O.K. 1. THERE IS NO SHORTCUTS TO F- SECURE INTERNET SECURITY 2010 ON MY DESKTOP.

[Malware Removal Specialist]

Open it and look for any f-secure entries and remove them.

[Malware Removal Specialist]

When you tried to install f-secure from my link did it give you an option to uninstall instead of install?

When you tried to install f-secure from my link did it give you an option to uninstall instead of install?

No it only ask me to install.... & i removed what one f-secure thing i seen in the windows cleaner thing but it iz still listed az my "Virus Protection"

[Malware Removal Specialist]

but it iz still listed az my "Virus Protection"

Listed where?

Try the OPSWAT AppRemover

AppRemover enables you to thoroughly uninstall security applications such as antivirus and antispyware from your computer.

nope only things it ask me did i want to unistall were malawarebytes and superantispyware...

but when i say its still listed as my virus protection i mean when i click on

start: control panel: Security Center: & it says F-Secure Iz My Virus Protection

[Malware Removal Specialist]

Download, unzip and run Process Explorer

* Locate the folder where you extracted the downloaded file, and then double-click procexp.exe
* Wait for the list to populate.
* In the Process Explorer window, click File and then click Save
* Enter a name for the file such as Process Explorer and then click Save.
* Save it to your desktop so you can easily find it.
* Copy and paste the log in your next reply.

Process   PID   CPU   Description   Company Name
System Idle Process   0   96.88      
 Interrupts   n/a      Hardware Interrupts   
 DPCs   n/a   1.56   Deferred Procedure Calls   
 System   4         
  smss.exe   404      Windows NT Session Manager   Microsoft Corporation
   csrss.exe   468      Client Server Runtime Process   Microsoft Corporation
   winlogon.exe   492      Windows NT Logon Application   Microsoft Corporation
    services.exe   536      Services and Controller app   Microsoft Corporation
     svchost.exe   708      Generic Host Process for Win32 Services   Microsoft Corporation
     svchost.exe   756      Generic Host Process for Win32 Services   Microsoft Corporation
     svchost.exe   820      Generic Host Process for Win32 Services   Microsoft Corporation
      wuauclt.exe   2524      Windows Update   Microsoft Corporation
     svchost.exe   860      Generic Host Process for Win32 Services   Microsoft Corporation
     svchost.exe   1028      Generic Host Process for Win32 Services   Microsoft Corporation
     LEXBCES.EXE   1364      LexBce Service   Lexmark International, Inc.
      LEXPPS.EXE   1404      LEXPPS.EXE   Lexmark International, Inc.
     spoolsv.exe   1388      Spooler SubSystem App   Microsoft Corporation
     svchost.exe   1816      Generic Host Process for Win32 Services   Microsoft Corporation
     AppleMobileDeviceService.exe   1896      Apple Mobile Device Service   Apple Inc.
     mDNSResponder.exe   1916      Bonjour Service   Apple Inc.
     jqs.exe   176      Java(TM) Quick Starter Service   Sun Microsystems, Inc.
     NBService.exe   196      Nero BackItUp   Nero AG
     IoctlSvc.exe   216      PLFlash DeviceIoControl Service   Prolific Technology Inc.
     svchost.exe   328      Generic Host Process for Win32 Services   Microsoft Corporation
     NMIndexingService.exe   1188      Nero Home   Nero AG
     iPodService.exe   1588      iPodService Module (32-bit)   Apple Inc.
     alg.exe   2108      Application Layer Gateway Service   Microsoft Corporation
    lsass.exe   548      LSA Shell (Export Version)   Microsoft Corporation
explorer.exe   1232      Windows Explorer   Microsoft Corporation
 GrooveMonitor.exe   1700      GrooveMonitor Utility   Microsoft Corporation
 jusched.exe   1708      Java(TM) Platform SE binary   Sun Microsystems, Inc.
  jucheck.exe   2336      Java(TM) Update Checker   Sun Microsystems, Inc.
 iTunesHelper.exe   1780      iTunesHelper Module   Apple Inc.
 ctfmon.exe   1788      CTF Loader   Microsoft Corporation
 NMIndexStoreSvr.exe   1824      Nero Home   Nero AG
 sistray.exe   1868      SiS Compatible Super VGA Tray Application   Silicon Integrated Systems Corporation
 firefox.exe   2260      Firefox   Mozilla Corporation
 procexp.exe   868   1.56   Sysinternals Process Explorer   Sysinternals - www.sysinternals.com

[Malware Removal Specialist]

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

• R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
• R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
• O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
• O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
• O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
• O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure\NRS\iescript\baselitmus.dll
• O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security ,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security

.
Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

----------

If you already have ComboFix be sure to delete it and download a new copy.

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient

Folder::
C:\Program Files\F-Secure


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Ok I Did What You Said With HiJackThis but when i waz about to run ComboFix a Box Popped Up Saying:

ComboFix has detected the following real time scanner(s) to be active:

antivirus: F-Secure Internet Security 2010 10.00

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible maching damage. Please disable these scanners before clicking 'OK'.



So I Didn't Do ComboFix... So Should I Go Ahead & DO It???

[Malware Removal Specialist]

Download OTM by OldTimer to your desktop.

Note: If you are running on Vista, right-click on OTM.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTM.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code: [Select]

:Processes
explorer.exe

:services
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient

:Commands
[purity]
[emptytemp]
[start explorer]

* Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.

* Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes.

----------

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Folder::
C:\Program Files\F-Secure
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript and drop it into ComboFix.

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

I DId Everything WIth OTM Old TYmer But Got The Same Message Again When Trying To Use Combo Fix... Heres The Log From OTM though (I ALSO HAD TO RUN OTM TWICE CUZ WHEN I TRIED COMBO FIX IT SHUT DOWN MY E-NET... SO I JUST REPEATED STEP 1 WITH OTM TWICE:

All processes killed
Error: Unable to interpret <explorer.exe> in the current context!
========== SERVICES/DRIVERS ==========
Service\Driver F-Secure Gatekeeper Handler Starter not found.
Service\Driver F-Secure Gatekeeper Handler Starter not found.
Service\Driver FSDFWD not found.
Service\Driver FSDFWD not found.
Service\Driver FSMA not found.
Service\Driver FSMA not found.
Service\Driver FSORSPClient not found.
Service\Driver FSORSPClient not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
 
User: All Users
 
User: Application Data
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 726604 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 9457154 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 9.78 mb
 
 
OTM by OldTimer - Version 3.0.0.6 log created on 10302009_230906

Files moved on Reboot...

Registry entries deleted on Reboot...

[Malware Removal Specialist]

You just need to let ComboFix continue on.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]

KillAll::

Driver::
F-Secure Gatekeeper Handler Starter
FSDFWD
FSMA
FSORSPClient

Folder::
C:\Program Files\F-Secure


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

Attached Below:

[Saving space, attachment deleted by admin]

[Malware Removal Specialist]

You also had a lot of malware.

Now, go to Start > Run, and copy/paste the following into the Open box (one line at a time) then Click OK after each.

Code: [Select]

sc config fsbts start= disabled

Code: [Select]

sc stop fsbts

Code: [Select]

sc delete fsbts
----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]

@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixsecurity.bat making sure that the Save as type field says All files.

Next double click fixsecurity.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------


How is everything now?

everything looks good but when i go to Start > Control Panel > Security Center it says

The Security Center is Currently Unavailable because the "Security Center" service has not started or was stopped. Please close this window, restart the computer (or start the :Security Center" service), and then open the Security Center again.