Over 1 million tech questions and answers.

combofix log with AV Security suite the main problem

Q: combofix log with AV Security suite the main problem

ComboFix 10-06-07.03 - mungo_test1 06/07/2010 22:29:31.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.469 [GMT -4:00]Running from: c:\documents and settings\mungo_test1\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\ebergofsky\Local Settings\Application Data\syssvc.exe.((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 ))))))))))))))))))))))))))))))).2010-06-07 21:52 . 2010-06-07 21:52 -------- d-----w- c:\documents and settings\ebergofsky\Application Data\Malwarebytes2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\documents and settings\mungo_test1\Application Data\Malwarebytes2010-06-07 21:29 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes2010-06-07 21:29 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys2010-06-07 05:43 . 2010-06-07 05:43 -------- d-----w- c:\documents and settings\ebergofsky\Local Settings\Application Data\qenmkft.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-06-08 01:25 . 2009-06-09 17:04 -------- d-----w- c:\program files\Symantec AntiVirus2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19905\AdobeARM.exe2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19905\AdobeExtractFiles.dll2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19905\ReaderUpdater.exe2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\19905\AcrobatUpdater.exe.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-09 413696][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-06-09 176128]"igfxtray"="c:\windows\system32\igfxtray.exe" [2009-06-09 98304]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2009-06-09 77824]"igfxpers"="c:\windows\system32\igfxpers.exe" [2009-06-09 118784]"SigmatelSysTrayApp"="stsystra.exe" [2009-06-09 282624]"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2009-06-09 1032192]"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2009-06-09 49152]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2009-06-09 208952]"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2009-06-09 59392]"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-06-09 455168]"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2009-06-09 455168]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-06-09 53408]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2009-06-09 124656]"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-09 151552]"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2009-06-09 802816]"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2009-06-09 696320]"NGTray"="c:\program files\Symantec\Ghost\ngtray.exe" [2009-06-09 218504]"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-06-09 413696]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2009-06-09 15360][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kwinhook]2009-01-10 01:02 6144 ----a-w- c:\windows\system32\KWinHook.dll[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Symantec\\Ghost\\ngctw32.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\KACE\\KBOX\\KBOXClient.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"=R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2/2/2007 2:54 PM 41176]R2 KBOXSMMP;KBOX SMMP Management Service;c:\program files\KACE\KBOX\KBOXSMMPService.exe [6/9/2009 12:33 PM 1719296]R2 NGCLIENT;Symantec Ghost Client Agent;c:\program files\Symantec\Ghost\ngctw32.exe [6/9/2009 1:04 PM 673160]R2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2/2/2007 2:35 PM 1235032]R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/9/2009 1:04 PM 115952]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [6/3/2010 12:27 AM 102448][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]2009-06-09 17:20 124928 ----a-w- c:\windows\system32\advpack.dll..------- Supplementary Scan -------.uStart Page = hxxp://www.exeter.edu/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000.- - - - ORPHANS REMOVED - - - -AddRemove-ActiveTouchMeetingClient - c:\windows\Downlo~1\atcliun.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-06-07 22:32Windows 5.1.2600 Service Pack 3 NTFSscanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(872)c:\windows\system32\IWPDGINA.DLLc:\program files\Intel\Wireless\Bin\SsoGnENU.dllc:\windows\system32\kwinhook.dll.Completion time: 2010-06-07 22:34:38ComboFix-quarantined-files.txt 2010-06-08 02:34Pre-Run: 18,012,426,240 bytes freePost-Run: 18,001,170,432 bytes freeWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect- - End Of File - - 61F28CD50B94FFDD9864CF454176EF0A

RELEVANCY SCORE 200
Preferred Solution: combofix log with AV Security suite the main problem

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: combofix log with AV Security suite the main problem

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HEREPlease download GMER from one of the following locations and save it to your desktop:Main MirrorThis version will download a randomly named file (Recommended)Zipped MirrorThis version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.Disconnect from the Internet and close all running programs.Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply.Exit GMER and re-enable all active protection when done.-- If you encounter any problems, try running GMER in Safe Mode.

Read other 2 answers
RELEVANCY SCORE 62.4

Hi All,
I have Zone Alarm Pro as my firewall, and Norton 2003 as my Anti virus. I probably should update my anti virus but was thinking about purchasing the Zone Alarm Security Suite and then add a spyware program. The one thing I do have trouble dealing with, using Zone Alarm Pro is that I use a VPN to login to my employer's client systems (different IPs depending on the client's sites). I can't have Zone Alarm Pro up and running when I login. I'm a bit of a newbie when it comes to firewalls and because I'm a contractor I do not receive much help from the employer so not sure if Norton Security Suite would be a little more user friendly when it comes to adding IPs that I login to.

Any opinions on ZA or Norton SS would be greatly appreciated, as well as any input with using VPN with firewalls.

Thanks in advance,

MB
 

A:Zone Alarm Security Suite or Norton Internet Security Suite

I woul keep Zone Alarm Pro. Was posted someplace thatwith Zone Alarm Security Suite so of the options of Zone Alarm Pro are not the same so that Zone Alarm Pro alone is better.

Here is a link. Bet it is something you need to setup up right.

http://forums.zonelabs.com/zonelabs
 

Read other 2 answers
RELEVANCY SCORE 58.4

Seems that Agnitum released new versions of their security products

Outpost Security Suite Pro 9.0 (4535.670.1937) 32bit
Outpost Security Suite Pro 9.0 (4535.670.1937) 64bit

Outpost Firewall Pro 9.0 (4535.670.1937) 32bit
Outpost Firewall Pro 9.0 (4535.670.1937) 64bit

Outpost Security Suite Free 7.1.1
The following improvements have been made:
Outpost can install and run an on-demand malware scanner in Windows Safe Mode
Major upgrade to URL BlackList. Outpost 9 uses a new URL processing algorithm to protect users against accessing fraudulent websites, and increases its knowledgebase of bad sites thanks to regular updates
Outpost can be installed on an infected system, detect and remove malware during installation
Agnitum Live Disk. Users can now create a bootable rescue CD or USB drive with Agnitum Live Disk utility. This tool will eliminate the malware that is preventing Outpost from being installed and clears the way for a normal installation process
The following issues have been fixed:
An update error emerging during antivirus base downloads was fixed
Improved stability of quarantine operations
Improved stability of ImproveNet module?s update process
Improved stability of operations with Process Activity
Improved stability of creating rules in the Process Activity
Improved stability of Service during the checks of digital signatures
The logic of applying updated presets was optimized
Issues with default installation of specific parameters on creating a new configur... Read more

A:Agnitum Outpost Security Suite Pro 9 and Security Suite 7.1.1

New features
New! Emergency first aid

If ransomware or any other sophisticated malware denies users access to their computer and keeps Windows from functioning, they can now create a bootable rescue CD or USB drive with Outpost Live Disk utility. This tool will eliminate the malware that is preventing Outpost from being installed and clears the way for a normal installation process.

New! Installation on an infected system

Some malware processes are designed to prevent installation of security software. In response, Outpost 9 can install and run a scan for active malware in Windows Safe Mode. Once any pre-existing infections are removed, Outpost can step in to protect the system from future threats.

Improvements
Improved! Major upgrade to URL BlackList

The Internet is teeming with bad websites that aim to extort money or personal information from unsuspecting users. Outpost 9 uses a brand-new URL processing system to protect users against accessing fraudulent websites, and increases its knowledgebase of bad sites thanks to regular updates. Before any damage can occur, Outpost will steer the user away from a dangerous website and save their valuable information.

Improved! Outpost 9 is now fully compatible with Windows 8.1

Outpost 9.0 products continue to maintain universal compatibility with all supported Windows platforms, including the latest Windows 8 and Windows 8.1 versions.

Once installed, Outpost does its job without slowing the machine down, providing all the pr... Read more

Read other 4 answers
RELEVANCY SCORE 58

I got rid of all my " Security suite" problems....I think. Have attached my HJT log if anyone can help.
 

Read other answers
RELEVANCY SCORE 57.6

Hello, I'm not sure how descriptive I'm suppose to be but I'll try my best to get my point across without making my post too long. A couple hours ago I came back from dinner and found several pop ups on my screen about this "Security Suite." I couldn't run firefox and trying to shut down the "SS" through task manager wasn't working either. The program seems to block anything from opening by saying it is infected. I figured I'd try using a restore point from last week and found that the program was blocking that as well. So I decided to use my laptop to find some kind of solution. I came up with this particular website and have been following this guide: http://www.bleepingcomputer.com/virus-remo...-security-suiteEverything worked out as it should have until step nine. The rkill runs and a black screen pops up filled with white text saying "The system cannot find the path specified." over and over. Then a notepad opens up that says:This log file is located at C:\rkill.log.Please post this only if requested by the person helping you. Otherwise you can close this log when you wish.Services Stopped:Processes terminated by Rkill or while it was running: Rkill completed on 09/06/2010 at 19:08:54I've typed it just as it's on the screen. I'm just not sure if rkill worked. I decided to go on and finish up the rest of the guide and I was able to install Malwarebytes. It is currently scanning the pc and has found 3 o... Read more

A:Security Suite Problem on Desktop

Hello. Please post that MBAM log when dome.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard t... Read more

Read other 7 answers
RELEVANCY SCORE 57.6

I am getting a registry related error when trying to install CA Secuity Suite. I've attached the screen shot with the error I am getting.

I had McAfee installed, deinstalled it first and ran a clean up tools that was recommended, but still can't install CA.

Help!
Norma
 

Read other answers
RELEVANCY SCORE 57.6

I have the AV Security Suite Virus and am using Windows XP.
I was finally able to download malwarebytes using an alternative link. As I tried to run it, an Error: 0 window appeared. However, the malwarebytes screen still popped up and allowed me to run a scan.
I then clicked on 'Remove Selected Items.' Malwarebytes removed most infected items but requested that I restart my computer to complete the process. Am I supposed to restart in Safe Mode? I tried restarting in both safe and normal modes, and nothing happened.
I know the virus is still there because when I attempt to re-download Malwarebytes (renaming the exe file to something random) I get more error windows saying Error: Enumerate 2; 3.

Any ideas? Thanks!

Read other answers
RELEVANCY SCORE 56.8

Thanks for any help you may be able to provide.

This fake security suite seems to pop up almost immediately upon trying to access information on the web and takes me to fake websites that are clearly not where I intend to link when I enter a search term in Google (or other search sites). I tried to eliminate it using Malwarebytes' Anti-Malware, but to no avail. It does seem less frequent, but not gone.

Let me know what other information you need.

Here are the logs that I believe I'm to provide:

---------------------------------------------------------------------------
DDS (Ver_09-07-30.01) - NTFSx86
Run by PCRC at 22:03:48.90 on Thu 07/30/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.262 [GMT -5:00]

AV: Windows Security Suite *On-access scanning enabled* (Updated) {C7F7D54A-2899-47FA-8148-AE366533F23C}
FW: Windows Security Suite *enabled* {336FFE1D-BC67-440A-AF27-58A656991110}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxp... Read more

A:Windows Security Suite (malware / problem)

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the "Run Scan" button.The scan should take just a few minutes.Copy the log that opens up and paste it back here in your next reply.

Read other 11 answers
RELEVANCY SCORE 56.8

This may be a little complicated, so bear with me.A few months back my PC was infected by Security Suite, I followed the instructions for Its removal on BC. At first it was gone, then my browser started redirecting me to pages I didn't ask for or even open. So I kept on using MalwareBytes and rkill to remove it. It was during one of these removals that I noticed rkill wasn't running the way it should, instead of taking time like the instructions said it was, it was over quickly and a message poped up saying:"This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as User on 13/08/2010 at 17:39:08. Processes terminated by Rkill or while it was running: C:\Documents and Settings\User\Desktop\rkill.comRkill completed on 13/08/2010 at 17:39:11. "I'm not sure if that is normal or not. But this week Security Suite came back again.This week my PC started having problems with loading. As soon as it comes on it freezes and then starts saying IE8, Java and other programmes have failed and need to close. It also displays "You are Low on Virtual Memory" message, but I'm not as over 90% of the disk is free space. Because of these problems the PC stays frozen. I pressed "reset" in Internet Options to try and fix the problem, that didn't work. When I boot in safe mode though, IE8 and other programmes work fine. Als... Read more

A:I have a problem with Security Suite, Its removal and the browser.

Hello,Please follow the instructions in ==>This Guide<== starting at Step 6.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 56.8

It's annoying me and how to get rid of this.....i cannot open my applications and listen to my musics!! cause of the security suite center!! any tips to remove this programs??

A:Problem AV Security Suite alert on my system!

Your computer is infected and "AV Security Suite" IS the virus!

http://www.precisesecurity.com/rogue/av-security-suite/

Read other 1 answers
RELEVANCY SCORE 56.8

Out of nowhere we have security suite trying to scan the computer. It won't allow us to view any web pages when we open IExplorer. It takes us directly to the security suite page. We can't open the "add or remove programs" from control panel to get rid of anything. It allows limited access to the c: drive. We can't download anything and norton is being useless. It won't allow us to open any programs to even remove programs

A:ive done a search and cant find the same problem were having with security suite... please help

Hello and welcome. Let's try it this way... Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill ... Read more

Read other 1 answers
RELEVANCY SCORE 56.8

I was advised by a moderator to create the following Logs: DDS, Attach and ark, to help with an on going problem I have. I will list below (in bold) what I've done so far and post the Logs with this topic.A few months back my PC was infected by Security Suite, I followed the instructions for Its removal on BC. At first it was gone, then my browser started redirecting me to pages I didn't ask for or even open. So I kept on using MalwareBytes and rkill to remove it. It was during one of these removals that I noticed rkill wasn't running the way it should, instead of taking time like the instructions said it was, it was over quickly and a message poped up saying:"This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as User on 13/08/2010 at 17:39:08. Processes terminated by Rkill or while it was running: C:\Documents and Settings\User\Desktop\rkill.comRkill completed on 13/08/2010 at 17:39:11. "I'm not sure if that is normal or not. But this week Security Suite came back again.This week my PC started having problems with loading. As soon as it comes on it freezes and then starts saying IE8, Java and other programmes have failed and need to close. It also displays "You are Low on Virtual Memory" message, but I'm not as over 90% of the disk is free space. Because of these problems the PC stays frozen. I pressed &q... Read more

A:I have a problem with Security Suite, Its removal and the browser.

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other... Read more

Read other 19 answers
RELEVANCY SCORE 56.8

i just recently got broadband and was previously running on a 56k modem.
i also got a new computer at the time and someone installed Kaspersky Internet Security Suite onto it. i thought everything was good because the broadband was running really fast for a couple of days, but starting yesterday it began to run slower. i had no idea what was causing this (i have no knowledge of computers) but now my internet is only barely faster than a 56k connection.

i went into windows task manager and realised that the file avp.exe was occasionally taking up a lot of memory, so i ran a search on it and found out that it is infact a malicious program??

it is part of the Kaspersky Security so should i just uninstall the whole program and just ignore internet security??
the only time i ever download anything is from official sites and from itunes, i don't use Limewire or anything and i receive about 4 emails a month. so do i even need internet security or will my computer still be at risk.

i know all of this probably sounds retarded but please could somebody help me. i am clueless about this and it's lucky i found this forum.

if it's any help i am also using firefox.

thanks in advance.

A:Problem With Kaspersky Internet Security Suite

Moved to a more appropriate forum from the Email and web browser forum.

Read other 3 answers
RELEVANCY SCORE 56.8

I had (still have?) the Windows XP Total Security virus - I *thought* I removed that main problem with MalwareBytes, but I'm now having browser (IE) redirect issues and "IE Script Error" pop-ups. Also, Windows Updates, Avira Updates are disabled.
I have run all reports: DDS below and Attach & GMER reports attached.
Thanks in advance for your help!

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by dwa1000 at 10:28:46.73 on Wed 04/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.617 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dwa1000\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.cnn.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {1... Read more

A:I had (still have?) the Windows XP Total Security virus - I *think* I removed that main problem with MalwareBytes, but I'm...

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

Read other 2 answers
RELEVANCY SCORE 56.4

After following the directions step by step for the 'Automated Removal for AV Security Suite using Malwarebytes' Anti-Malware' post, I got to the point of double-clicking on the mbam-setup.exe file, started the full scan and the computer just shut itself off. Now, any time I try to reboot, the darned computer shuts itself off! Even in Safe Mode. HELP!

Obviously I am posting this from another computer...if I can get some help as soon as possible, I would GREATLY appreciate it as I use that computer for work.

Thanks in advance!!

Marjori
frustrated in Phoenix

A:AV Security Suite removal attempt, now bigger problem!

Have you tried selecting Last known good configuration?

Read other 3 answers
RELEVANCY SCORE 56.4

My operating system is Microsoft Windows XP Home.

Getting my internet service installed by Verizon has been a hassle. I thought I was in the process of activating my account yesterday, but something went wrong. I apparently cleared everything up with Verizon, but as a result of the partial activation process I went through, I downloaded Verizon Internet Security Suite (VISS). But halfway through downloading it, there was an error, and so I don't think it was completely downloaded.

Now that I must go through the whole activation process again next week, I have been trying to remove everything I downloaded. But when I tried using "Add or Remove Programs" to remove Verizon Internet Security Suite (hereafter VISS), I was informed that I had to reboot first. Well, I rebooted my computer, and tried again. But again I was told I had to reboot first. So I tried deleting the entire Verizon folder on my hard drive, but it wouldn't let me, saying: "Cannot delete AVCntxtR.dll: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently is use."

Furthermore, I cannot open "My Computer" on my desktop, nor can I click on "My Network Places" in the Start menu. When I do, I receive this message: "Cannot start this program, because the required component 'C:\Program Files\Verizon\Verizon Internet Security Suite\Resources\zk_en_US\CLB_Rsrc.dll' is missing. Please try re-installing this... Read more

A:Solved: Problem with Verizon Internet Security Suite

I'd suggest a system restore to before the mess started, then do NOT download the Verizon junk, there are better options!
 

Read other 3 answers
RELEVANCY SCORE 55.6

Back in September, we were infected by the Security Suite virus, which almost completely disabled our computer. From a friend, we got information on how to run SpyBot so our computer would at least return to a working state. Then we ran lots of other anti-malware products, including: MalwareBytes, SuperAntiSpyware, Ad-Aware, and Avast. Several problems were found and removed.

Later, we kept getting redirects after doing Google searches. We often had a difficult time backing out of the redirected page back to the main Google search page. So we tried getting deeper into the problem and ran all the malware/spyware removal programs again, all of which turned up nothing. Then we tried the steps on this site: hxxp://www.2-viruses.com/how-to-fix-google-results-hijacker-google-redirect-virus-problem. We checked our Hosts file and removed a couple of problems (recommended from a friend).

We ran Hijack this and got a log file a while ago. We ran Trend Micro Rootkit Buster, which came up clean.

Here are some links from an older redirect we got a while back, maybe this will help?

My intended Google search: hxxp://www.google.com/search?q=time+warner+cable&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
redirect: hxxp://itcg.21897.information-seeking.com/jump1/?affiliate=itcg&subid=21897&terms=time%20warner%20cable&sid=Z029044496%40EzXxQjM1kzMy81MwkjMfZTYfRTOx81M3UzNzMTO4ITM&a=vgpt&mr=1&rc=0
end page where we landed u... Read more

A:Google search redirect problem after Security Suite infection

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 30 answers
RELEVANCY SCORE 55.6

I am on a Sony Vaio laptop running Vista 32. The PC seemed to be working perfectly until I got the AV Security Suite that would show up on my toolbar (bottom right)....

Basically it says I have an AntiVirus Software alert and wants me to update. Everytime I surf the net it pop ups basically going over the same things. update or stay unprotected.

Anyways, I tried watching Step brothers which I have saved on my PC and the error "Security Warning - Application cannot be executed. The File vlc.exe is infected. Do you want you activate your antivirus software now.


Which brings me to this...

Everytime I download and try to run DDS and GMER, I bget the same warning. Instead of it being vlc.exe, it's dds.scr....

I also tried Control/Alt/Delete to stop the file so I could run my Malware Anti-malware program to get rid of it, but again...it's a no go....I can't even get to my Task manager.

A:AV Security Suite - Major Problem! cant open a singe file

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Try downloading and running the tools in Safe Mode with Networking: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
Login on your usual account.
------------------------------------------------------

Read other 2 answers
RELEVANCY SCORE 55.2

I have NOD32 Eset Security Suite installed, and whenever I have the firewall enabled and try to use a web browser (any web browser), I get the page not found error. I have to right-click the icon on the taskbar and click "Do not filter network traffic", which of course disables the firewall.

Anyone have any ideas as to how I could fix this problem?
 

A:Problem with NOD32 Eset Security Suite (browsers don't work when firewall is on)

add the rule
allow tcp outbound to=any ports 80,443 nolog​
 

Read other 3 answers
RELEVANCY SCORE 54

Ran ComboFix to successfully (?) remove AV Suite. Computer is no longer hijacked.

But, now when surfing internet with IE8, even trusted sites, as often as not I get the message "Cannot display the webpage." Sometime, if I click again, the page will display. Sometimes not.

Repeatedly tried using Microsoft Automated Troubleshooting Service to resolve the issue, but get message that the it "failed to install." and to try again later. Turned off Popup blocker, Disconnected Firewall and AntiVirus applications but get same message.

This makes me wonder if AV Suite virus left some residual issue.

Any suggestions?

A:AV Suite - ComboFix

Hello,I 've moved this to the Am I Infected forum as you may still be.Let;s take a further look.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that... Read more

Read other 3 answers
RELEVANCY SCORE 51.6

Following on from http://www.bleepingcomputer.com/forums/ind...p;#entry1928024. C:\Windows\Temp\reoD7D.tmp (Rootkit.Dropper) shown by MBAM, along with some trojan results. I think the trojans have gone after telling MBAM to remove them, but apparently the rootkit is still there.GMER crashed a few times and caused some blue screens, managed to get it to finish eventually but only in safe mode.Thanks for any help.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Andy at 22:00:20.77 on 15/09/2010Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_06Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.2046.1357 [GMT 1:00]AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k secsvcsC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe ... Read more

A:Trying to recover from rootkit , Security Suite and Fake Microsoft Security Essentials

Hello and welcome to Bleeping Computer! We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open wit... Read more

Read other 2 answers
RELEVANCY SCORE 51.6

Hi

...now totally confused about which to use, or which ist the best deal for the money?
Right now i am using the trial version from Zone Alarm Internet Security,i like it - but it really slows my system down. I was also thinking about Bitdefender total security...since they offer a 30 day free trial version, or Internet Security Software 08.
I do like the idea of having a Security Suite, its kind of all in one , and i don"t have to hassle with x amount of programs ( still somewhat of a beginner).
I have read many ratings and reviews... just to confuse me more...seems as though depending on what webside you are looking (c/net, or pc world, or computer world...) each has its own favorite.

Can anyone help out?

Thanks in advance.
 

A:Zone Alarm Security Suite versus Bitdefender Total Security

Howdy AstridG James,
I have been using Zone Alarm Security Suite for a couple of years now and find it very good. I also have SpywareBlaster,Ad-Aware 2007 Pro, Spybot Search n Destroy 1.5 and WinPatrol.All the programmes seem to be needed to find different things and although Zone Alarm seems to stop most and is a gr8 AV....never had any problems with it at all...the other programmes still find different things and all work well together.
Regards Paula
 

Read other 1 answers
RELEVANCY SCORE 51.6

Hi,
Last night I started getting pop-ups from my computer security telling me that it was blocking an application.  I have had something like this happen before quite some time ago, but I don't remember the name of the app it was blocking.  This is what the pop-up says:
 
Computer Security
Application Blocked
DeepGuard has blocked an application in your computer:
 
Application:  blds.exe
Reason:  Previously blocked application
What should be done?  Your computer is protected.  If you still want to use the application, you can change the application permissions.  (The words "change the application permissions" were highlighted as a link.)
 
Details:  Application:  c:\windows\syswow64\drivers\blds.exe
Reputation:  Unknown
Popularity:  Common                                                                                             Report this application to F-Secure?
 
              ... Read more

A:My computer security (Charter Security Suite) is blocking an application

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeClick Go and post the result. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.* Double-click mbam-setup.exe and follow the prompts to install the program.* At the end, be sure a checkmark is placed next to Up... Read more

Read other 1 answers
RELEVANCY SCORE 51.6

I have a personal computer that I need an antivirus and firewall for. Mainly because I have ports 80 and 21 open. I have these open because I run my own personal server. I need to know which one of these is better for use on my server, and which one is better for my personal computer. Which one would make my server more secure?

NOTE - My server only needs a firewall, not an AV. My personal computer needs an AV.
 

A:PC-cillin Internet Security 2005 vs. Zonealarm Security Suite

For personal computers, my favorite, and actual, combination is Zone Alarm Pro Firewall, and Norton Antivirus 2005. Norton Firewall is probably pretty good, but I don't like the notification interface and I get the feeling it doesn't tell me everything, so definitely I say Zone Alarm's Pro firewall is the way to go...and Zone Alarm's Suite that includes the anti-virus, I got the feeling it was a little weak in interface and ability....but for servers...I'm not so sure if I would recommend the same thing, or something more heavy duty and specially designed for servers, I just don't know...

EDIT: PC-Cillin is a piece of crap...I didn't like it at all! The spyware feature was barebones at most, and it was just crappy all around....you should download some trials of these things and see which one you personally like best, becuase PC-Cillin, Norton, and Zone Alarm all seem to get pretty much the same ratings by magazines, etc.
 

Read other 3 answers
RELEVANCY SCORE 51.2

When I'm logged on as an Administrator (which I only log onto to install applications), my Windows Security Center recognizes my AT&T security suite. Everything is fine.

However, when I logon as a User (which I do a majority of the time for internetting and music), Windows Security Center informs me that AT&T's security suite isn't active, even though the icon is shown in the systray, and all of it's services are active (I can see the firewall blocking info in real time for example).

Why does Security Center detect the same suite on my Administrator account but not my User account? This issue only happened after I uninstalled Visual Basic .net a few months ago (I can't restore to back that date at this point to undo it), and I'm wondering if there's a way to repair it.
 

A:Windows Security Center not recognizing Security Suite in XP Pro

IIRC, the MMC (Microsoft Management Console) relies upon .net to function properly.
 

Read other 3 answers
RELEVANCY SCORE 51.2

I currently have the Norton product installed on my system. The subscription will run out in about a week. Time Warner offeres the EZ Armour suite at no charge for customers. Is there any major technical or quality reasons to not switch to the EZ Armour?

Also, if I do switch, are there any suggestions for fully removing the Norton Product? I have heard that this can be somewhat difficult.

Thanks
 

A:Norton Internet Security vs. EZ Armour Security Suite

Read other 7 answers
RELEVANCY SCORE 50

Ok my wife's laptop some how picked up this virus that will not let me intall any programs or get online or delet it.I ran the frst64 program to start things off here is the log.  Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013Ran by SYSTEM on MININT-1FMGDB9 on 16-10-2013 00:15:11Running from I:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-02] (IDT, Inc.)HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-09] (Synaptics Incorporated)HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [DLBUCATS] - rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\DLBUtime.dll,RunDLLEntryHKLM\...\Run: [dlbumon.exe] - C:\Program Files (x86)\Dell Photo AIO Printer 942\dlbumon.exe [431600 2007-02-28] (Lexmark International, Inc.)HKLM\...\Run: [MemoryCardManager] -... Read more

A:Malware Security Suite Antivirus Security Pro HELP!!!!

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.   Fix with FRST (Recovery Environment)Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and... Read more

Read other 7 answers
RELEVANCY SCORE 50

Hi, I'm new to internet security systems so please bear with me as I explain, Which is considered the better choice Norton Security Suite or CA Security Center? Can I have both on my computer? Also I clicked on the link for "Antimalware, And Antispyware Resources" and I am wondering should I add some of these applications in addition to the Norton & or the CA:
- Spyware & Malware Removal Utilities
- Spyware Protection Programs
- Online/Virus Scanners
- Malware/Virus Specific Cleaners or References
- Spyware Removal Tools
- Tools to help prevent Spyware
Or are these types of applications all a part of the Norton & or the CA.
Any help will be greatly, greatly appreciated.
Thank you.

A:Which Is Better Norton Security Suite or CA Security Center?

You ask a common question for which you will receive varying opinions and recommendations. There is no universal "one size fits all" solution that works for everyone and there is no best anti-virus. Please see Choosing an Anti-Virus Program.Before to read the note why using more than one anti-virus program is not advisable.After reading that, scroll up to the first topic posting and read Best Practices for Safe Computing - Prevention.

Read other 2 answers
RELEVANCY SCORE 50

I recently downloaded a movie from a non-trusted source and, voila, I now am the proud owner of the Security Suite! I am a lucky man. Anyway, I need to wipe this stuff off my laptop and haven't had any luck using the generic removal guide on this site. I use firefox and cannot access the internet (browser starts up but stalls and must be ctl-atl-delete shut down) so I'm posting from my clean desktop. I've used this fantastic site in the past and it was my first thought upon contracting this annoying bug. Any help would be greatly appreciated!

I'm getting multiple pop-up warnings on my desktop, including a "Security Warning" which states: Application cannot be executed. The file (this part can vary) rundll32.exe is infected. Do you want to activate your antivirus software now? Another pop-up is RUNDLL with a large red X on the left side. It says: Error loading cffqp.dll (this also changes depending on what I'm doing). The specified module could not be found. You can only click OK on this.

There's a pop-up on the lower right where the shield from the malware is on the taskbar. It states: Windown Security Alert with a red X to the left. Windows reports that computer is infected. Antivirus software helps to protect your computer against viruses and other security threats. Click here for the scan your computer. Your system might be at risk now. (I'm not particularly impressed with their sentence structure)

It will... Read more

A:Windows Security Alert / Security Suite

I noticed Pandy edited this post and removed it from MR. I cannot run DDS to get a log! Read my post!

Read other 2 answers
RELEVANCY SCORE 48.8

They look like this:


Code:
Log Name: SecuritySource: Microsoft-Windows-Security-Auditing
Date: 6/25/2013 9:28:37 PM
Event ID: 4624
Task Category: Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: ASUS-PC
Description:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: ASUS-PC$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x2a0
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon ... Read more

A:Odd security entries on my main PC

Sounds scary !

Read other 2 answers
RELEVANCY SCORE 47.2

Hi, I received the AV Security Suite popups. I am running a Dell Vostro 1700 with Windows XP. I went searching for a solution, and found the instructions to reboot and start in safeboot mode. But when I did, it rendered my mouse and keyboard useless. So now it boots up and stays stagnant on the user logon screen. I have searched other threads and see plenty of instructions on what to do, but I can't download or run any programs with no mouse or keyboard. I am just stuck. I am using another computer to post now. Any help would be greatly appreciated.

A:AV Security Suite

Welcome to TSF :)

Do you still need assistance?

Read other 2 answers
RELEVANCY SCORE 47.2

This would be round three in roughly a 4 week period.I have followed the removal instructions twice found Here, but it keeps coming back.In further reading on the topic, I found that one of the things it does is block updating. I currently cannot connect to MSupdate and have received no updates for xp in quite a while as i have discovered. Furthermore, every now and then i get strange popups to random websites, not sure if any of this is related or whole separate problems.Looking fwd to learning a few things and fixing this problem. Thx in advance for any and all help. I know this is all volunteer and its appreciated by this user. I hope i have uploaded or copied and pasted the correct information in the right order as per your guy's preparation guide. DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Joel Ferguson at 19:23:08.89 on Tue 07/06/2010Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1562 [GMT -5:00]AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\system32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\Program Files\Alwil Software\Avast5\AvastUI.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Ado... Read more

A:AV Security Suite

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Do not Attach logs unless I ask you to.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.I see you ran the scans in safe mode - can you boot into normal mode?If you can then please run the scans in normal mode.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first.... Read more

Read other 46 answers
RELEVANCY SCORE 47.2

Hi

I just got a new hard drive and it was super fast UNTIL I reactivated my CA Security Suite. Now it is very sluggish. I have to disable the firewall to see any videos from youtube.

I have anti virus protection from my ISP. Should I uninstall this?
 

A:CA Security Suite

So you have two antivirus programs running on your PC? If that is the case then yes you should ablsolutely pick one and get rid of the other. I'd go with CA it seems to be a good program though I do have limited experience with it. If you have any of the McAffee products from your ISP I'd recommend not using them. They are notorisouly bad and prone to problems.
 

Read other 3 answers
RELEVANCY SCORE 47.2

Hello all. I Have a computer here from a friend that had AV Security suite on it. This particular one shut down IE and Firefox, so access to internet is a no-no. But the weird thing is I AM able to play internet spades and after I installed Super Anti Spyware via CD. I was able to update it. So there IS some internet connection. I can also ping Yahoo.com from Command Prompt.

The next problem I had is I couldn't get into Safe Mode, I would get the BSOD, but I was able to repair that with Super Anti Spyware, but I when I did eventually get into Safe Mode, I was able to surf the web on both IE and Firefox. I reboot and still no access to the web with IE or Mozilla.
I'm at a loss on this one.

A:AV Security Suite

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 47.2

I have had similar problems like this with Anti-Virus Soft and other programs, that have been removed successfully. I did the same when this appeared. Start in Safe Mode/Networking, open internet and reconfigure LAN, look up how to remove, used RKill/Malwarebytes Anti-Malware as suggested, and restarted computer. It still said it was there, but now my computer would go black then enter the blue screen, saying it was dumping the memory to protect it, then restart itself. I'm not sure if it could be, but I still had the Malwarebytes installed from the last time. Do I need to uninstall and reinstall to make it work? If not, please notify me with what needs to be done, as college starts soon and a working computer may be essential to my classes..:Edit:. I'm currently in Safe Mode/Networking, and it is running fine. But I had something happen last night, when I first started doing the required procedures in Link. I got everything done, had the topic up and waiting, and was running the DDS program. It was scanning and had 3 things on it's list, then my computer just restarted. I logged back in under Safe Mode/Networking and re-opened internet, instruction and posting topic page were saved, but when I ran DDS this time, it only found 1 thing total. I'm not sure if this something to be mentioned, but I thought I would just in case.QUOTEDDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Cody_2 at 22:28:43.46 on Sat 09/11/2010Internet Explorer: 8.0.6001.18241 BrowserJavaVer... Read more

A:Security Suite

Hi, Clurion Follow these steps in Safe Mode for the time being.Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**Please, never rename Combofix unless instructed.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.-----------------------------------------------------------Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it startsPlease do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.If there is no internet connection after running Combofix, then restart your computer to restore back your connection.-----------------------------------------------------------Copy the entire contents of the Quote Box below to Notepad. Name the... Read more

Read other 12 answers
RELEVANCY SCORE 47.2

The pop ups keep coming up randomly, even when I'm not on the internet (Zone Alarm stop internet activity was enabled). I tried system restores, Malware bytes (several times, and the last one didn't find anything) but they just keep popping up. I am able to stop the website from loading by closing the browser or tab, and put that website in AdBlock Plus to filter out, but different one's keep popping up.DDS only opened as a notepad file with gibberish in it except for the first line which says "This program cannot be run in DOS mode."Here is the GMER file.GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-07-13 12:46:00Windows 5.1.2600 Service Pack 3Running: gmer.exe; Driver: C:\DOCUME~1\David\LOCALS~1\Temp\kwrcqpoc.sys---- System - GMER 1.0.15 ----SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB1615534]SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB160F782]SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xB162E6DC]SSDT \??\C:\WINDOWS\system32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB1615CC0]SSDT \??\C: ... Read more

A:AV Security Suite pop ups won't go away

Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until ... Read more

Read other 38 answers
RELEVANCY SCORE 47.2

So my father's PC has become infected by AV Security Suite one way or another. He is running Windows XP. I have followed the removal instructions found at bleepingcomputer.However, the computer is experiencing serious issues and I cannot complete the removal instructions. See below for a list of issues:#1The computer will not boot in safe mode, safe mode with networking, or safe mode with command prompt. I have tried multiple times. Each time it starts booting into safe mode and then I get a blue screen of death. Screenshot#2I cannot run rkill.com and I have tried all of the renamed versions. The window box opens up to run the program then I receive the error:"Application cannot be executed. The file rkill.com is infected. Do you want to activate your antivirus software now?"#3I cannot run nearly ANY programs. I get the same error message as above when I try and run:cmd.exetaskmgr.exeregedit.exerstrui.exe (System Restore)rundll32.exe (Delete Internet Files)mbam.exeComboFix.exeInternet Explorer does not work, even after disabling the LAN proxy settings as instructed. However, Firefox works without issue.Please advise. Thanks.

A:AV Security Suite

Update: I was able to get rkill.com to run after "out-clicking" the virus. I literally sat there and just tried to open up rkill.com as fast as I could and I guess the virus couldn't kill the programs fast enough. I then was able to run mbam.exe, which cleared three trojans. It prompted me to restart. Restarted, virus was back again. Followed the same procedure, mbam.exe cleared two trojans. I then ran ComboFix which detected root kit activity and cleaned everything up. Laptop is running great again.My father was running Windows XP SP2...no wonder the virus was able to do what it did.This can be closed.

Read other 3 answers
RELEVANCY SCORE 47.2

Hi, I have followed the instructions on this site for " How to remove AV Security S." BUT it did not work I used the rkill followed by Malwarebytes Anti-Malware as instructed but when I rebooted it was back. There i am on the next step and will be forwarding the appropiate logs as described in your article.DDS (Ver_10-03-17.01) - NTFSx86 NETWORK Run by Charles R Schultz at 10:06:58.76 on Tue 06/15/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2480 [GMT -4:00]AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Documents and Settings\Charles R Schultz\Desktop\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.yahoo.com/uSearchMigratedDefaultURL = hxxp://us.yhs.sea... Read more

A:AV Security Suite

Hello atloss, Welcome to Bleeping Computer. My name is fireman4it and I will be helping you with your Malware problem.Please take note of some guidelines for this fix: Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". Finally, please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.1.Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4 Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how. Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator) A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If not... Read more

Read other 25 answers
RELEVANCY SCORE 47.2

I followed this removal tutorial on your site but when I ran Malwarebytes' in Safe Mode with Networking(like the the tutorial said to) it said there were no infected items. Now I'm on my sister's computer and I've been up all night trying to fix this which has just lead to me being tired and frustrated and I'm just not really sure where to go from here. :/ Please help!DDS LogDDS (Ver_10-03-17.01) - NTFSx86 NETWORKRun by Owner at 5:17:45.88 on Thu 08/12/2010Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3061.2354 [GMT -4:00]SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}============== Running Processes ===============C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k rpcssC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exeC:\Windows\system32\sv... Read more

A:AV Security Suite

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.We need to create an OTL ReportPlease download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.In the custom scan box paste the following:CODEmsconfigsafebootminimalactivexdrivers32netsvcs%SYSTEMDRIVE%\*.exe/md5st... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

I just got this today and I followed the instructions on the site. I got rid of it, restarted my computer and was fine for 1-2 hours and then... it came back. I managed to shut it off and am running malwarebyte's full scan again but, will it come back? Is this stupid virus permanent?

A:AV security suite

Hello, no it's not. Please post the MBam log for review as it may have clues.Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top... Read more

Read other 9 answers
RELEVANCY SCORE 47.2

Asking this for a friend here

He's been getting infected by antivirus soft about every other week. Now it seems to have changed its name to security suite but looks exactly the same. I have told him to install malwarebytes and we've been going with the "run malwarebytes in safemode" option. But, the virus always returns after a week or so. What do we do?

Read other answers
RELEVANCY SCORE 47.2

This program seems like it wants me to buy their anti-virus protection. But I know better Attached and posted are my dds and gmer logs. If you can spot any other garbage in there that I don't need, let's delete it too.

I had to uncheck "Files" in gmer, as it takes too long. After an hour, I return to the computer to see either "gmer has committed an illegal act and will be shut down", or I find the computer rebooted itself.

A big THANKS!! in advance for your help!

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-07 20:20:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\awxoqpob.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF17836B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF1783574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF1783A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF178314C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwO... Read more

A:AV Security Suite

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.1.Please do not run any other tool untill instructed to do so!2.Please reply to this thread, do not start another!3.Please tell me about any problems that have occurred during the fix.4.Please tell me of any other symptoms you may be having as these can help also.5.Please try as much as possible not to run anything while executing a fix.If you follow these instructions, everything should go smoothly.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.:run combofix:Please visit this webpage for download links, and instructions for running the tool: http://www.bleepingcomputer.com/combofix/how-to-use-combofixPlease ensure you read this guide carefully and install the Recovery Console first. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.Once installed, you should see a blue screen pro... Read more

Read other 3 answers
RELEVANCY SCORE 47.2

I just got the same exact thing at 12 last night. I don't know if I got it downloading the Deviant Art extension for Firefox or from watching videos, but it messes with my browser, making it use a proxy, won't let programs start up.. and AVG won't detect it, and it wouldn't let my Task Manager to start up so I could stop its process. I FINALLY got it to stop spamming its messages when i opened up my brand new Tuneup Utilities. Tuneup isn't an anti-virus program, but it DID allow me to stop the program and it's processes because the 'AV Security Suite' didn't recognize Tuneup's task manager. Tuneup put the beast to sleep, but i still have to get rid of it.

On the internet now because Tuneup allowed me to shut it down, but I fount a guide that says to run in 'Safemode with Networking' and download Spyware Doctor.

I've never used Spyware Doctor, so.. can anyone say if that will get rid of it? And is it safe? Someone who knows more about it than me, before I give it a try in safemode.

EDIT: Looks like someone just posted before me, might give that a try first.

A:Security Suite

Hello and welcome...I created your own topic. Best procedure is to start with this. Forget that other tool. You need to do all the steps as some pertain to your issue..Please follow our Removal Guide here Remove Antivirus Suite You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 7 answers
RELEVANCY SCORE 47.2

ComboFix 10-07-01.02 - Janet 07/03/2010 12:53:12.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.108 [GMT -7:00]Running from: c:\documents and settings\Janet\Desktop\ComboFix.exeAV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\Janet\Local Settings\Application Data\jkxtbqnvgc:\documents and settings\Janet\Local Settings\Application Data\jkxtbqnvg\phdsbtxtssd.exe.((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 ))))))))))))))))))))))))))))))).2010-07-02 19:31 . 2010-07-02 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton2010-07-02 19:27 . 2010-07-02 19:31 -------- d-----w- c:\program files\NortonInstaller2010-07-02 19:27 . 2010-07-02 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller2010-07-02 03:32 . 2010-07-02 03:35 664 ----a-w- c:\windows\system32\d3d9caps.dat2010-06-15 10:00 . 2010-06-15 10:00 -------- d-----w- c:\windows\system32\KB9054742010-06-15 02:36 . 2010-06-15 02:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple2010-06-... Read more

A:AV Security Suite

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you let... Read more

Read other 2 answers
RELEVANCY SCORE 47.2

I am getting this as well. I follow the instructions but it comes back every time I restart.

A:AV security suite

Martini, post your logs in a new topic so I can see them. PM me where the topic is.

Read other 3 answers
RELEVANCY SCORE 47.2

so i followed the steps on how to get rid of it on the link below.http://www.bleepingcomputer.com/virus-remo...-security-suiteBut after finishing the whole process and scanning, the malwarebytes only has one infection so i got rid of it and then i restarted my computer like it asked me to . After it was done restarting the AV secuirty suite still popped up with all these messages saying this file is infected and stuff. so i have no idea what to do now. help!?btw i have a dell inspiron 1300 windowns xpim really clueless about computers so help will be very much appreciated.

A:AV security suite help!

Hello, let's try this way..Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".From your regular user account..Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..DO NOT run yet.Open SUPER from icon and install and Update itUnder Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.Now reboot into Safe Mode: How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox or Opera browser click that browser at the top and choose: Select AllClick the Empty Selected bu... Read more

Read other 8 answers