If you already have Malwarebytes installed try rebooting into 'Safe Mode with Networking' which is choice number 2 on the menu you should get by tapping F8 repeatedly while booting up.
That should allow you to update it and run a full scan.
MBAM will operate and update in that mode just as in regular mode.
The bets removal guide on the web is here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-201 1
Scroll down the page as the first links you see are advertising.
Thank you for the speedy response Ex-Brit I have actually tried that page that was one I was trying yesterday actually it didnt work or help.
I also discovered as I tried to download that RKill http://www.bleepingcomputer.com/download/anti-virus/rkill that Mcaffee warned me about it automatically and said it contained all kinds of vicious things inside of it. So I blocked the download automatically.
I also tried the FixNCR.reg yesterday as well that also did not help at all.
The restore seems to have helped but thats why I said im still suspicious not sure if its completely gone or not.
I think in that instance you should have ignored McAfee's warning considering how insidious this malware is.
Your best bet now to get peace of mind would be to run Hijackthis and post its log on one of the following forums for expert advice, perhaps the BleepingComputer one considering it's their instructions that are giving problems.
Don't try to do act on HJT's findings your self.
Do not post Hijackthis logs here, we can't help with those!
Post the logs at a specialist Forum:
Be sure to read all the sticky announcements/instructions at the top of each malware forum!
There seems to be a "cluster attack" with "ransomware" in progress. I visited two well-known general circulation newspaper websites. I attempted to download a photograph of a person featured in a news story and the "Windows Internet Security" or some variant immediately made its presence visible. I have also observed that sometimes just visiting a website is all that is needed to initiate an attack.
Here is my approach, which may change as the nature of the attacks change.
1. I insure that all security updates are installed on my computer as soon as they become available. (I note that when the attack started once, the download of any file was blocked by the malicious software.)
2. I keep Malwarebytes Anti Malware updated and available from a right click context menu. I also keep Spybot Search and Destroy available and update it frequently.
3. I flip the switch to deactivate my internet connection as soon as I observe the symptoms of an attack. A trojan is introduced that imports additional malware and viruses to my machine, so turning off the internet prevents the situation from degrading. I try to avoid rebooting my machine before I have cleared the infection because rebooting seems to embed the cluster of programs deeper into my computer.
4. I keep a second computer available that is not networked with my main computer. That way, I have been able to learn about the nature of the attack. Recently, during one attack, a malware attack from malware that was introduced over a year ago started. I obtained the name of the malware from Malwarebytes Anti Malware. This malicious software spawns multiple instances of ATTRIB.exe and sets almost all file attributes to "hidden" and "system" on the computer and any attached drives. As a result, it appears as if all files and most applications have vanished. They will not reappear even after the infection is cleared. The unlucky computer owner will have to learn how to use the old DOS application ATTRIB to restore all files to their original condition. Please open up a DOS window and type "Help ATTRIB" to learn about the various switches. (You will need to use many of the switches). Make sure that you understand how the software works before you begin to use it.
I think things are going to get worse before they get better. I noted one thread regarding this new cluster of attacks that a well-informed author estimated that criminal gangs were clearing over $1 million per week to offshore accounts with this "Ransomware" attack.