Today I picked up something nasty online!:bs_imgoingtoeatyou:

I am now getting a warning every few minutes - attached, wanting me to proceed to load a spyware program. But prevent is mis-spelt and suspect.

I have run adaware and avast but found nothing. It has made google my default on opening IE and removed control panel from my startup - telling me to contact system administrator. Any google search number one result link does not work instead taking me somewhere else.

Other windows open may suddenly change to some strange site...

Below is msconfig - startup.

I've never seen 'winter' before and 'autos' and 'infos' were just added today.

Don't know about the rest either - whether they're valid.

I disabled the printer.

I have no longer any access to security or program settings or control panel.

How to go forward?

Can you show us the MSCONFIG with the command column made bigger so we can see it please. Can you still download stuff? If so trying going to somewhere like download.com and getting spybot and seeing if that may help.

Will do in a mo.

It's now self starting into an analyse . see snapshot

Here it is

Well Adaware was clean when I logged on but another run gave this -

Well I ran a program called Autoruns which tells me all about the startups and I disabled a bunch of things that arrived at 11.25am yesterday and then ran Adaware again ( 100+ redirects) and the popups all stopped!

But I still don't have access to control panel, or set program access and defaults. How to get that back?

Research indicates what you have is malware or spyware.

Please follow the instructions here> HiJackThis prerequisites,

and then post your log in a new thread in the Spyware, Adware, Viruses and HijackThis Logs Forum.

If there's no reponse here within a reasonable amount of time, try our sister site;

Follow the instructions here> HiJackThis prerequisites,

and then post your log in a new thread in the Spyware, Adware, Viruses and HijackThis Logs Forum.

OK,

Spybot finds and removes an Antivirus Override and 85 redirects.

Trojan Remover identifies -

O2 - BHO: (no name) - {6557BC7D-87E0-4A98-B597-68F541D25BF3} - C:\WINDOWS\system32\duse.dll as a PW grabber BZub.

and another nasty at C:\WINDOWS\system32\drivers\vnafudcc.dat controlled by
HKEY\SYSTEM\CurrentControlSet\Services\mglpewgn\"I mage Path"

none of which it can remove and nor can Hijack This. Trojan Remover won't work in safe mode despite it recommending to.

They're locked and immovable apparently. Trying to move forward here - any suggestions?

Where to from here?