares

Hi Trazza, Nope, you'll still get those. They're overly aggressive ads that try to scare you into purchasing software. That's what appeared to happen here. The PUP in the malwarebytes' log means "potentially unwanted program"...not a virus per se, but one that can be installed with aggressive means. How is the computer running at this point? No popups or registry error messages if you go to google.com? We can do an online antivirus scan if you'd like to check, but this was just an unwanted download and scary advertisement, I think. -etavares

Hi, I don't recommend registry cleaners. The risk of an unbootable computer or broken program is real; and the performance gain is minimal to none. Not worth the risk. We can do some cleanup...removing that registry cleaner program and a few orphaned registry entries: Launch OTL, copy/paste the bolded text into the Custom Scan/Fix text box in OTL, then click Run Fix. :OTL IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=r etail&geo=GB&ver=20&locale=en_GB&gct=kwd&qsrc=2869 O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. :files C:\Users\Tracey\AppData\Roaming\Systweak C:\Windows\SysNative\roboot64.exe A log will pop up...copy/paste the contents of that in your reply. -etavares

Hi, The chance of a BIOS infection is about zero. However, the space on your hard drive has been filling up by more than it should based on your description. Your C:\ drive has had 16GB of data saved to it. Your D:\ drive has had 43GB...that's 59GB of data. If the external drive is plugged in, even though you're saving files to it, it could be the source of the infection back to the main computer. What is your D:\ drive? Is that a partition on your hard drive, or is that the external drive? For now, please leave the external drive plugged in, launch MBAM, update the definitions, then click Full Scan and post the resulting log. You'll want to do that overnight, it will take quite some time. -etavares