You are quite correct that the described symptoms indicate a malware infection on the computer. It is surprising that Norton 360 did not detect the infection, but unfortunately there are no 100% accurate antivirus scanners on the market which can detect any infection on the computer, given the predicative and heuristic measures involved when detecting viruses and malware on the computer. You can generally rest easy when you have such a security program installed on the computer, since they can usually detect the vast majority of threats. However, there is always the chance that your computer becomes infected with more of a niche infection which falls through the cracks of the scanner, which seems to be the case in this situation.

Nevertheless, we need to remove this malware from your computer. It appears that this is a browser hijacking piece of malware which hijacks a portion of the web browser and redirects to other internet sites. I suggest that you download Ad-Aware Free (www.lavasoft.com) and Spybot Search & Destroy (www.safer-networking.org). You may have read in previous columns that I also recommend downloading Windows Defender (www.microsoft.com/downloads). This is not necessary if you are running Windows Vista or Windows 7, as Windows Defender comes pre-installed with those versions of Windows. However, for the benefit of other readers, if you are running Windows XP then you would need to download this separately, as Windows XP does not come with Windows Defender pre-installed.

Once you have downloaded and installed these three utilities, launch the first utility (it doesn’t matter which one). Tell the program to check for updates, so that you download the latest malware definition and detection files. Once this has finished, complete a full system scan and remove any detected threats. I then suggest that you restart the computer and complete another scan using the same utility. This will help check that all the detected threats were removed and have not returned. Additionally, if any residual elements of the threat could not be removed on the first scan then this will provide another opportunity for the removal of those elements. Once you have completed the scan and removal process with the first utility, repeat this procedure with the other two utilities. By the time you have finished with all three utilities hopefully the problem has been fixed.

Even though the problem may be removed through using the anti-malware utilities, I always remain cautious after the computer has been infected with a virus or malware. In actual fact, I am of the belief that once a computer has been infected that computer can never be trusted again. This is because you can never be 100% certain that the threat has been removed. The antivirus and anti-malware utilities do a good job at removing most threats, but it is always possible that something has remained behind and is still running in the background (with no obvious signs) but is still perhaps gathering data or logging your computer activity. Since computers are often used for sensitive transactions, such as internet banking and other financial-related business, I am not willing to take this risk. As such, my recommendation after having an infection on a computer is to backup any important data that you wish to keep (such as documents and email) then re-partition and reformat the hard drive and then reinstall Windows from scratch. As you are re-partitioning and formatting the hard drive, this will remove all data from the drive, including threats such as viruses and malware. In many cases, this is a much easier and more reliable method of removing the threats from the computer, since it is guaranteed to work first time.

Users often ask when backing-up data from an infected computer whether that can result in the infection also being backed-up and then transferred across to the new computer. In most cases, so long as you are only backing up documents and other non-executable files you should fine. Viruses and other malware require executable files, as they contain the code which can complete operations on your computer (such as displaying advertisements or hijacking the web browser). Additionally, these files need to be executed (i.e. run) otherwise they won’t do anything. Most virus and malware infections are a combination of these two items – executable files which have been configured to automatically run when Windows starts or when something else occurs (such as when Internet Explorer starts). These executable files are generally located within system directories on the computer, so if you are only backing-up selected directories (such as the My Documents folder, the email store folder, etc.) then these should not contain the virus or malware files. That said, if you want to be completely certain then it would be worthwhile running a virus and malware scan over your backup drive before plugging this into your newly refreshed computer. I assume that you are backing-up your data to an external USB hard drive (or like), as some viruses automatically infect external drives when they are connected to the computer. They will generally place an AUTORUN.INF file on the drive, together with the virus executable file. The AUTORUN.INF file allows drives and discs (such as CDs and DVDs) to automatically run an executable file or program when the drive is connected or disc inserted into the computer. You may have noticed this happening when you insert a program CD or DVD into the computer and how it automatically loads the installation program to allow you to install the application. Unfortunately, this also means that if a virus copies an AUTORUN.INF and executable file to an external drive or disc then that virus will be run when the drive is connected or disc is inserted.

However, it is not as easy as it sounds to run an antivirus or antimalware scan on the drive prior to plugging the drive into your refreshed computer, since any time you connect the drive to a computer that computer could potentially be infected (if there is a virus on the drive). Fortunately there is an easy way around this issue. At this point we are mainly interested in ensuring that there is no virus on the backup drive which could automatically run when the drive is connected. There may be other virus executable files on the drive itself, but these would have no way to automatically run so we can worry about those later – for the moment we will concentrate on the more problematic issue of a virus which could automatically run. Once you have finished backing-up your data onto the external hard drive, view the root directory level of the drive. In other words, the lowest directory level on the drive which contains the first-level of sub-directories. If there is an AUTORUN.INF file then it will be present on this level. However, the file could be hidden so we need to enable the viewing of hidden files and folders. Go to the “Tools” menu > “Folder Options” and click the “View” tab. Enable “Show hidden files and folders” then disable “Hide file extensions for known file types” and “Hide protected operating system files”. Click OK. A warning may appear that you have enabled the display of important system files and you can safely dismiss that warning.

Now, check the root level of the external hard drive and ensure that there is not AUTORUN.INF or other executable files there, which you did not place there yourself. Assuming that all is good, safely eject the drive from the computer and then disconnect the drive. Before doing anything further, double-check that you have backed up all data you wish to keep, as this is now the point of no return (since you are about to wipe and format the hard drive in your computer, which will delete all data on your computer hard drive). Once you are certain that all data you wish to keep has been backed-up, you can commence the reformat and reinstallation of Windows.

After Windows has reinstalled, the first task which you should complete is ensure that the Windows Firewall is enabled on your network and internet connection (which can be done through the Control Panel). Then, install antivirus with the latest virus definition updates. Next, you should download the latest updates for Windows so that all important security patches and updates are downloaded and installed. Once Windows has been fully patched you can connect the backup hard drive to the computer. As the first order of business I suggest that you use your antivirus software to scan the hard drive in case any virus files managed to find their way into the folders which you backed-up. If there are virus infected files on the backup drive then the files should not do anything unless they are double-clicked and executed. Therefore, make sure that you don’t run any such files otherwise you could reinfect your computer! Once the antivirus software has completed the scan and removed any detected threats, you can commence copying the backed-up data back onto your computer.

Changing the name of your user account is a relatively easy process. Go to the “Start” menu > “Control Panel” and click “Add or remove user accounts”. The next window should present the user accounts found on your computer. Click your (incorrectly named) account to show the account properties. The first option in the account settings should be “Change the account name”. Click this option and then type the new name of your user account. Now this new name will appear on the Windows 7 startup screen and in the Start menu.

However, you may have noticed that the name of your user profile directory on the computer has not changed. So, the C:\Users\ directory will still be listed with your old user name. Changing the name of your user profile directory is a significant pain, as we need to change various references to the profile directory and should a mistake be made, then it will prevent your user account from working properly. The easiest way to fix this problem is to create a new user account with the correct name, which in turn will create a new profile directory with the same (correct) name. Ensure that you grant this new user Administrator rights on the computer, so that they have the same amount of access as your old account. Now in your old account, use the Windows Easy Transfer wizard to save the data from your current user profile to a particular location. You can find the Windows Easy Transfer wizard by typing the name into the Search box on the Start menu. Once the transfer has completed, use the Windows Easy Transfer wizard to migrate the data back into this new account.

In theory, you now do not need the old user profile anymore. However, I would hold off deleting that account for the moment and keep that around for a few weeks, just in case there is any data which was not migrated by the Windows Easy Transfer wizard.

Generally slow Windows startup times can be attributed to a program or series of programs, loading on Windows startup and slowing down the computer. Quite a few of these background programs and processes (which are hidden programs) are often unnecessary, as you may not be using the functionality which they provide and can be disabled from loading on startup. Furthermore, the internet connection window that appears on startup is indicating that some background program or process is requesting internet access (for one reason or another). The most likely reason is that one of the background programs or processes that have loaded is an updating utility for an application and needs to poll an update server on the internet to determine whether any updates are available. As I assume that your computer is not connected to a home network with a permanent internet connection, you need to manually initiate an internet connection when required. Therefore, because you don’t have an active internet connection when the computer initially starts, yet something on the computer requires an internet connection, the window is appearing, providing you with the option to connect to the internet. That said, it is equally possible that some spyware or adware has become installed on your computer and is requesting internet access which could also account for the slowness of your computer. Granted, this is the more pessimistic assessment of the root cause for this problem, but something nevertheless needs to be considered.

We will first deal with the possibility that a large number of programs and/or processes are loading on Windows startup, causing the computer to run slowly and boot slowly. To test whether this is the cause we will disable all programs and processes from loading on startup. Go to the “Start” menu > “Run” and type “msconfig” (without the quotes)” then click OK. This will open the System Configuration Utility which allows you (amongst other things) to enable and disable items from loading on Windows startup. Click the “Startup” tab. This lists all the programs and processes which load on Windows startup. We are going to disable all of these items so that they don’t load on startup, but before doing so we need to record which items are currently enabled and disabled so that we can restore the original configuration if needed later. Ticked items indicate that the item is enabled to load on startup, whereas unticked items indicate that the item is disabled and not loading on startup. Note down all the items which are currently ticked (alternatively, you may find it easier to note down the inverse, items which are not ticked, if there are currently more items enabled than disabled. Once this has been done, click the “Disable all” button. This will disable all of those items from loading on startup. Click OK to save and close the settings. Restart the computer. As you have disabled all those items from loading on startup none of them will load when Windows starts, so you should check whether the Windows startup is any quicker now that those items have been disabled. As an aside, be aware that a window may appear once the computer reboots warning that the computer is running in Selective Startup mode. This simply means that you have manually (selectively) changed which items load on startup. You can safely ignore and dismiss this message.

If you find that Windows now loads relatively quickly, as those background items have been disabled from loading on startup, there are two further avenues that we can explore. The first is that one or two of those items which were previously loading on startup were the direct cause of the slowness. Therefore, it is reasonable to assume that we can re-enable all of the other background programs and processes except the problematic items which are causing the slowness. However, the challenge is determining which of the items is causing the slowness. This will simply be a trial and error process. Go back into the System Configuration Utility and re-enable one of the items which you previously disabled, click OK to save the changes and then restart the computer. Once the computer has restarted, check whether it is slow or still running at full speed. Should the computer still be running at full speed, repeat the procedure again to re-enable another item and then re-check once the computer has restarted. Continue this process until the computer has a substantial decline in performance, at which time you have determined an item which is causing the problem. You should leave that item disabled and then continue with the procedure, as it is always possible that another item could also be causing the slowness (so you don’t want to assume that because you have found one problematic item that you can immediately re-enable all of the remaining items without problems). Following this procedure should also allow you to determine which item is causing the internet connection window to appear on startup, so that you can keep that item disabled (if it is not necessary) so that you are not prompted to connect to the internet every time you start Windows.

Once you have finished the procedure, you should have at least one program or process which is causing the problem. Obviously without knowing the exact item causing the problem I cannot offer specific advice on how to remedy the issue. However, as a first step you should determine the purpose of that particular program or process. I suggest that you search for the name of the item (as displayed in the System Configuration Utility > Startup tab) in Google (or your favourite search engine) as that should yield results on its purpose. Once this information has been gathered, you should be able to make an informed decision as to whether that program or process is necessary (and whether you can simply leave it disabled with no ill-effects) and also it will provide you with information allowing you to perhaps remedy the issue, by researching whether other users have also experienced the same problem or perhaps whether an update is available which addresses the issue.

As mentioned earlier, there is also a second avenue which we can explore. It is possible that the slowness of Windows startup cannot be attributed to a specific program or process (or group of programs and processes) but instead is just the net effect of having a large accumulated number of items loading on startup. You will find this to be the case because when enabling each of the items one at a time there is no significant performance hit when enabling these individual items, but instead your computer gets gradually and gradually slower as more items are enabled. Should this be the case then you have no real choice except to try to economise the number of items which are loading on Windows startup. Using the list of items which are enabled on startup I suggest that you determine the purpose of each item and whether it is necessary. There are likely to be many items relating to programs which you may not regularly use or perhaps even items which simply update programs installed on your computer. Once you have determined which items you need to leave enabled and which can be disabled return to the System Configuration Utility and make the necessary changes so that you only enable the items which are required. This will result in fewer items loading upon Windows startup, speeding up the startup process.

We will now move onto the more sinister possibility, that the computer has become infected with a virus, spyware, adware or some other kind of nasty malware. If you find that disabling all the startup items does not resolve the slowness, or there are some background items with very strange names (almost random characters), then this is an indication of a possible infection. In the first instance, you should complete a full system scan with your antivirus scanner (make sure that you also have all the latest updates for your antivirus scanner). If you do not currently have an antivirus scanner installed then I recommend that you download the 30-day trial of NOD32 antivirus (www.nod32.com.au). This is an excellent antivirus scanner which has a very small system footprint, so it shouldn’t stall your computer and occupy vast amounts of system resources. If you find that this meets your needs, then you may also consider purchasing the full version once your 3-day trial has expired. Once the virus scan has been completed and removed any identified threats, you should do an anti-malware scan on the computer. You should download and install the following three utilities on your computer: Ad-Aware Free (www.lavasoft.com), Spybot Search & Destroy (www.safer-networking.org), and Windows Defender (www.microsoft.com/download). You should scan your computer with each utility individually and remove and correct any threats issues which are identified. I suggest that once you have completed a scan using one utility you restart the computer and then do another scan with that utility, just to make sure that everything has been properly removed.

However, should you find that after completing the scan the computer is still starting and running slowly, it may be time to consider a clean reinstallation of Windows XP. I realise that this is a cumbersome process, as you need to backup all data and then reinstall Windows from scratch, but over time the performance of computers decreases because there is often a build-up of old data and programs. This is also known as “bit rot” (see the Wikipedia article for a good explanation of this term: en.wikipedia.org/wiki/Bit_rot). Therefore, it may be worthwhile considering a clean reinstallation. However, if you wish to journey down this track then be aware that it is a destructive process – you will lose all data on your computer when doing a clean reinstallation of Windows. Therefore, it is imperative that you backup all important data on your computer that you wish to keep (for example, documents and email) so that they can be restored to your computer once the reinstallation has completed. If you are unsure about this process then it may be worthwhile taking your computer to a professional to have this process completed.

Graphical file formats, such as photos and movies, generally display a thumbnail as their file icon when viewing listings of such files within Windows Explorer. This allows you to immediately see a small preview of that file without having to open the file, making for much more convenient browsing of such graphical files. The Thumbs.db file stores a cache of these thumbnail images. This means that each time you open a folder containing such graphical files it does not need to re-generate thumbnails on-the-fly, but instead can read the thumbnails out of the Thumbs.db cache file. This has significant performance benefits if you have a large number of graphical files in one directory. This file is usually hidden, but I imagine that you have the display of hidden files and folders enabled which is why you can see the file. To hide the file, go to the “Tools” menu in Windows Explorer > “Folder Options”. Click the “View” tab and select “Do not show hidden files and folders” then click OK. More information on the Thumbs.db file can be found at en.wikipedia.org/wiki/Windows_thumbnail_cache .

It seems that we may have two separate issues in play, so we will deal with each issue separately. First, the message about Windows Mail removing access to attachments is not a new question and this feature was also available in Windows XP. This function is designed to allow Windows Mail to be helpful and block potentially dangerous attachments. Unfortunately this results in quite a few legitimate attachments also being blocked, so many people disable this function and instead rely on their own judgment as to whether an attachment is potentially harmful to their computer before opening that attachment. Also, since you are running Norton Antivirus, this should integrate with Windows Mail and provide virus scanning functions to assist in ensuring that any attachments which are received do not contain a potentially harmful virus. If you would like to continue and disable the unsafe attachments feature in Windows Mail go to the “Tools” menu > “Options” and click the “Security” tab. On this tab untick the option “Do not allow attachments to be saved or opened that could potentially be a virus” and then click OK. You should restart Windows Mail to make this setting effective.

The second part of your question is a bit more intriguing, but I think that I have understood what you are trying to describe. When using Outlook Express in Windows XP, the picture attachments in Outlook Express display as a listing just below the address information in the email message. I imagine the reason you said they were code numbers is because the name of the pictures probably looked like they were coded in a particular way, such as IMG_1234.JPG, which is the numbering scheme of the pictures from the digital camera. You could then click (or double-click) on each of these picture attachments to open and view the picture in an external program (most likely the default Windows Picture and Fax Viewer application). Since these pictures came off a digital camera it is likely that they are very large in size. Windows Picture and Fax Viewer generally understands that such pictures are very large and will display the picture at a zoom level which will fit to your screen, so that the entire picture can be viewed without the need for scrolling. However, in Windows Mail it seems that the pictures are being displayed within the email message itself. When pictures are displayed within the message, Windows Mail will generally not scale or zoom the image to fit within the Window, thus it is showing at full size. Because the pictures are so large, this means that you need to scroll around to view the image. Obviously this is not ideal, as you generally want to see the image all at once rather than having to scroll and only view a portion of the image at a time.

As a first method to work around this problem, you should double-check that Windows Mail is not providing you with a listing of the attachments on the email message somewhere different in the window. It may have been the case that Windows Mail was not displaying the listing of attachments previously because they were being blocked by the security feature in Windows Mail which prevents the user from opening attachments which could potentially contain a virus, so it would be worthwhile to double check that now the setting has been disabled whether the listing of attachments returns. If so, they should be able to double-click on the picture attachment (as you did previously), to open the picture in an external viewer which should scale the picture to fit the screen.

However, if you find that the pictures are not appearing as separate attachments then it seems that Windows Mail is handling the pictures differently to Outlook Express, treating them as in-line content within the email message rather than attachments which need to be viewed using an external viewer. There is still a way to launch the attachments within an external viewer so that they scale to the size of your screen and can be viewed in a more convenient way than having to scroll around the screen. Right-click on one of the pictures and select “Save Picture As…” in the context menu that appears. This will allow you to save the picture to a location on your computer, such as the My Documents, My Pictures or Desktop folder. Once the picture has been saved, navigate to the folder in which the picture was saved and then double-click on the picture to open in the viewing application. While this is a bit more of a cumbersome workaround than you previously would have been used to when using Outlook Express in Windows XP, this at least is a way to view the images at a scaled size rather than their huge size within an email message.

This is a very good question which I am glad that you asked, since many other people have asked me this question in the past. However, before we commence, for those who are not familiar with 32-bit and 64-bit operating systems this refers to the amount of information which the processor in the computer can handle at one time. We could go into technical explanations, but that is not really necessary for our purposes (if you are interested then I would encourage you to read the Wikipedia article on 64-bit computing at en.wikipedia.org/wiki/64-bit). However, for the purpose of our discussion you just need to accept that 64-bit capable CPUs can handle data which is 64-bits in length at one time, in contrast with 32-bit CPUs which can only handle 32-bits of data at once. In summary, this means that the CPU can process more data at one time.

Many users immediately think that purchasing a 64-bit capable computer will provide performance increases. However, this is not generally the case. In order to take advantage of 64-bit processing you need to be running a 64-bit capable operating system. Windows comes in both 32 and 64-bit variants, as you may discover if you purchase Windows Vista and find that it comes with both 32-bit and 64-bit DVDs. Additionally, the applications which you are running on the computer also need to support 64-bit processing. 32-bit applications will generally run without issue (I say generally, because some may encounter problems but the majority should be fine) but they will not take advantage of the increased processing performance which 64-bit offers.

In addition to the potential performance increases, if you have more than 3 GB of memory in the computer then you will generally need a 64-bit operating system in order to access and address all of the memory. This is known as the 3 GB barrier (en.wikipedia.org/wiki/3_GB_barrier) which refers to the limitation of some 32 bit operating systems to use more than 3 GB of memory. Depending on the version of Windows being used, this is generally around the 3.2 – 4.0 GB mark, meaning that the operating system can only address and use that approximate amount of system memory but will not be able to use any more above that amount. As such, if your computer has 4 GB or more RAM then you will need a 64-bit operating system to fully access this memory. An interesting article available on the Microsoft website details the memory limits for all the Windows releases (msdn.microsoft.com/en-us/library/aa366778(VS.85).aspx). As you will see, all 32-bit releases of Windows (up to and including Windows 7) support a maximum of 4 GB of physical memory whereas 64-bit editions can support far greater amounts. Given that most computers these days come standard with 4 GB of RAM (and the demand for more RAM in computers will only become greater in the future) installing a 64-bit operating system provides for a good degree of future proofing.

So to answer your specific questions regarding 64-bit systems, 64-bit data files do not require more space on the hard drive to store the data. This is because 64-bit refers to the amount of memory which the processor in the computer is able to address at once. As we previously discussed, this means that the CPU can handle more data at once making the processing (in theory) more efficient. The number of bits which the CPU can process is not related to storage. As an example, there is no difference between a Word document on a 64-bit system and 32-bit system (otherwise a Word document created on a 64-bit system would not be able to open on a 32-bit system) – it just means that, assuming the program used to read the Word document is 64-bit compatible and so is the operating system, that the CPU could process more of that file at once. That said, you may find that 64-bit programs are larger to install than 32-bit programs. Of course, this could also be the other way around – 64-bit programs may be smaller to install than 32-bit programs. This is completely dependent on how the program has been written. To address your second question, processing should be more efficient on 64-bit systems given that more data can be processed at once. However, this depends on whether the application itself has been optimised and written for 64-bit systems.

Your question does raise a very good point regarding device drivers, as drivers written for 32-bit systems will not work on a 64-bit system. Therefore, if you have older devices which may not have updated drivers for 64-bit systems then you may be unable to use those devices on a 64-bit system. That said, it is likely that if the device is so old that there are no 64-bit drivers it may also not have drivers which support Windows 7, so you may not be able to use the device on Windows 7 at all. However, you should definitely double-check whether the devices on your computer are compatible before taking the leap to a 64-bit operating system.

Additionally, as previously mentioned, there may also be applications which do not support a 64-bit operating system and will not work. Therefore, you should also check applications (in particular, older applications) to ensure that they will continue to work.

To summarise, I am of the opinion that unless you have a good reason not to run a 64-bit operating system (such as legacy devices which do not have drivers available, or old incompatible applications) you should install a 64-bit operating system on your computer. This is going to be the standard operating system option in the future, and it provides the most flexibility for hardware changes (such as operating with more than 4 GB of RAM) in the future.