Computer Support Forum

PC Security 2011 - Security Warning

Question: PC Security 2011 - Security Warning

Recently I started getting security warnings from PC Security 2011. I don't know where this came from and I didn't install it on my computer but there it is. The popups are very bothersome as they are "always on top" and makes it difficult to to anything with the computer. I also get a balloon type window with warning that a USB spam-bot detected. This does not seem to be from PC Security 2011.
I have read instructions for posting and have the required files. This is a Toshiba Satellite laptop computer running Windows XP.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:33:43 AM, on 1/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Security 2011\PC2011.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Documents and Settings\Marion\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windstream.net/wind/portal/index.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/root/campaign.asp?cid=18588
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\DLACTRLW.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - Startup: PC2011.lnk = C:\Program Files\PC Security 2011\PC2011.exe
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1270469993890
O17 - HKLM\System\CCS\Services\Tcpip\..\{B2DF2D81-59C8-4CB0-9548-45F72D06B1AF}: NameServer = 93.188.164.47,93.188.160.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA7D45CE-7E7A-429A-B522-4F5E143591F8}: NameServer = 93.188.164.47,93.188.160.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.164.47,93.188.160.227
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files\WildTangent Games\App\GamesAppService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 8797 bytes
DDS (Ver_10-12-12.02) - NTFSx86
Run by Marion at 9:47:59.43 on Sat 01/29/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.974 [GMT -6:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: *Enabled/Updated* {445C2AD3-E094-4496-9AB2-015867D4734C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\dla\DLACTRLW.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\PC Security 2011\PC2011.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Marion\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.windstream.net/wind/portal/index.aspx
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=18588
mSearchAssistant = hxxp://www.google.com/ie
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [Tvs] c:\program files\toshiba\tvs\TvsTray.exe
mRun: [TPSMain] TPSMain.exe
mRun: [PadTouch] c:\program files\toshiba\touch and launch\PadExe.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [dla] c:\windows\system32\dla\DLACTRLW.exe
mRun: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
StartupFolder: c:\docume~1\marion\startm~1\programs\startup\pc2011.lnk - c:\program files\pc security 2011\PC2011.exe
StartupFolder: c:\docume~1\marion\startm~1\programs\startup\pmbmed~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_04\bin\npjpi150_04.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270469993890
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
TCP: NameServer = 93.188.164.47,93.188.160.227
TCP: {B2DF2D81-59C8-4CB0-9548-45F72D06B1AF} = 93.188.164.47,93.188.160.227
TCP: {FA7D45CE-7E7A-429A-B522-4F5E143591F8} = 93.188.164.47,93.188.160.227
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\marion\applic~1\mozilla\firefox\profiles\kgc2vegn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.windstream.net/wind/portal/index.aspx
FF - plugin: c:\program files\java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-3 294608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-3 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-3 40384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\pedrv.sys --> c:\sysprep\PEDrv.sys [?]

=============== Created Last 30 ================

2011-01-27 18:20:16 -------- d-----w- c:\docume~1\marion\applic~1\PC Security 2011
2011-01-27 18:20:15 -------- d-----w- c:\docume~1\marion\applic~1\Uninstall_Security
2011-01-27 18:20:14 -------- d-----w- c:\program files\PC Security 2011
2011-01-27 15:52:58 -------- d-----w- c:\docume~1\marion\locals~1\applic~1\Chronicles of Albian
2011-01-27 15:49:55 -------- d-----w- c:\program files\WildGames
2011-01-27 15:35:45 -------- d-----w- c:\program files\WildTangent Games
2011-01-22 21:12:01 -------- d-sh--w- c:\documents and settings\marion\IECompatCache
2011-01-19 10:31:02 -------- d-----w- c:\windows\pss

==================== Find3M ====================

2011-01-13 08:47:35 38848 ----a-w- c:\windows\avastSS.scr
2010-11-27 23:45:53 1409 ----a-w- c:\windows\QTFont.for
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

============= FINISH: 9:48:40.65 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-29 11:44:31
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2160BT_PL rev.00000050
Running: yji5rb6m.exe; Driver: C:\DOCUME~1\Marion\LOCALS~1\Temp\kgldqpoc.sys
---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8FE0728]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA8FE77EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA8FE76A2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA8FE7CA8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA8FE7BBE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA8FE7276]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8FE07D8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA8FE777E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA8FE71B2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA8FE7218]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8FE0870]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA8FE78C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8FE7D76]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA8FE7880]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA8FE7A04]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8FF482E]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA8FF4652]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8FF478C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + DA 804E4934 4 Bytes JMP E1A8FE77
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A8FF1C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 8056DB66 7 Bytes JMP A8FF4656 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A8FF4832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805AEDE2 7 Bytes JMP A8FF4790 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A8FF01EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9ADBEBF]
? C:\DOCUME~1\Marion\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe[176] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\ctfmon.exe[196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\Explorer.EXE[204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Messenger\msmsgs.exe[232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe[240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[360] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\system32\RAMASST.exe[400] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\RAMASST.exe[400] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\PC Security 2011\PC2011.exe[440] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe[448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\toshiba\ivp\ism\ivpsvmgr.exe[568] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\winlogon.exe[912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\services.exe[956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\lsass.exe[968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\TDispVol.exe[1032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software)
.text C:\WINDOWS\system32\igfxtray.exe[1112] USER32.dll!U

Relevance 100%
Preferred Solution: PC Security 2011 - Security Warning

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: PC Security 2011 - Security Warning

13 more replies
Relevance 92.25%

This is a rogue program that uses a name very similar to Microsoft Security Essentials.

You can read about it here.

Here is a screenshot of its main window.

-----------------------------------------------------------------
 

Answer:Warning! SECURITY ESSENTIALS 2011

7 more replies
Relevance 89.79%

Hiya,

Thanx for taking the time to help...

My friend sent me your link to the helpful info page you have for fixing my problem...

As part of my problem is i can't install downloaded programmes you sugest using a usb stick and downlpoad from a clean pc...

I did that, but it still wont install on the infected pc...

The actual note that pops up is the 'registry can't find the requested environment' - or 'the environment registry is missing' or something like that...

I'm stumped!

Any ideas???

Thanx again x

ps: i don't know how to zip the notepad files, but since they are frm this laptop - the clean one - im not sure you'd want them anyway...

More replies
Relevance 81.59%

My kids were using the computer and called to me saying that there was a program that popped up saying we had a virus. I immediately turned off the computer but when it rebooted the Internet Security program popped up everytime I attempted to launch IE8. After trying to launch IE8 several times I would eventually be able to get to the internet. But if I attempted to do a google search for how to remove the virus the search would either redirect or say the webpage was unavailable.

I rebooted into safe mode and ran spybot - search & destroy. It found several things, two of which were things I've seen before on friends computers - Desktop Security 2010 and also Internet Security 2011. I allowed spybot to remove the entries found and then I rebooted again into safe mode. I ran spybot again and it found a few more non-descript items which it then removed and I rebooted into safe mode again. After the 3rd time spybot did not find anything. So then I ran Malwarebytes and it found a few items, which it removed. I rebooted again into safemode and ran Malwarebytes again and it said the system was clean. I rebooted and allowed Windows XP to launch normally. when windows loaded it appeard that Internet Security 2011 was still present, and when I attempted to launch IE8 the system asked me what program I wanted to use to open the file. What I then discovered is when I attempted to open any of my programs I was always given a pop up box that asked what program to u... Read more

Answer:infected with desktop security 2010 and Internet security 2011 and Google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

24 more replies
Relevance 81.59%

It's F-Secure's time:

F-Secure performance test by TuneUp
Spoiler alert

Performance Results: F-Secure Internet Security 2011

F-Secure Internet Security 2011 proved to be a comparatively lightweight solution that had a minimal impact on performance. While boot speed suffered a bit and hard disk I/O went up noticeably, we barely noticed that the security solution was running. Bravo!Click to expand...
 

Answer:Do Security Solutions Slow Down Your PC? (Part 9 – F-Secure Internet Security 2011)

RE: Do Security Solutios Slow Down Your PC? (Part 9 ? F-Secure Internet Security 2011)

Eh, they all pretty much do. That's why I don't use them.
 

4 more replies
Relevance 81.18%

Fake security scanner. Starts scanning on log in - finds fake malware. Double clicking any other software starts this fake program instead. Windows task manager shows a bip.exe program running. Am using alternate pc and thumbdrive to run gmer and dds programs.

Can't attach the attach.txt file due to size resrictions. Still want it?

thx, jim
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Jim at 15:08:44.65 on Sat 04/09/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.855 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files... Read more

Answer:Bogus Windows XP Security Center and XP Security 2011 Scanner

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachme... Read more

11 more replies
Relevance 80.36%

Just got new Windows 7 64-bit machine and loaded up with Norton Internet Security 2011. Wondering what other security software (antivirus, anti-spyware, etc.) is recommended to supplement this security protection without causing problems or becoming too redundant. Thanks
 

Answer:Security software on top of Norton Internet Security 2011?

I don't normally keep up with the statistics about security suites, so I'm not sure how effective/efficient Norton 2011 is.

But from what I use - Malwarebytes' Anti-Malware is a pretty nice program to have installed and perform regular scans with.
Additionally, there were quite a few recommendations for Spybot S&D in the past, may be something you would want to look in to.

Also, the usual (just for a general reminder) - keep your OS patched and updated, keep your general use software updated, scan the files that you download, be wary of rogue software and try to develop safe browsing habits. Nice antivirus software can offer only so much protection. The rest is pretty much up to you.

There are quite a few more that the other members here may want to point out as well
 

3 more replies
Relevance 79.13%

Pasting in additional information from another post with a duplicate log. ~ OBThe PC is running Windows Vista. It had MS Security Essentials on it. The main acct does not allow the AV SW to run any longer, but the pop up window says Vista Security 2011 on it and is mimicking the Security Essential program, except it is asking for payment to run and disinfect. The Second account on the PC I was able to access Security Essentials, but it was sending pop-up continuously to us Vista Security 2011 to disinfect with 26 viruses.End of added information. ~ OBHave run several antivirus programs to find out how to remove this rogue anti virus program from system, without any progress. Any help with this HJT log file? Logfile of Trend Micro HijackThis v2.0.4Scan saved at 4:05:48 AM, on 4/21/2011Platform: Windows Vista SP2 (WinNT 6.00.1906)MSIE: Internet Explorer v8.00 (8.00.6001.19048)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Users\Mary\AppData\Local\Temp\LMIR0001.tmp\LMI_Rescue.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\ehome\ehtray.exeC:\Windows\System32\wpcumi.exeC:\Windows\sttray.exeC:\Windows\System32\rundll32.exeC:\Program Files\Sprint music manager\M... Read more

Answer:Security Essentials now Vista Security 2011

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

3 more replies
Relevance 78.72%

Which one's best or if there are others that are better than these two?
 

Answer:Kaspersky 2011 Internet Security or Norton 2011 Internet Security?

In my opinion you shouldn't even consider Norton at all.
On the other hand, I've been using Kaspersky for over 3 years now, deployed it in 60+ PCs, NO PROBLEMS at all.

PS: I've heard Norton got a lot better in 2010.
 

5 more replies
Relevance 78.31%

Hi all. Great forum. I've been lurking and reading so far and now I need to ask for some help. It sounds like some people here have figured it out which is great news, so I would really appreciate a hand.

Dummy me, surfing and searching I clicked on a bad bad link. And I allowed some trojan on my computer. Yes, my mom always told me to watch where I was sticking my fingers, but after a few beers I quickly forgot that rule.

Now I'm getting this crappy icon in my system tray and stupid pop-ups all over the place. I've got SpySweeper installed, which said it had gotten rid of the problem, but it still is coming up. Norton also had a problem fixing it. Basically, the problem was that it won't fix it.

So I d/l'd HiJackThis and did the system scan and save log file. Here is what I have:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:45 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\P... Read more

Answer:Solved: Security warning popups and IExplorer security plug-in

13 more replies
Relevance 78.31%

Outlook 2010 Security warning upon opening Outlook:
Initial problem: Work email from home computer stopped sending (had been working fine), though I have no problem receiving email. (Note: Home email account continues to work fine.) Email host Support (Comcast) worked me through finding the right Outgoing port to change to, but ...
Now upon opening Outlook - "Internet Security Warning - Security Certificate cannot be verified" pops up. "Continue?" "Yes" works, but it has become a "nag window" every time I open Outlook.
This may not be a Windows 7 issue, but would appreciate any suggestions. /jd
--
Windows 7 Professional, Ver 6.1 (Build 7601: SP1)
(Office Pro Plus 2010) MS Outlook 2010 Ver 14.-0.6129.5000 (32-bit)

Answer:Outlook 2010 - Internet Security Warning - Security Certificate cannot

HI,

This problem is caused when the POP3 address (email collection) doesn’t match the SSL certificate that is being used. try following steps to resolve the error:

Open Outlook > Click ‘Tools’ from the top menu > Select ‘account settings’ from the ‘tools’ menu > Highlight the email account you are having trouble with and press ‘Change’ > From the ‘Change e-mail account’ page click on ‘More settings’ >From the ‘Internet email settings’ page choose the ‘advanced’ tab >Un-tick the ‘This server requires authentication’ option > click ‘OK’, then ‘next’ then ‘Finish’

3 more replies
Relevance 77.49%

Need help removing the Security Warning / Windows Security Alert / Antivirus software alert.Made it to Step 7 (DDS.scr) downloaded dds.scr but when I start it the command window comes up briefly and then disappears.Trying to generate the DDS.txt and DDS.log but with no success.

Answer:Virus - Security Warning / Windows Security Alert

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Relevance 68.88%

Hello,

This is my son's college computer. He picked up Vista Antivirus 2011. It did not let him on the internet. It wouldn't let him run Symantec Anti-Virus or Malwarebytes. Yesterday, I ran rkill in all it's forms, only rkill.com and rkill.scr would run. In the black box, letters would quickly run across the screen, but the log always said that no processes were stopped.

So I activated the administrator account to see if it would work there. Rkill still acted the same, but I could now get on the internet to download, update, and run Malwarebytes. Three hours later it had picked up 6 items. My son desperately needs this computer right now, so he asked for it back so that as soon as Malwarebytes finished, he could get back to work. He soon called and said that the virus was back, but now it had morphed to Vista Total Security 2011. Now he said that in addition to the fake scans and security alerts, his computer has forgotten where everything is. He had to find the program and open it with itself before it would open. I think he means that when he clicks on an icon an "open with" pops up.

So I have the computer back again. I have run all the scans in the Preparation Guide, with a few problems:

1. When I click in the control panel to enable the firewall, the Windows Security Screen pops up and says that Vista Total Security 2011 reports that it (the firewall) is temporarily turned off. Then it says "show me the firewall programs o... Read more

Answer:Vista Antivirus 2011 back as Vista Total Security 2011

Hello leenyd ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.Backup Your Registry with ERUNTPlease use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.phpFor version with the Installer:
Use the setup program to install ERUNT on your computerFor the zipped version:
Unzip all the files into a folder of your choice.Open Erunt.exe. Follow the prompts leaving the values at default.Note: to restore your registry, go to the folder and start ERDNT.exeWe need to run an OTL FixPlease reopen on your desktop... Read more

38 more replies
Relevance 68.06%
Question: XP Security 2011

My friends got XP Security 2011 popping up like crazy, I can't disable it, and it's not in add/ remove programs. HELP PLEASE!

Answer:XP Security 2011

Hello and welcome.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs w... Read more

5 more replies
Relevance 68.06%
Question: XP Security 2011

I need help removing XP Security 2011 from my father's laptop. It appeared today out of no where and took control of the computer. It will not let me browse any website besides a firefox alert site and will not let me run Malwarebytes. Need help asap!

Answer:XP Security 2011

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

1 more replies
Relevance 68.06%

win 7 security 2011 is installed on my window 7 64 bit Toshiba laptop.
Can't do anything on the laptop. Ran all variation of rKill but it will not kill the malware. rKill kills conhost.exe and crss.exe but that is it.

Need your professional assistance! Thank you.

Answer:win 7 security 2011 GOT ME!

Forgot to mention that I have no way to get the DDS.text on my laptop atm.

3 more replies
Relevance 68.06%

Need help with this bleeping virus! I have never had a tougher time with any virus. In safe mode, when I run rkill (had to use the .scr version) the entire desktop is killed along with XP Internet Security 2011. I can open task manager, but everything I do, whether its running malware bytes from a usb drive, or try to open regedit or msconfig, windows security center first opens, then the malware opens back up. It looks like the virus is attached to any program I try to run. When I try to resore the desktop from task manager, same thing happens. First Windows security center opens then the virus. I can't get anything to run that will clean this thing. Rkill kills it, but also kills the descktop and anything I try to run opens it back up. Anything out there like a boot disk that will let me scan before windows starts? I really don't want to wipe it clean. HELP!!!!!Also I am running XP with service pack 3.

Answer:Can't get rid of XP Security 2011

Going to try Avira Boot CD. I'll report results.

8 more replies
Relevance 68.06%
Question: xp security 2011

I have started getting various pop-ups declaring System Hi-jack! Security threat! etc etc etc... Ran super-anti-spyware and it showed three registry errors. something about System.BrokenFileAssociation\registry keys\HKCR\exe

Malwarebytes has apparently been disabled. I can't get it to run.

Here are my DDS logs:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Shannon's Work at 20:29:22.53 on Sat 03/26/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.886 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:&#... Read more

Answer:xp security 2011

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

2 more replies
Relevance 68.06%

Laptop running Window 7 64 bit got hit. I don't how or why, younger sibling was using the laptop at the time. Tried running all variation of rKill but no luck. rKill kills everything else but the malware.

Here is my DDS log.
.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Run by Admin at 21:07:48 on 2011-05-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2655 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C: ... Read more

Answer:Win 7 Security 2011.

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

3 more replies
Relevance 68.06%
Question: XP Security 2011

Following the post of "The Canadian" and "TimW" I have these logs to post. Can someone check these out and tell me what to do from here?
 

Answer:XP Security 2011

If Spyware Doctor is not a paid for version, uninstall it.

I need the logs from running both SAS and MBAM.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
If it is not on your Desktop, the below will not work.
* Also make sure you have shut down all protection software (antivirus, antispyware...etc) or they may get in the way of allowing ComboFix to run properly.
* If ComboFix tells you it needs to update to a new version, make sure you allow it to update.
* Open Notepad and copy/paste the text in the below code box into it (make sure you scroll all the way down in the code box to get all lines selected ):

Code:

KILLALL::

File::
C:\Documents and Settings\Owner\Local Settings\Application Data\r266m2mapnqt5j2xjk82j0q7c07n3xs82x
C:\Documents and Settings\All Users\Application Data\r266m2mapnqt5j2xjk82j0q7c07n3xs82x
C:\Documents and Settings\Owner\Templates\r266m2mapnqt5j2xjk82j0q7c07n3xs82x

* Save the above as CFscript.txt and make sure you save it to the same location (should be on your Desktop) as ComboFix.exe
* At this point, you MUST EXIT ALL BROWSERS NOW before continuing!
* You should have both the ComboFix.exe and CFScript.txt icons on your Desktop.
If it asks you to overide the previous file with the same name, click YES.
* Now use your mouse to drag CFscript.txt on top of ComboFix.exe

* Follow the prompts.
* When it finishes, a log ... Read more

1 more replies
Relevance 68.06%

My roommate got a particularly nasty strain of this virus. I've usually been able to handle this one, but I'm stumped now, since there doesn't seem to be any program running that could cause the symptoms. Each time I close fgl.exe, it will reopen when I attempt to start another program. This behavior even follows into Safe Mode.Please help!Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:46:22 PM, on 5/7/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16766)Boot mode: Safe mode with network supportRunning processes:C:\Windows\SysWOW64\ctfmon.exeC:\Windows\regedit.exeH:\HijackThis.exeC:\Users\Casey Jones\AppData\Local\fql.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z003&form=ZGAPHPR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft�... Read more

Answer:Win 7 Security 2011

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 68.06%

My AWG scanned my PC but evidently did not find it or eliminate it, and it does not allow me to enter the internet. How can I eliminate it?? (BTW, it is a brillient malware idea asking you to pay abt 50 bucks to have your own pc infected!) Can anybody advice me?
Toroone

Answer:Win 7 Security 2011

Please see this link: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

1 more replies
Relevance 68.06%
Question: XP Security 2011

I'm getting pop-ups claiming to be XP Security 2011. MBAM isn't finding or deleting it, and I'm hoping to be able to remove it. I have a new computer, so I can system restore on the infected one if that will help, but I'm also looking to save some documents and pictures to transfer later without infecting the new one. Thank you!

Answer:XP Security 2011

Hello kesi,please do these and post bak the logs.Reboot into Safe Mode with Networking How to enter safe mode(XP)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill ... Read more

5 more replies
Relevance 68.06%
Question: XP Security 2011

Last night XP Security 2011 infected my computer and would not allow me to access BleepingComputers.com or access or run MalwareBytes Anti-Malware on my computer. I tried the instructions for XP Security Tool 2010 which did not work. I also tried the instructions from this page I found on MalwareBytes Forum

http://forums.malwarebytes.org/index.php?showtopic=77282

These instructions did not work.

Any help would be good. I am using another computer because I cannot conatct MalwareBytes.com or BleepingComputer.com or run MalwareBytes or ComboFix.

Sincerely,
yarlac

P.S. formerly dealt with myrti but could not acess my bleepingcomputer.com information to send my request to her.

Answer:XP Security 2011

Let me see something here I or myrti will be back.

2 more replies
Relevance 68.06%
Question: PC Security 2011

Hi,

My girlfiends laptop is infected with something calling itself "PC Security 2011" stating there are various malware issues that need to be fixed. It comes up at start up like an anti virus software window and says it is scanning. We have just been stopping the scan by clicking stop scan. It first came up 2 or 3 days ago and before I started the read and run procedure I couldn't get in to task manager or access this site.

Please find attached logs. I can't get Malwarebytes to open so no log for it attached. Combofix warned of "antivirus" running but had everything disabled. I assume this is due to what has got on the laptop?

I ran MGTools before Rootrepeal by mistake. Let me know if I should run MGTools again.

The warnings are still appearing. The warning have actually changed while doing the procedure (identity theft and spyware warnings). I can now get on the site so posting this from the laptop.

Hope you can help.

Thanks,

Bruce.
 

Answer:PC Security 2011

Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:




O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)Click to expand...

After clicking Fix, exit HJT.

Now copy just the bold text below to notepad (Do not include any space above the word REGEDIT). Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.




REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\NoExplorer]

Click to expand...

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

* Make sure that combofix.exe that you downloaded while doing the READ & RUN ME is on your Desktop but Do not run it!
... Read more

3 more replies
Relevance 67.24%

Looking for how to remove security solutions 2011

Answer:security solutions 2011

Hello and Welcome to TSF.
I'm nasdaq

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review. It's the only way I can suggest sound advice.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Relevance 67.24%

My system has been hijacked by this virus. Please help. The process is sdb.exe.

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by JasonLee at 2:02:40.45 on Thu 03/31/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3992.2135 [GMT -4:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\brsvc01a.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\SysWOW64\brss01a.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Su... Read more

Answer:Win 7 Internet Security 2011

Windows7 System Restore is very robust. I wonder if you've tried that yet? If not, try going back to a point a day or so before the event, and see how things are. I would use Method 2, Through System Recovery Options at Boot, for running System Restore.

System Restore - Windows 7 Forums

If you're able to perform a System Restore, post new logs as outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

If you are unable, let me know.

2 more replies
Relevance 67.24%

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by !adam.l.howard at 8:45:07.38 on Mon 04/18/2011
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.796 [GMT -4:00]
.
FW: McAfee Host Intrusion Prevention Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\btservice.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SafeBoot\SbClientManager.exe
C:\Program Files\Hewlett-Packard\CM\AUM Agent\bin\AUMService.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\System32\DWRCS.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files\McAfee\Audit Manager\AuditManagerService.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common F... Read more

Answer:Internet Security 2011

GMER logDDS Tool Attach

4 more replies
Relevance 67.24%

Posted 24 April 2011 - 10:36 PM

I got the xp security 2011 virus. I thought that i removed it with malwarebytes.
i then installed norton 360 v5. some of the functions didn't work properly. I ran malwarebytes again and still found more infections. i don't get the xp security 2011 pop ups anymore but i guess it left some other presents behind.

Please help.
thanks. crhino

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DAD at 20:43:31.14 on Sun 04/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.314 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\sy... Read more

Answer:xp security 2011 - thought i got it all

Topic closed as it is a duplicate of this topic: http://www.bleepingcomputer.com/forums/topic393460.html

1 more replies
Relevance 67.24%

Quote:
We've reviewed nearly a dozen of next year's security suites; our roundup can help you decide which will keep you safe from viruses, hackers, spam, threats to your privacy, and much more.


Article

Answer:The Best Security Suites for 2011

I am surprised that ESET Nod 32 is not listed. Perhaps it isn't available in the US.

9 more replies
Relevance 67.24%

This Virus appeared on my laptop last night....At 1st i wasnt able to do anything as it stopped me doing anything to tackle it.
Eventually i got RKILL through using a memory pen and was able to run Malwarebytes...which hit 5 infections and deleted. Since then i have run eset online and F scanner online..which show no infections but im still getting symptoms..ive got a white active desktop recovery screen and my antivirus (panda endpoint) has disappeared. I desperately need my laptop back so any help will be much appreciated.

Answer:Please Help - XP security 2011 virus

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

2 more replies
Relevance 67.24%

I got the xp security 2011 virus. I thought that i removed it with malwarebytes.
i then installed norton 360 v5. some of the functions didn't work properly. I ran malwarebytes again and still found more infections. i don't get the xp security 2011 pop ups anymore but i guess it left some other presents behind.

Please help.
thanks. crhino

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DAD at 20:43:31.14 on Sun 04/24/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.314 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Norton 360 *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\... Read more

Answer:xp security 2011 - thought i got it all

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

12 more replies
Relevance 67.24%

For some reason I cannot install this. I could on W7 but not on W8/WDP?

Anyone?

Answer:AVG Internet Security 2011 64 Bit

Have you checked on the AVG Forums to see if there is any such discussion going on?
Or if you have the paid version check with Support.....

18 more replies
Relevance 67.24%

Help I need help in removing this malware, xp security 2011 infection. I found the instructions on a computer that wasn't infected and downloaded FixNCR.reg to the computer that was infected. With that I'm able to run a Chrome Browser without getting the constant popops. But I cannot find the same instructions on this website to continue with the removal process.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:xp security 2011 infection

Take a look here: Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011 (Uninstall Guide) As well as goes by 30+ other names.

21 more replies
Relevance 67.24%

Hey guys,

Got a friend's computer that's infected with XP Internet Security 2011. At first, I just tried to run Malwarebytes but it kept blocking it. It also wanted to block attempts to go online. Did this even in safe mode. Finally, I was able to get it online by ending the Internet Security in task manager, but this only did so temporarily. I renamed Malwarebytes and gave it a .bat extension. That let me open it up and currently I've got it scanning. Already downloaded combofix too, but haven't run it. Need to know next steps. I told my friend it was probably going to be a few days before things were sorted out. Thanks for the help!

Answer:XP Internet Security 2011

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

P.S.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

5 more replies
Relevance 67.24%

Hi hopefully I'm posting in the right forum, can't really see as I'm trying to do this using my phones Internet!? :s
Don't know much about computers at all so I apologise in advance!
My problem is all of a sudden today when loading Google my computer went a little crazy, then up popped 'XP Security 2011' telling me my computer was infected & I needed to protect it using this, I immediately thought this was a virus so closed it down but now it keeps popping up, it has switched my 'Firewall' off & won't let me turn it back on!

When trying to load the Internet it blocks it everytime & this message appears;

Internet Explorer alert. Visiting this site may pose a Security threat to your system!

Possible reasons include:
* Dangerous code found in this sites page which installs unwanted software into your system.
* Suspicious & potentially unsafe network activity detected.
* Spyware infection in your system.
* Complaints from other users about this site.
* Port & system scans performed by the site being visited.

Things you can do:
* Get a copy of 'XP Security 2011' to safeguard your PC while surfing the web (RECOMMENDED)
* Run spyware, virus & malware scan
* Continue surfing without any security measures (DANGEROUS)
........iv tried to continue without security measures but it jus flashes & flicks straight back to the above page!
I do have 'Spybot search & destroy' & &... Read more

Answer:Am I infected by 'XP Security 2011'??

Hello, sorry for the slow response,we are being inundated too.Please click Start > Run, type inetcpl.cpl in the runbox and press enter.Click the Connections tab and click the LAN settings option.Verify if "Use a proxy..." is checked, if so, UNcheck it and click OK/OK to exit.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and th... Read more

17 more replies
Relevance 67.24%

Apologies for XP in topic - I couldn't figure out how to change that.My computer contracted the PC Security 2011 virus on Sunday. I managed to run Spybot which got rid of some items but didn't fix. I did run Malwarebytes - 3 times - and seem to have gotten rid of the annoying security pop-ups. I'm still having these issues and am posting because the main issue is I CANNOT run in safe mode of any kind without getting the blue screen. I have had keyboard and mouse malfunctions, all of my program files are gone, my desktop is void of shortcuts except for internet & outlook (and now Malwarebytes), I have an internet redirect issue some of the time (it was ALL of the time until the 3rd Malware run), Spybot is popping up registry change messages regarding Virtumonde and something geeks, balloons are popping up about delayed write failed windows messages, system restore points have vanished, AND (shoot me now) the microsoft auto updates states they're not "on" and when I check the control panel they are set for automatic. (I think that about covers it)I have no idea what to do next. I really don't want to throw the computer out the window. Any help would be greatly appreciated. This is the first virus attack I can't seem to get myself out of!Please keep in mind I can follow instructions, but if someone rattles off a bunch of technical stuff - I'm apt to be lost! Thank you.P.S. After reading numerous posts about everything, I noted ... Read more

Answer:XP Security 2011 after effects?

I'm going to throw it out the window.

23 more replies
Relevance 67.24%

Good Morning,

I follow as many of the instructions on the guide to removing XP Home Security 2011 as I could. I am able to boot up in safe mode with networking and I can download files, but when I go to run them, I get stuck on any .exe file with a window that says "Select a prgram to run this file with"

I have Malware bytes, but cannot run it and my Avast anti virus doesnt see the files from this bug.

I couldnt run the GMER tool, but i attached my DDS files

Any advice would be appreciated.

DDS Log:
.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Nathan at 8:54:08.67 on Sat 04/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1507 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Natha... Read more

Answer:XP Home Security 2011

I seem to have fixed it with a .exe fixer file: xp_exe_fix.reg

After that I was able to run malwarebytes and got rid of the bad registry entries.

I'm good for now.

2 more replies
Relevance 67.24%

QUICK NOTE: after typing all this up and getting the dds and gmer files I found that I couldn't attach the files in this post. The "Browse" feature won't pull up any of my files. Is there a way around this? Or can I email the files to whoever can help me? The dds file is in the message... thanks for your help...
Hi...
The problem seems to have started a couple weeks ago when AVG started detecting my wow.exe files as malware. I ran Malwarebytes and removed a couple of trojans, then my windows security was taken over by "XP Security 2011". At first it was just redirects from search sites but then I was no longer able to open any kind of anti-virus programs. My computer was still functional at that point, however, things changed this morning. When I start up XP in normal mode I just get my desktop background image... I can open task manager, but windows itself will not load for at least 20 minutes after that, and when it does it looks more like safe mode than xp. I am now operating only in Safe Mode with Networking, because it seems to work properly. I also tried to load an bitdefender from a usb drive in safe mode, but the virus has taken full administrative access away from me. PLEASE HELP!!! :D *~Cinnamon1313~*

.
DDS (Ver_11-03-05.01) - NTFSx86 NETWORK
Run by Keila & Clint at 20:42:51.78 on Wed 03/30/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.... Read more

Answer:Infected with XP Security 2011

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
Do not d... Read more

6 more replies
Relevance 67.24%

The guide on this site and on other sites did not quite work for me. Principally because they overlooked a few key details and/or the virus has changed since they posted their information.

I don't do torrents, I think it was a website that I visited and somehow it tranferred a file to my application data directory. Everyone should update their windows xp box, I suspect that this virus is taking advantage of unpatched systems.

Read my whole note before taking any actions. You might decide to do things a little differently with full knowledge.

Here's what 'fixed' me:
Download 2 tools on another system, if you do a google search you should find both of them:

rkill.exe
Malwarebytes’ Anti-Malware

Booted up the system from another CD and transferred the 2 files onto the server. (Don't think this step is necessary if you can access a USB stick in safe mode)

Boot up the infected system into safe mode with a command line. Do not use normal safe mode.
Do not use the start menu and try to navigate to anything. There are several registry entries that have been modified that will launch the virus even in safe mode if you try to access the start menu.
From the command line run rkill.exe
From the command line run Malwarebytes' Anti-Malware

Fully write down any registry entries that Malwarebytes finds infected. You'll want to go back in later and recreate these registry entries with appropriate data values. I did not do this and my system has some is... Read more

More replies
Relevance 67.24%

I have been infected by Vista security 2011 and have unsuccessfully been trying to follow removal instructions from your malware removal guides as even in safe mode am unable to run programs required.

Symptoms:
- frequent fake virus detected messages, the scan window as shown in your removal guide.

What I have tried (in safe mode):
- ending process pcv whenever appears
- running glary utilities - won't let me run it (thought might be able to turn off 1 or more programs from startup options)
- getting into regedit - won't let me run it
- running dds - do have logs of problem
- running rkill - won't let me run any version of it (including when I manually rename them)
- manually deleted file: c:\windows\system32\null0.286252060812866.exe (was confident this file was somehow involved in this infection but no effect when deleted)
- manually deleted file: c:\windows\system32\config\systemprofile\appdata\local\gdipfontcachev1

Other things noticed:
- dds indicates following file association (which I know should be removed but haven't as didn't know if I could just remove the file association using vista command line approach without impacting how executables would run in general)
c:\windows\system32\config\systemprofile\appdata\local\pcv.exe -a "%1" %*
Note: I looked at this location to try and delete the program being referenced but couldn't find it - directo... Read more

Answer:vista security 2011

See if you're able to run this tool:Please download exe_fix and save it to your Desktop.Double click on exe_fix.com to run it.Type the number 1 at the prompt and allow the tool to run.Now try and run RKill and see if it lets you run it.

38 more replies
Relevance 67.24%

I used these steps: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

After clicking "Yes" to allow FixExe.Reg to fix the registry, I still cannot install/open mbam-setup.exe. What should I do?
update: fixed, I just had to change the exe extension to bat.

Answer:Trouble getting rid of XP Security 2011

Do you still require assistance with this issue or has it be solved?

2 more replies
Relevance 67.24%

So yesterday my laptop got infected with Win 7 Total Security 2011.

I followed the guide at http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011
except it did not help. Each step had its own problem and currently my PC seems to still be infected.

Here is what happened after i did each step:

1. I downloaded the FixNCR.reg file on an uninfected computer and transferred it to my infected laptop.
2. I ran FixNCR.reg in SAFE MODE and I was then able to use .exe files again, HOWEVER I still could not
access the internet in normal or safe mode.
3. Since I couldn't access the internet, I did the same thing as before. I downloaded and transferred the
eXplorer.exe file to my infected computer and ran it.
4. The only process that it reported stopping was my actual explorer.exe
5. After that I ran Malwarebytes' Anti-Malware. It said my Malwarebytes' Anti-Malware was 9 days out of date but i figure that shouldn't be that big of a deal.
6. After a full scan, it came up with 3 infected files. I removed all 3 files and restarted my computer.
Now when run my computer, Win 7 Total Security 2011 doesn't run anymore. However, i am still encountering my previous problems and MORE.

Current Problems:

1. Still can't access internet on Internet Explorer or Mozilla Firefox.
2. SOMETHING changed my Windows 7 appearance into Windows Classic.
3. My NORMAL start-up is acting as if its in safe mode. IE: I can't access the internet, I can'... Read more

Answer:Win 7 Total Security 2011

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies
Relevance 67.24%

For anyone thinking about purchasing AVG 2011 Security or about to Renew - Amazon "Deals of the Week" have this currently on offer for 19.97 - It is a 4 User, 2yr Subs. - click here

Answer:AVG 2011 Internet Security

Nice find northumbria61 ideal for those that use AVG Internet security.

4 more replies
Relevance 67.24%

Hello - I am a brand new user and stumbled on this site while trying to find info on removing the XP 2011 security virus.

First off, I am not an IT person nor do I have a computer background or training - everything I know (which is pretty basic) I learned from the IT guys at our office, and I really know only enough to be dangerous On Saturday night I was on my home computer on Facebook, when I suddenly got an error message telling me I was infected with a dangerous virus and I needed to download a program to fix it. I was very leery of this, especially as they wanted me to purchase something, so I tried just closing out the window. For the next 30 minutes I struggled to get out of there, but was redirected everytime to their stupid ad. I abandoned the computer and went to my husband's laptop, and started searching - immediately I found this site with instructions on how to remove the virus. I downloaded the links to solve this to a disk and tried to run it on my infected PC, but it did not help at all. Finally, in desperation I ran a System Restore to about 2 weeks back, and the problem does seem to be temporarily gone.

I worry though, after reading these posts, that it is still lurking somewhere in the innards I don't understand, and plotting more evil. I ran Malwarebytes, and it only found 3 infections, which I removed. Is there any way to tell - other than a fresh attack - if I have removed this thing? Thanks for any assistance - great site!

I shou... Read more

More replies
Relevance 67.24%
Question: win7 security 2011

please can someone tell me how to get rid of this on another laptop - not this one! I cannot access the internet as the system security alert keeps popping up....I've tried everything i know!
win7 security 2011.
thankyou

More replies
Relevance 67.24%

I tuned on my computer and the security screen opens and tells me I have trojand and malware hacking my computer. Then it says in order to stop this I need to get the full 2011 vesion of XP Home Security for $59. I ran my Avira for a complete scan and nothing came up. How do I get rid of this? Thanks for your help

Answer:XP 2011 Home Security

Malwarebytes is a hopeful. Download the Free Version, update and then run a full scan. http://www.malwarebytes.org/mbam.php

2 more replies
Relevance 67.24%

I have followed the directions found here several times and the problem returns.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

My operating system is Windows 7 Professional 32 bit.

The anti virus I am using is Microsoft Security Essentials.

I am not sure if this is related or not but I also getting redirects on google searches.

Like I said I have been following the directions at the link above but the problem keeps returning.

It is not affecting me now but I expect it to be revisiting me again soon based on past experience.
Each time after I try and remove it my anti virus is damaged and I have to uninstall then reinstall it.

Since it keeps coming back after I have Malwarebytes remove it I assume it is not being completely removed?

Are there any other directions?

Answer:Win 7 Internet Security 2011

Hello,let's try this as there may be a different infection in here also.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).Copy and paste the contents of that file in your next reply.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com f... Read more

1 more replies
Relevance 67.24%

Hi there!
My daughter is having trouble with her laptop and handed it over to me to fix about 2 weeks ago.
It is an Acer laptop with Windows 7 home premium.
I installed and updated MBAM, did a full scan and removed the problems. I also uninstalled some shady looking games and a coupon installer. Everything seemed fine and MBAM showed a clean scan after everything was removed. Then last week, the virus popped up again so I decided to run MBAM & it would not run. I then tried spybot search & destroy with the same result. So I restarted in safe mode and tried to run MBAM and spy bot (not at the same time) and they still wouldn't run. I cannot run any exe's and when trying to go online because the virus prevents internet access through firefox(It pops up a fake website telling me to purchase the program). Her right button on her touchpad is also not working. I don't know if it has to do with the virus or not. As a result, I cannot run anything as an Administrator. >_<
Finally, due to these issues, I am not able to run defogger or dds like the instructions to post require.

Thanks for all your help!

Answer:Win 7 Security Virus 2011

Can you please post the MBAM Logs?

3 more replies
Relevance 67.24%

I'm trying to help my brother with his computer that has been infected with the Internet Security 2011 virus/malware. When he originally saw the pop-up to clean the computer, he clicked "Fix" and then entered his credit card number. Since that didn't help he called me and I immediately told him to cancel his credit card and look for any suspicious activity. I have seen this before and helped other friends, but nobody in the past has ever clicked on the "Fix" button that I know of. I attempted to run Malwarebyte's, but it failed. I also installed Spyware Doctor but it won't run. The PC has McAfee Security Center, but everything looks to be disabled and the instructions on your site didn't help in disabling anything. When I previously tried to enable the Real-time protection is works, but it disables after about 10 seconds.

I successfully ran DDS.SCR and have included and attached the requested logs. However, when I try to run GMER.EXE it fails after hitting the Scan button. I also tried unchecking everything except Sections and the C:\ drive, but it also fails. After I run GMER and it fails I try to run it again, but it says "Windows cannot access the specified device, path, or file..." So I remove the EXE from the desktop and unzip it again from the original zip file and then it will start, but I go through all the same steps again and it fails.

I also noticed after running DDS.SCR, the two log files were created but the font was... Read more

Answer:Internet Security 2011

Hi,

Please save this file to your desktop. Double-click on it to run a scan. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.

2 more replies
Relevance 67.24%

My Dell PC running XP has been hit with XP Total Security 2011 infection. I have run Eset and it finds a root kit infection, removes it but the problem reappears within hours. I have run Malwarebytes and the same thing, it reappears within hours. Can someone offer some help in finally getting rid of this thing?

Answer:xp total security 2011

Hi!Please take a look at this removal guide and see if you're able to clean-up the infection: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011If you're still getting infected by a rootkit, than you should post in our Malware forum.Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Kindest Regards,SweetTech.

4 more replies
Relevance 67.24%

Got a virus on my machine tonight. Started with some redirects and then XP Security 2011 showed up. I ran and Avira scan and it found: JAVA/Agent 2212 - I deleted the file

I then ran Malwarebytes and it found several registry files that were bad...I deleted them. System was required to reboot and the XP Security 2011 showed up again. Went to IE and tried to get to this website and it won't let me navigate to any pages other than XP Security 2011. I am sending this from my work computer...please help.

Tom
 

Answer:XP Security 2011 Trojan

16 more replies
Relevance 67.24%

Hello,

I had the XP 2011 Security virus and I believe I have gotten rid of most of it. The problem I still have is I can no longer turn on the Windows automatic updates.

Thanks

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Hiro at 23:54:14.59 on 05/02/11
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1277 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\PROGRA~1\mcafee\SITEAD~1�... Read more

Answer:XP 2011 Security Virus

Hello and welcome to Bleeping Computer.My name is km2357 and I will be helping you to remove any infection(s) that you may have.I will be giving you a series of instructions that need to be followed in the order in which I give them to you.If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.Please do not start another thread or topic, I will assist you at this thread until we solve your problems.Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:Step # 1 Download and run DDSDownload DDS and save it to your desktop from here or here or hereDisable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Step # 2: Download and Run GmerPlease download gmer.zip from Gmer and save it to your desktop.***Please close any open programs ***Double-click gmer.exe. The program will begin to run.**Caution**These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security AnalystIf possible rootkit activity is found, you will be asked if you would like to perform a full scan. Cli... Read more

11 more replies
Relevance 67.24%

a "friend" using my compaq presario laptop decided to click yes to an email popup from an unknown sender (aarrgg....some friend!!). Anyways it installed XP home security 2011 and is now causing tons of malware issues that end with a request to subscribe for removal. I attempted every removal procedure I could find but in most cases I could not even find the startup programs, folders or registry keys to remove. After some time, the name of the program that is scanning and asking me to subscribe to remove the infections has changed to MS Removal tool from what was opriginally XP home security 2011. Now when I get the MS removal tool window I also get a BSOD and a shutdown.

As per your forum sticky I tried to get logs for HiJackThis, DDS and GMER. I was unable to get the DDS or the GMER logs as they would not even run.

Also I cannot get to the internet to run an online scan and my onboard MalwareBytes will not run. Also AVG no longer even loads.

HiJack This Log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:36 PM, on 3/28/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe... Read more

More replies
Relevance 67.24%

I was infected by this virus last night and am currently unable to run any .exe files. I created a different admi account, logged into it and downloaded Malwarebytes, Super Anti-Spyware and Ccleaner. These programs are executable from the new Admin account, but when i log onto my original Admi account I am unable to run them and am prompted to pick a program from a list. I turned off my computer and went into Safe Mode with Networking and was also unable to run any programs. Still, these programs all work from the new Admin account as well as the Internet which is unoperable from my original account and Safe mode. Do I run the programs from the new account and hope that the virus is killed or is this useless?

Update: I was able to run rkill on the original Admin and am running a scan with Malwarebytes, so far it looks promising.
 

More replies
Relevance 67.24%

Its my own Da*n fault. Im sorry. Ill never do it again. Please help me get rid of this crap.

I removed xp security center2011 per this http://www.spywarevoid.com/remove-xp-security-2011-xpsecurity-2011-removal-guide.html. Except for the spyware doctor program which wanted me to pay them. I used drweb-cureit. After running that I found no files or reg entries listed on that page. I still couldnt run .exes without the "open with" box coming up I fixed that by setting the reg exefile shell default to what it was supposed to be...cant find the page I used but it worked.

I just want to make sure Im clean now. Thank you in advance.

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz, x86 Family 6 Model 15 Stepping 6
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 7300 GT , 256 Mb
Hard Drives: C: Total - 71524 MB, Free - 26661 MB; D: Total - 4774 MB, Free - 831 MB; E: Total - 38154 MB, Free - 4968 MB;
Motherboard: ELITEGROUP COMPUTER SYSTEM CO.,LTD., P965T-A, ,
Antivirus: Lavasoft Ad-Watch Live! Anti-Virus, Updated: Yes, On-Demand Scanner: Enabled

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:14:14 PM, on 4/4/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe... Read more

Answer:xp security center 2011 and God knows what else

...with a lot of clueless people that need help far worse than I do. Im good. Maybe Ill see what it takes to volunteer here.
 

1 more replies
Relevance 67.24%

First of all I am using my samsung galaxy s for this post seen as this "virus" isnt allowing me to use the internet on my laptop.. when I click on the internet button the browser pops uo with a messege saying something like.... Malicious virus.... Then gives me the option of buying their anti-virus program.. Or to stay unprotected (harmful)... Please can someone help me... Its a newish 500 pound laptop.. I dont know much.. Also I cant install anything because this stupid virus isnt letting me browse the internet.... .. Any help would be greatly appreciated.. Thank you.
 

More replies
Relevance 67.24%

I was infected with a fake virus scan called Win 7 Security 2011 twice in the past two months. The first time around I "removed" it with the free version of Hitman Pro. Unfortunately, it didn't remove all of it and so it returned. The Hitman trial ran out, and I don't think its worth it to buy the full version. So I can't use that. The virus blocked my other scanners, including Malwarebytes Anti-Malware, as well as my internet browsers. I was able to run Malwarebytes as an administrator and "remove" it again today. It found seven infected objects, but I unfortunately forgot to save the logs. The obvious part of the virus seems to be gone now. But I am worried it will return for round three. I worry I didn't get rid of it entirely, as I heard it can be tricky to remove.

I would have just used the help offered to others on this forum in the past, but I worried I'd be doing something wrong since the virus seems to effect different computers in unique ways. Here are my logs. I would have run the Gmer thing, but I don't know how many bits my computer is. I know, that sounds dumb, I apologize. I have Windows 7 and run an HP Slimline Pavilion, if those details will help the experts fix this.

Thanks in advance.

Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:49:45 PM, on 5/26/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C... Read more

Answer:Help Removing Win 7 Security 2011

12 more replies
Relevance 67.24%

About a week ago, I suddenly started getting these popups from this supposed program...mistakenly assuming it was something
that had been installed by the friend who gave me the laptop, I sent a message to "support" on the website connected to what
ever this thing is. This is the response I received:

> Hello Dear friend!
> I am really sorry that your computer has been infected. So, these
pop-ups and are not the part of our product,
> they are a some kind of a virus from the internet and don't belong to
our program. It was done by our advertising
> partner and he's already banned.
> This program will be self-removed in 6 days. There would be no
problems after it is deleted.
> Also you can just set date and time setting in your windows control
panel 6 days later according to current date. Then restart ur system.
>
> let me know please if you have any other problems.
> Thanks and have a great day!

Of course by that time I had already done a little more research and concluded I was not really dealing with
program but some kind of malware. So I started trying to deal with it...first I tried to "remove" it through
the control panel, and indeed it did disappear from the program list, but it was, of course, still acting
on the computer. So then I found your site and tried to follow the advice, but I wasn't able to access the
internet at all, being blocked by whatever this thing is. So I backed up everything and th... Read more

Answer:XP Security 2011 infestation?? Or what??

Now the computer is completely not working. Random programs open without any help from me (Word, old turbotax, , etc.), browser freezes completely (no way to close windows, mouse clicks have no effect, etc). Everything is a complete mess. Doesn't seem as though my post is of any interest to anyone, but I thought I'd have one more try to get a little help here.
 

1 more replies
Relevance 67.24%

HI SAME POST but here are logs not sure if im 32 or 64 bit

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6564
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
12/05/2011 10:10:11 PM
mbam-log-2011-05-12 (22-10-11).txt
Scan type: Quick scan
Objects scanned: 154283
Time elapsed: 2 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
and
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jonathan Eldon at 22:22:50.04 on 12/05/2011
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3895.2342 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\sys... Read more

Answer:Win 7 security 2011 virus

16 more replies
Relevance 67.24%

Hi,

I was wondering if somebody could assist with the current issue I'm experiencing with the win 7 security virus. I have followed the steps mentioned in this expired thread http://forums.techguy.org/virus-other-malware-removal/985447-win-7-security-2011-fake.html between kevinf80 and soupninja and experienced the same trouble with starting the Malwarebytes tool.

Below is the OTL log followed by the Extras log that I have ran. Would really appreciate it if someone could provide a fix to run and rid my comp of this galling virus! Thanks to anyone who could assist

OTL logfile created on: 21/05/2011 16:31:33 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Me\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

894.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 23.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 98.61 Gb Free Space | 66.20% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Me | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On |... Read more

More replies
Relevance 67.24%

I'm afraid i need advice before i submit the diagnostic logs for this.

My home PC just got infected by the XP Total Security 2011 virus. *Since this virus now blocks any attempt to use IE8 or Firefox, with its own spurious security warnings, and as I was concerned about what info it may upload, I disconnected the PC network cable and I am posting this from my iPad.

The infected PC is running Windows XP sp3 and with mcafee VirusScan providing routine protection.

How should I proceed with HJT, etc as instructed in the READ THIS FIRST post? *Can I download on another PC and copy the download files to the infected PC via a USB stick? Or can I stop the related process (kae.exe) on the infected PC and connect to TSG before it restarts?

Thank you very much.

*
 

Answer:XP Total Security 2011

As I hadn't heard anything for a couple of days ( I couldn't post diagnostic data, as this virus blocks browsers), I had to search elsewhere. As a result, I can highly recommend this site
http://www.2-spyware.com/remove-xp-total-security-2011.html

Here you will find full and clear instructions for manually removing this mischievous, rather than malicious, virus.

Thanks anyway, you've been a great help in the past.
 

1 more replies
Relevance 67.24%

I was able to delete the above virus with malwarebytes on my wife's business PC fairly easily but my daughter's PC is another story. It is in her home and I am not on it now and may not be able to get to it until later in the week. Malwarebytes wouldn't install or run even when I renamed it. I then restored to a previous restore point and now exe files will not run (the "open with" box comes up) and installed programs cannot be found. I cannot boot into safe mode or even get into setup. The problem PC is a Dell 2.66, 2G ram running XP Home and it had CA Internet Suite running (gone now). I went on a site which detailed how to manually delete about 25 registry entries with regedit but I doubt that regedit will even run. System Restore wouldn't run either in case I wanted to undelete the most recent restore.
 

More replies
Relevance 67.24%

I was infected by Internet Security(Win? There a difference? I ended its process pretty fast.) last month, it took a few scans from Spybot and Malwarebytes to "get rid" of it. I followed the instructions on the Bleeping Computer site on how to get rid of such virus.
Since then, I have been having minor issues with this computer(Alienware Aurora with Windows 7 64 bit) with connecting online, it will connect, and disconnect just a few minutes later. It hasn't been doing it as much, these past few days.
I get a Microsoft Visual C++ Runtime error, DSUpdate.exe "abnormal program termination"(though, it works at times).
I am unable to turn on my Windows Firewall (Error code 0x80070424).
Java took quite a while to ask for an update(It took the computer to stay on for 2 hours for it pop up by itself.).
I have never had any of these problems before. Is the virus still there in some way? My virus scans pick up nothing.

Answer:Internet Security 2011(or 12) still there?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity CenterWindows UpdatePress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply.====================================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware,... Read more

13 more replies
Relevance 67.24%

I have System Security 2011 virus on my computer (I think), big popup that says Security and it keeps trying to scan my computer, millions of pop ups and won't open any programs, I'm also now getting hard drive errors that are popping up. I've ran Super Antispyware and Malware Bytes and it doesn't seem to be helping. I can only use my computer in Safe Mode now. Please help

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by BC Leasing 2 at 16:04:29 on 2011-10-28
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3037.2241 [GMT -6:00]
.
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.e... Read more

Answer:System Security 2011

Hello danicabc ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.Please download ComboFix from the link below:CombofixSave it to your Desktop <-- Important!!!Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

Double click it & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
Notes: Skip the Recovery Cons... Read more

39 more replies
Relevance 67.24%

Hello! I´ve got infected with this virus, and I used this guide for removing it.

http://www.howtogeek.com/howto/8693/how-to-remove-antivirus-live-and-other-roguefake-antivirus-malware/

I turned my computer in safe mode and ran SAS (SuperAntiSpyware)
Then, I tried MalwareBytes, and at that point the virus has already gone, but I wanted to give a try to MicrosoftSecurityEssentials, to be sure that I didn´t have any other virus,trojan, etc. But The MSE didn´t run on Safe Mode. So, I used Combofix before turning into normal mode, thoug it said that I had to turn off "AVG 9.0 free", so before turning it off, it offered to update to AVG 12.0. But I had a problem during insatllation, because the older version didn´t successfully uninstall. At that point, I search how to unistall AVG 9.0 and I found the program Revo-Uninstaller. Finally I managed to uninstall the program, and then ran ComboFix.

This is the log file:

ComboFix 11-11-15.06 - Principal 16/11/2011 15:19:26.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.54.3082.18.1503.833 [GMT -3:00]
Running from: c:\documents and settings\Principal\Escritorio\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Datos de programa\TEMP
c:\documents a... Read more

Answer:System Security 2011

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

2 more replies
Relevance 67.24%

a few days ago I started getting pop-ups stating my computer was infected and I should register my copy of AV Security, the first problem was I never downloaded this program. It became apparent pretty quickly that this was Malware, and try as I might I haven't been able to get rid of it.

sadly my tech knowledge is several years out of date so I felt I should post here. I was able to generate a report from DDS (which is attached) but when I attempted to run GMER I would get a bout half an hour in then my computer would shut down; so i am begingn to think I might have somethng much worse then just AV security 2011.

Any Help is appreciated
-Dave
 dds-12-03-11.txt   14.16KB
  4 downloads

Answer:trying to remove "AV Security 2011"

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430753 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

27 more replies
Relevance 67.24%

My laptop have the problems. Start with Vista Security 2011. Vista Security 2011, not allow to network, and in normal mode, after about one minutes, bluescreen appear. I use a netbook (small laptop) that my Mom have. Around google about Vista Security 20011, I find the good link http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011 . I follow the guide. I did FixNCR.reg. I did rkill. I did Malwarebytes' Anti-Malware (newest but not upgraded because of not in network) and removed a executable which affect Vista Security 2011 not exist in the front. I am at #6. I tried TDSSKiller, and see all objects that are "skip". I didn't change the objects. I still not allow to network. And the bluescreen in normal mode still exist. Words in screenblue, 0x0000000A, 0x00000002, 0x00000001, [not done with look all codes of screenblue as disappear soon as about 5 seconds. Look Problem Reports and Solutions... click View problem history... what is the last code: 8204483C] I think, 0x820448C. I don't know what to do next except ask for a help.DDS.txt.DDS (Ver_2011-08-26.01) - NTFSx86 NETWORKInternet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29Run by Timothy at 15:12:34 on 2012-01-08Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1021 [GMT -8:00].AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2... Read more

Answer:Vista Security 2011

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/437403 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

6 more replies
Relevance 67.24%

I have done all the registry in DOS. I have downloaded malwarebytes and it found 5 infections. I removed them. I have a feeling there is more hidden and have no clue on where to find them. Pezfile is not showing up, yet my windows defender is down. Can't turn on automatic updates and my microsoft antivirus is not able to update either... I have looked everywhere. It tries popping up again and I have to keep doing my fix.reg to get back online. But it is only a matter of time before I get shut down again and have to do it over. There has to be something I am missing. I was told by an authorized dealer that this would work the best. Any suggestions?
 

Answer:Still need help with XP security tool 2011

10 more replies
Relevance 67.24%

hi
when i turned on my com today this virus dimaged my computer
and i cant access my windows defender and system restore

im running node 32 and spy hunter but they cant delete this virus

now what should i do ?

Answer:what should i do with win 7 total security 2011

Welcome aboard Did you try this?http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

1 more replies
Relevance 67.24%

i just got rid of the viruses using malwarebytes and after the restart the win7security2011 was gone however now nothing works anymore i cannot open any of the install programs if i try it asks me what i want to use to open them with. when i open the control panel half the stuff that should be there is missing i cannot reopen malwarebytes the computer seems to have forgoten where to look for it so i cant restore the stuff i removed. i do have access to the system its dual booted im currently on my second o/s talking to you but the issue is on a windows 7 o/s im on xp right now. can i fix this? or does this mean i need to reinstall? i realy dont wanna lose allt he stuff ive installed. also when restarting or shuting does i see a bsod but only for a second then it shuts down ive tryed to use the event veiwer but it seems to not be in the control panel anymore.

Answer:[SOLVED] win 7 security 2011 help please

Hi Sirtokesalot. Try opening a command window and run "sfc /scannow" and then when it finishes, reboot and see if that helps.

Good day!

Mike

8 more replies
Relevance 67.24%

Hi there,
Me again. Seriously. Three computers this week. I must have done something really stupid.

Anyway, this one says it is XP Internet Security 2011. I tried to install MBAM in regular mode and safe mode. Wouldn't let me run the install program even after renaming the file.

It did let me run DDS and GMER, though. Here's that info.

Thanks a million.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nickolas Roth at 22:12:38.19 on Thu 05/12/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2321 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton AntiVirus *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Dell\QuickSet\quickset.ex... Read more

Answer:XP Internet Security 2011

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

14 more replies
Relevance 67.24%

Hi all. I never post here and always use your site when I have a problem (virus). I thought I would pass on my recent adventure of removing Win 7 Security 2011.After wasting about 4 hours of my time reading and trying to remove what I thought was a serious infection, I ended up using old relieable, Malwarebytes.1) Downloaded Malwarebytes to a flash drive using another computer.2) Copied Malewarebytes (via flash drive) to the infected computer.3) Rebooted infected computer in "Safe Mode With Networking".4) Installed Malwaebytes.5) Updated Malwarebytes.6) Rebooted computer in "Safe Mode With Networking".7) Ran Malwarebytes, deleted infection and rebooted.All done.Hope this saves someone time.Vic

Answer:Removing Win 7 Security 2011

BC Removal Guide , for those who might want to refer to it.Louis

1 more replies
Relevance 67.24%

Infected with XP Security 2011 and followed removal guide to clean. Infection reappeared within 2 days. Reran all removal guide steps, but noticed that I was getting a message about "security Center Downloads" I went to change the security center downloads and noticed I could not change the settings, and it just did not look right. Now I turn to you for more help.

DDS Log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Run by Charlie at 16:17:27 on 2011-05-23
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.171 [GMT -4:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
svchost.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaan... Read more

Answer:Infected with XP Security 2011

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that ... Read more

14 more replies
Relevance 67.24%

hi, i have the xp security rogue malware thing and I cannot get rid of it, ive ran malwarebytes and it removed it for about a day,malware bytes says I have no malware then it comes back I will attach the malwarebytes log and on a different forum someone suggested I use Combofix problem is Avg doesn't wanna delete from my computer.. I've tryed to delete the program, the files in C: but nothing works. please reply as quickly as possible thanks =)

Answer:Infamous XP security 2011

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

A number of steps are required to remove this infection.

Go to the link Remove Vista Antimalware 2011 and Win 7 Antispyware 2011 name changing rogue (Uninstall Guide)

and follow the instructions listed after this paragraph.
Automated Removal Instructions for XP Internet Security, Vista Antimalware 2011, and Win 7 Antispyware 2011 using Malwarebytes' Anti-Malware:
===

Run Malwarebytes again.

===

When completed:

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me ... Read more

3 more replies
Relevance 67.24%

So yesterday my laptop got infected with Win 7 Total Security 2011.I followed the guide at http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011except it did not help. Each step had its own problem and currently my PC seems to still be infected.Here is what happened after i did each step:1. I downloaded the FixNCR.reg file on an uninfected computer and transferred it to my infected laptop.2. I ran FixNCR.reg in SAFE MODE and I was then able to use .exe files again, HOWEVER I still could notaccess the internet in normal or safe mode.3. Since I couldn't access the internet, I did the same thing as before. I downloaded and transferred theeXplorer.exe file to my infected computer and ran it.4. The only process that it reported stopping was my actual explorer.exe5. After that I ran Malwarebytes' Anti-Malware. It said my Malwarebytes' Anti-Malware was 9 days out of date but i figure that shouldn't be that big of a deal.6. After a full scan, it came up with 3 infected files. I removed all 3 files and restarted my computer.Now when run my computer, Win 7 Total Security 2011 doesn't run anymore. However, I am still encountering my previous problems and MORE.Current Problems:1. Still can't access internet on Internet Explorer or Mozilla Firefox.2. SOMETHING changed my Windows 7 appearance into Windows Classic.3. My NORMAL start-up is acting as if its in safe mode. IE: I can't access the internet, I can't adjust screen brightne... Read more

Answer:Win 7 Total Security 2011

Hello and welcome to the forums!My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.I would be glad to take a look at your log and help you with solving any malware problems.If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed. If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator&#... Read more

2 more replies
Relevance 67.24%

I'm trying to figure out how to get Win 7 Home Security off of my computer. The computer won't let me connect to the internet and also will not let any .exe files run. I attached the dds. and attach zip file.

attach.zip

dds1.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Beau at 15:37:27 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3345 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkService... Read more

Answer:Win 7 Home Security 2011

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16457
Run by Beau at 15:37:27 on 2012-12-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.3345 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Users\Beau\AppData\Local\fdw.exe
C:\Program Files (x86)\Internet Explorer\... Read more

3 more replies
Relevance 67.24%

My laptop is acting funny and I have found out that I have XP Total Security 2011. I've run a full system scan on the highest settings with Avast! and have tried closing the processes and deleting files associated with the virus. If I try deleting the offending files (put them in recycling bin), it says it can't find rundll32.exe and asks what program I want to run any executables with.
I can't open regedit.exe, msconfig.exe or any program in Control Panel. The virus isn't letting her use IE or Firefox in normal mode.
I'm currently in safe mode with networking and have run MBAM and SUPERAntiSpyware. The logs are attached.
I have no idea what to do from here. Help please? :confused
 

Answer:XP Total Security 2011

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Please follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide
and attach the requested logs when you finish these instructions. Make sure you fix what is found by Malwarebytes this time. You previous log shows that you took no action.
 

5 more replies
Relevance 67.24%

I got hit with the Vista Security 2011, I've followed the instructions from here
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011
I've ran Malwarebytes and didn't come up with anything. I've run the F-Secure scanner online and it is showing Found Malware: -1, should I be concerned with this? When F-Secure tries to delete the malware it comes up with error 65: The program is running with insufficent users rights to scan all targets for malware and spyware.

Computer
Vista Ultimate with SP2 and windows is up to date
32bit OS
4 gb's of ram

After running Malwarebytes and Avast, the scan does not come up with anything. The online scanner from F-Secure comes up with C:\ ##ASWSNX PRIVATE STORAGE\SNX_RHIVE. Just want to make sure that this is part of avast.

Answer:Vista Security 2011

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Please take note:If you have since resolved the original problem you were having, we would appreciate you letting us know. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available.If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply'... Read more

12 more replies
Relevance 67.24%

I had XP Home Security 2011 on my laptop which is running XP Professional with Service Pack 3. I got Malwreabytes to run and it quarantined/removed several infections. Now for example, when I click on Internet Explorer in the tray (and some other applications including Malwarebytes) it does not open. An "Open With" dialoge box opens. It says Choose the program you want to usee to open this file: iexplore.exe. Internet Explorer opens normally from the icon on the desktop. Also. when I Click "Atast" then Control Panel" and then "Add or Remove Programs" I get an error box that says C:\WINDOWS\system32\rundll32.exe Applicatioon not found. I have tried replacing the rundll32.exe file from several sources including the Wiindows replacement disk that came with my laptop and nothing changes. When I go into the other user in a different domain on the laptop, everything seems to run normally. What can I do?

Answer:I had XP Home Security 2011

Hi Merv,

The issues your having (both the programs not opening and the control panel) can be resolved with the following.
This commonly happens after a fraudulent security tool is removed from a computer.
You will have to apply the following to the Registry, just download the file depending on your operating system (The Vista one will work on Windows 7) and then double click it to merge it to the registry, this should resolve the issue.

XP
Whole list of File Associations
http://www.dougknox.com/xp/file_assoc.htm

Direct link to .EXE XP Fix
http://www.dougknox.com/xp/fileassoc/xp_exe_fix.zip

Vista
Whole list
http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html

.EXE Direct link
http://www.winhelponline.com/fileasso/exefix_vista.zip

Regards,
JimOw

2 more replies
Relevance 67.24%

Hello I hope someone can help.
I have a bad one Its called xp home security 2011 and its got me down How do I get rid of it
Thanks Please help me

Answer:xp home security 2011

See here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-2011

1 more replies
Relevance 67.24%

this my first post ever here. I need to remove XP Total Security 2011 from a computer. This is the second times in two weeks this particular computer has gotten one fo these rogue viruses. I do not want to have to pay to get another one removed. The computer has Malware Bytes on it but only the free version. I tried to go in and rename the exe file since it will not run but then it says the file will become unstable. Any suggestions? How about suggestions to avoid future problems? The computer is also running a free versiomn of AVG. Thanks.

Answer:XP Total Security 2011

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting the results.Close the program window, and delete the program from your desktop.Please no... Read more

2 more replies
Relevance 67.24%

My sister is currently 300 miles away from me. She rang me saying her laptop was acting funny and we have found out that she has aquired XP Total Security 2011. She has run a full system scan on the highest settings with Avast! and we have tried closing the processes and deleting files associated with the virus. If she tries deleting the offending files (puts them in recycling bin), it says it can't find rundll32.exe and asks what program she wants to run any executables with.
We can't open regedit.exe, msconfig.exe or any program in Control Panel. The virus isn't letting her use IE or Firefox. We've tried all these things in Safe Mode with still no success.
She doesn't come home for another 2 weeks. Is there any way I can help her from where I am?
 

Answer:XP Total Security 2011

She needs to try to download and run both SuperAntispyware and MalwarebytesAntimalware. She may need to do it in safe mode. She may also need to use a different computer to download them to and then transfer them via USB thumb drive. She should also register at MajorGeeks and post a thread here in the malware forum if possible.
 

3 more replies
Relevance 67.24%

hi
when i turned on my com today this virus dimaged my computer
and i cant access my windows defender and system restore

im running node 32 and spy hunter but they cant delete this virus

now what should i do ?

Answer:what should i do with win 7 total security 2011

Hi,

I recommend following this:

Windows Defender Offline

Regards,
Golden

6 more replies
Relevance 67.24%

I was on google images , went to go see the full size of an image.. my computer froze and i got this XP security 2011 program installed. Its a malware.. runs fake scans and the whole bit. Ive had a virus similiar to this .. was a pain to remove even tho i seemed "clean"

I ran superAnti Spyware as soon as i got this.. when i restarded i couldn't run any .exe so i had to use some XP registry (im on windows XP) fixerr and then i was able to run malwarebyte and all the other scans.

Right now everything seems clean but im not suree if everything is fine.

Ive never had a problem with MGtools but when i run it out of C drive it creates the folder MGtools like always but then does nothing.. no scans or anything.

Logs attached

As always Thanks for the help in advance this forum is a life saverr:-o
 

Answer:XP security 2011 Virus -_-

Restarted and MGtools ran without a problem

Log Attached
 

16 more replies
Relevance 67.24%

Was doing some research regarding a graphics card and a site I went to hit me with a rouge av program, I shutdown rebooted in to safe mode and hit combofix ( sorry, I only just found this site so was not aware of the warning)mzlkor.exe was one of the process I think from the program. After the report I was given this read out ComboFix 12-02-06.01 - Ghostdog 06/02/2012 22:01:54.2.4 - x64 NETWORKMicrosoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8191.7217 [GMT 10:00]Running from: c:\users\Ghostdog\Desktop\ComboFix.exeAV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}* Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..---- Previous Run -------.c:\users\Ghostdog\AppData\Roaming\mm\cache\.cachec:\users\Ghostdog\AppData\Roaming\mm\cache\ImageLo ader\0D51E9900D2C17AA30F9D5B537BA8FCEc:\users\Ghostdog\AppData\Roaming\mm\cache\ImageLo ader\5D5DE5139DD621ADD64B8CEFDD46C01Dc:\users\Ghostdog\AppData\Roaming\mm\cache\ImageLo ader\F722CF962F4FCDC6D9D98B6BDE3E35D8E:\install.exeF:\install.exe..((((((((((((((((((((((((( Files Create... Read more

Answer:Security shield, av 2011

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

10 more replies
Relevance 67.24%

Hi,The other night the Win 7 virus popped up on my computer. I cleaned it and everything is running fine now, but since I'm fairly new to cleaning viruses, I wanted to make sure everything was gone and that my computer was 1) operating normally, and 2) find ways to prevent this from happening. Thanks!(Moderator edit: post moved to more appropriate forum. jgw)

Answer:Win 7 Home Security 2011

Hi utjaeph,

Can you post the results from your Malwarebytes scan please? We can then be sure things are clean and move on to preventative measures.

1 more replies
Relevance 67.24%

I have completed the steps requested on bleepingcomputer to get rid of it but i dont think it is gone yet. If someone could help me check i wouls appreciate it.

I have created this log and i hope it helps.

Thanks

Rose

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 18:14:40.60 on Mon 02/07/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.222 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\... Read more

Answer:AVG Internet Security 2011

Hello rubby8892. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I?ve given you the ?All clear.? Absence of symptoms does not mean your machine is clean! Please do not run any scans or install/uninstall any applications without being directed to do so.Any underlined text in my posts indicates a clickable link.If you have any questions at all, please stop and ask before proceeding. Download GMER Rootkit Scanner from here to your desktop. Double click the exe file. If asked to allow gmer.sys driver to load, please consent . If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT Drives/Partition other than Systemdrive (typically C:\) Show All (don't miss this one) Then click the Scan button & wait for it to finish. Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in reply.**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries If you have trouble running GEMR:Make sure that your security software is disabledUncheck the box n... Read more

2 more replies
Relevance 67.24%

Hi, please help me. I am infected with Security Esentials 2011. I have followed the instructions about using rkill. After Rkill finished and I try to run the mallwarebytes setup, the Security Esentials 2011 just restarts.

What I am i doing wrong? PLEASE HELP.

Answer:HELP Can't Get rid of Security Essentials 2011

Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

1 more replies
Relevance 67.24%

I have the XP Internet Security 2011 malware on my computer. Evertime I log into the computer it runs it's "security scan" and finds "infected" files. I can usually let it finish it's scand and then kill it using task manager. But when I try to access the internet it comes back 50% of the time and locks up the computer. Below is the dds.txt and attached is the attach.zip which contains the attach.txt and the ARK.txt. The ARK.txt did not finish as the XP Internet Security 2011 keeps poping up and freezing the computer.

Thanks for your help.

Dan Kramek



.
DDS (Ver_11-03-05.01) - NTFSx86
Run by HP_Administrator at 11:48:52.95 on Fri 05/13/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3006.2181 [GMT -4:00]
.
AV: ZoneAlarm Security Suite Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Norton Internet Worm Protection *Disabled*
FW: ZoneAlarm Security Suite Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements... Read more

Answer:XP Internet Security 2011

Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.

This is a bad infection.

I suggest you follow the removal instructions listed on this page.

Remove XP Anti-Spyware 2011, Vista Security 2011, and Win 7 Internet Security 2011 (Uninstall Guide)

If at any time you need help please ask.

===

When completed please let me know what problem persists.

11 more replies
Relevance 67.24%

hello All i need help - i have previously had the XP security 2011 virus, i first got rid of it with malwarebytes but it came back, i scanned again with malwares - i removed a trojan but when i rebooted and signed back in it was asking me to choose a programme to open all my desk top icon, i cant alter the volume and in control panel when i try and open a tab it says C:WINDOWS\systemrundll32.exe not foundcan someone please help me with this?many thanks domEdit: Moved topic from XP to the more appropriate forum, as I do not think your malware issues are resolved. ~ Animal

More replies