im having to restore my pc back to a certain date to get aol to work, the blue screen comes up but stops before i can enter the password to get online. i have had some message about "n-case" needing installing as some files have gone. any ideas what n case is? and why it could be stopping me getting online
cheers

Hmmmm,
n-case is really bad spyware. If you go to Add/Remove Programs is the Control Panel you will see the uninstall option. The only problem is that when you launch the uninstaller it will specify that you have to be online to continue with the uninstallation. This is because it launches your browser to the n-case web site where the uninstaller has to be downloaded. There are different uninstallers for the different n-case infestations as there are several strains.
Perhaps Ad-aware or Spybot Search & Destroy might be able to get rid of it.

Here is some information from Pest Patrol..................
http://www.pestpatrol.com/pestinfo/n/ncase.asp

EDIT:
I just found this, it might be of assistance.......
http://www.n-case.com/ncaseuninstall.html

http://www.n-case.com/ncaseaduninstall.html


Also see the n-CASE FAQ at........
http://www.n-case.com/ncasefaq.html

I definitely wouldn't use anything from ncase to get rid of it as they're the ones responsible for it in the first place. Download and run HijackThis (http://tomcoyote.com/hjt/) and post the log. However this is nasty to get rid of. You will probably also have to delete a couple of files in safe mode.

Logfile of HijackThis v1.97.7
Scan saved at 16:44:29, on 14/04/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\AOL6~1.0\waol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\darren\LOCALS~1\Temp\Rar$EX00.500\Hija ckThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKLM\..\RunOnce: [KB824141] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKLM\..\RunOnce: [WMC_0] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\wmpcore.dll"
O4 - HKLM\..\RunOnce: [WMC_1] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\msdxm.ocx"
O4 - HKLM\..\RunOnce: [WMC_2] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\System32\dxmasf.dll"
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://mirror.worldwinner.com/games/v44/pool/pool.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{760FCABD-4F50-4347-BE76-12594E834AAA}: NameServer = 195.93.33.134

I was hoping that someone else would help you with this. :o
The easy way to get rid of it would be running Spybot Search & Destroy (http://www.safer-networking.org/index.php?page=download) or Pest Patrol (http://www.pestpatrol.com/downloads/eval/download.asp). They'll probably work, however you're going to need to delete some files and/or reg entries afterwards.

Elaine,
I can understand your skepticism. Just yesterday my daughter's computer had the nCASE infection. I had to use the two uninstallers as there were two entries in Add/Remove Programs. They both appear to work, but of course I followed through with an Ad-aware scan which found additional spyware on the system.

I've been looking about on and off all day, and wonder if a manual removal would be best. I started typing out one earlier, however as you may know it deals with several registry edits and file deletions. I was hoping to find a easier method to deal with this.

Best and easiest way to remove this is PestPatrol, But if you want to try removing manually theres info below.

http://www.pestpatrol.com/PestInfo/n/ncase.asp