What is privacy protection? Fake virus program?

What's he going to do when he gets the virus off? Go through life without a hosts file? Who needs windows update anyways right? He's too far gone. What are you going to do, analyze all his processes one by one? Ask for a readout of his services to make sure their running properly, from Australia?

But suit yourself.

Just want to let you both know I GREATLY appreciate your help.

I am still working on this and it seems best to do the re-install as killjoy recommended. Are you willing to explain how I accomplish that, I have very little experience with this as you can see.

I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7

executiV said:

I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7

Hi, executiV.

The Privacy Protection rogue often comes bundled with the TDSS rootkit infection. As a result, if you are going to attempt to clean your computer, I suggest the first step be TDSSKiller:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista - W7 users: Right-click and select "Run As Administrator".
  If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
  If you don't see file extensions, please see: How to change the file extension.
• Click the Start Scan button. Do not use the computer during the scan!
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
  
  • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
  
  
• A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

As to RKill, it doesn't make a difference that the clean computer is running Windows XP. Try this direct download link for the eXplore.exe named version of RKill eXplorer.

• Save rkill either directly to the USB stick or to your XP machine and transfer to the USB stick. Then transfer it to the desktop of the infected computer.
• Double-click rkill to run.
• A command window will open then disappear upon completion, this is normal.
• Please leave rkill on the Desktop until otherwise advised.
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

If you haven't yet, you need to follow the same procedure MBAM.

Thanks Corrine,

I have been working on it, all I have that seemed to complete was the rKill, here is what showed up after that:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 12/10/2011 at 23:20:15.
Operating System: Windows (TM) Vista Ultimate

Processes terminated by Rkill or while it was running:
F:\malwarebytes\kap.2
C:\Users\2~1\AppData\Local\Temp\2375665\5742018.exe

Rkill completed on 12/10/2011 at 23:20:18.

The Kaspersky scan didn't come up with anything, on the malwarebytes it said 2700 or so threats found, I didn't purchase it to clean the unit, though.

I also attempted a system restore after finally getting the unit to start in Safe Mode, I'm not sure if it is clean yet though.

I attached the screen I have after running Windows Defender. The malware appears to still be in the system because the time/Date displayed in theDefender screen I attached was when the issue occured. Notce it says 'Action Taken: Permit' this leads em to believe the Privacy Protection malware is still in my computer

Still working on the other anti-malware programs etc.

EDIT: I'm attaching the window I see after using the tdsskiller link from post #56

Also I'm attaching the screen I thought said I have 2700 infections, it is the ARO 2011 screnshot