Computer Support Forum

Avast keeps asking for Mail Shield Security Exclusions

Question: Avast keeps asking for Mail Shield Security Exclusions

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(NGWIN) C:\Program Files (x86)\PicPick\picpick.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Viber Media S.Ã  r.l.) C:\Users\USER\AppData\Local\Viber\Viber.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(BitTorrent Inc.) C:\Users\USER\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\41.0.2353.56\opera.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-08] (IDT, Inc.)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9044392 2016-11-08] (AVAST Software)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [19959616 2015-08-24] (NGWIN)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Dropbox Update] => C:\Users\USER\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-06] (Dropbox, Inc.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8455960 2015-08-20] (Piriform Ltd)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27011712 2016-10-17] (Skype Technologies S.A.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Ilsoft] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\USER\AppData\Local\Agjworks\EnObjKit4.dll
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Viber] => C:\Users\USER\AppData\Local\Viber\Viber.exe [45485648 2016-11-03] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Run: [uTorrent] => C:\Users\USER\AppData\Roaming\uTorrent\uTorrent.exe [1977536 2016-10-10] (BitTorrent Inc.)
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-287049870-4264774542-2349093501-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-21] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-04-22] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-04-22] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt64.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-10] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\USER\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2016-03-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2015-04-03]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{58CCC2EE-AD5E-4E6E-B009-E419FA4CF74D}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6C0D3F50-FAA3-4953-A571-ECA314FB8E90}: [NameServer] 78.90.52.1,89.190.192.248
 
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05] (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-11-05] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll => No File
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll No File
 
FireFox:
========
FF ProfilePath: C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\vjgzuhfu.default [2016-11-14]
FF Homepage: Mozilla\Firefox\Profiles\vjgzuhfu.default -> hxxp://www.mybreznik.com/n/
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-10]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: (MSN Toolbar) - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-11-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: (Search Helper Extension) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-11-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2016-03-20] [not signed]
FF HKU\S-1-5-21-287049870-4264774542-2349093501-1000\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\911bg.xml [2014-10-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\diribg.xml [2014-10-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\pe-bg.xml [2014-10-11]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\portalbgdict.xml [2014-10-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-08] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-08] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-04-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-287049870-4264774542-2349093501-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\USER\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default [2016-10-31]
CHR Extension: (Rapport) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-04-17]
CHR Extension: (Avast SafePrice) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-04-17]
CHR Extension: (Avast Online Security) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-07-10]
CHR Extension: (Video Downloader Pro) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilppkoakomgpcblpemgbloapenijdcho [2016-07-10]
CHR Extension: (Плащания в уеб магазина на Chrome) - C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-17]
CHR HKU\S-1-5-21-287049870-4264774542-2349093501-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-10] (AVAST Software)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-03] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-02-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2014-03-31] (Mentor Graphics Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-04-03] (SolidWorks) [File not signed]
R2 SZASSIST; C:\Program Files (x86)\Clarus\Samsung SecretZone\SZAssistSVC.exe [90112 2011-04-15] (Clarus, Inc.) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3386608 2013-02-08] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-10] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-10] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-10] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-10] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-10] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-10] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FTDIBUS; C:\Windows\System32\drivers\opcomusb.sys [69192 2009-02-17] (FTDI Ltd.)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung SecretZone\mdf16.sys [18288 2010-08-17] () [File not signed]
R3 mvd22; C:\Program Files (x86)\Clarus\Samsung SecretZone\mvd22.sys [78192 2010-08-17] () [File not signed]
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-16] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-10-18] () [File not signed]
U3 abiwb860; C:\Windows\System32\Drivers\abiwb860.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-14 19:47 - 2016-11-14 19:48 - 00032033 _____ C:\Users\USER\Desktop\FRST.txt
2016-11-14 19:46 - 2016-11-14 19:47 - 00000000 ____D C:\FRST
2016-11-14 19:38 - 2016-11-14 19:38 - 02411520 _____ (Farbar) C:\Users\USER\Desktop\FRST64.exe
2016-11-12 13:21 - 2016-11-12 13:21 - 20092125 _____ C:\Users\USER\Downloads\Sarah McDaniel - Imgur.zip
2016-11-12 10:45 - 2016-11-12 10:46 - 00000000 ____D C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-11-09 00:33 - 2016-11-09 00:33 - 00044106 _____ C:\Users\USER\Downloads\NCIS.Season.03.DVDRip.XviD-Zamunda.NET.torrent
2016-11-09 00:33 - 2016-11-09 00:33 - 00043906 _____ C:\Users\USER\Downloads\NCIS.Season.04.DVDRip.XviD-Zamunda.NET.torrent
2016-11-09 00:33 - 2016-11-09 00:33 - 00023009 _____ C:\Users\USER\Downloads\NCIS Season 1 Episodes (1-23) Complete.torrent
2016-11-09 00:33 - 2016-11-09 00:33 - 00022965 _____ C:\Users\USER\Downloads\NCIS Season 2 Episodes 1-23  Complete.torrent
2016-11-07 17:49 - 2016-11-07 17:50 - 00000000 ____D C:\Users\USER\AppData\Local\Viber
2016-11-07 16:46 - 2016-11-14 17:26 - 00000000 ____D C:\Users\USER\AppData\LocalLow\uTorrent
2016-10-26 22:57 - 2016-10-26 22:57 - 03452989 _____ C:\Users\USER\Downloads\Jenna-Louise Coleman - 'Glamour Magazine UK' - - Imgur.zip
2016-10-23 18:40 - 2016-10-23 18:40 - 00049152 _____ C:\Users\USER\Downloads\pernik.xls
2016-10-23 17:13 - 2016-10-29 14:05 - 00000000 ____D C:\Users\USER\Desktop\Нова папка (2)
2016-10-15 17:28 - 2016-10-15 17:28 - 00018937 _____ C:\Users\USER\Downloads\Zdravko Colic -The Platinum Collection (2007).torrent
2016-10-15 17:26 - 2016-10-15 17:26 - 00037665 _____ C:\Users\USER\Downloads\Zdravko Colic - Diskografiq.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-14 19:47 - 2014-10-18 14:16 - 00000000 ____D C:\Users\USER\AppData\Roaming\uTorrent
2016-11-14 19:42 - 2015-06-19 07:19 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-287049870-4264774542-2349093501-1000UA.job
2016-11-14 19:28 - 2014-10-18 15:01 - 00000000 ____D C:\Users\USER\AppData\Roaming\Skype
2016-11-14 19:20 - 2014-10-18 14:05 - 00000998 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-14 19:06 - 2014-10-18 14:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-11-14 18:24 - 2015-04-03 10:40 - 00000000 ____D C:\Program Files\SolidWorks Corp
2016-11-14 18:16 - 2009-07-14 07:13 - 00794766 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-14 18:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-11-14 17:33 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-14 17:33 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-14 17:27 - 2014-10-19 10:37 - 00000000 ____D C:\Users\USER\Documents\ViberDownloads
2016-11-14 17:26 - 2015-11-06 08:50 - 00000000 ____D C:\Users\USER\AppData\Roaming\ViberPC
2016-11-14 17:25 - 2014-12-18 21:28 - 00000453 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2016-11-14 17:24 - 2014-10-18 14:05 - 00000994 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-14 17:24 - 2014-10-18 13:34 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-14 17:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-14 16:55 - 2015-02-24 15:54 - 00000000 ____D C:\Users\USER\Documents\Visual Studio 2013
2016-11-14 16:20 - 2014-10-18 14:55 - 00004180 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-11-13 22:00 - 2014-10-27 19:32 - 00000000 ____D C:\Users\USER\AppData\Roaming\vlc
2016-11-13 20:42 - 2015-06-19 07:19 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-287049870-4264774542-2349093501-1000Core.job
2016-11-13 00:47 - 2015-09-04 10:04 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-11-13 00:47 - 2014-10-18 14:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-12 11:09 - 2016-02-02 14:22 - 00000000 ___SD C:\Users\USER\AppData\LocalLow\Temp
2016-11-12 10:46 - 2014-10-18 14:57 - 00000000 ____D C:\Users\USER\AppData\Roaming\Dropbox
2016-11-12 01:39 - 2014-10-18 13:21 - 02845297 ____H C:\Users\USER\AppData\Local\IconCache.db.backup
2016-11-11 21:27 - 2016-02-02 10:37 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-10 14:41 - 2015-09-04 09:49 - 00003860 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1441352943
2016-11-10 14:41 - 2015-09-04 09:48 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-09 22:01 - 2014-12-24 14:17 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 20:37 - 2015-06-19 07:19 - 00003886 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-287049870-4264774542-2349093501-1000UA
2016-11-09 20:37 - 2015-06-19 07:19 - 00003490 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-287049870-4264774542-2349093501-1000Core
2016-11-09 18:25 - 2014-10-18 13:35 - 00000000 ____D C:\Users\UpdatusUser
2016-11-08 23:06 - 2015-09-04 10:04 - 00003882 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-11-08 23:06 - 2014-10-18 14:02 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-08 23:06 - 2014-10-18 14:02 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-08 23:06 - 2014-10-18 14:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-11-08 23:06 - 2014-10-18 14:02 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-07 10:31 - 2015-04-03 15:00 - 00000000 ____D C:\Users\USER\AppData\Local\TempSWBackupDirectory
2016-11-07 09:48 - 2009-07-14 07:08 - 00032660 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-06 18:36 - 2016-01-12 11:52 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-10-25 15:23 - 2014-10-18 14:06 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-21 20:05 - 2014-10-18 15:01 - 00000000 ____D C:\ProgramData\Skype
2016-10-17 20:31 - 2015-12-18 19:42 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-10-16 17:36 - 2015-01-20 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
 
==================== Files in the root of some directories =======
 
2013-10-02 04:56 - 2013-10-02 04:56 - 0000979 _____ () C:\Users\USER\AppData\Roaming\callout.unicode.font.xml
2015-09-14 15:36 - 2015-09-14 16:44 - 0000128 _____ () C:\Users\USER\AppData\Roaming\Camdata.ini
2015-09-14 15:36 - 2015-09-14 16:44 - 0000408 _____ () C:\Users\USER\AppData\Roaming\CamLayout.ini
2015-09-14 15:36 - 2015-09-14 16:44 - 0000408 _____ () C:\Users\USER\AppData\Roaming\CamShapes.ini
2015-09-14 15:36 - 2015-09-14 16:44 - 0004545 _____ () C:\Users\USER\AppData\Roaming\CamStudio.cfg
2015-05-20 03:28 - 2015-05-20 03:28 - 0004151 _____ () C:\Users\USER\AppData\Roaming\LF_Disabled.png
2013-10-02 04:56 - 2013-10-02 04:56 - 0002079 _____ () C:\Users\USER\AppData\Roaming\refentry.source.fallback.profile.xml
2016-02-01 13:37 - 2016-02-01 13:37 - 0001959 _____ () C:\Users\USER\AppData\Roaming\Scenography
2015-05-20 03:28 - 2015-05-20 03:28 - 0003181 _____ () C:\Users\USER\AppData\Roaming\support_tools.png
2015-05-20 03:14 - 2015-05-20 03:14 - 0001933 _____ () C:\Users\USER\AppData\Roaming\tweakNetworkingManual_de.p5p
2015-05-20 03:14 - 2015-05-20 03:14 - 0000109 _____ () C:\Users\USER\AppData\Roaming\tweakRepairWinsock_zh-cn.p5p
2015-09-14 15:22 - 2015-09-14 15:56 - 0000096 _____ () C:\Users\USER\AppData\Roaming\version2.xml
2016-02-01 13:37 - 2016-02-01 13:37 - 0052996 _____ () C:\Users\USER\AppData\Roaming\vmciver.dll
2015-04-08 20:33 - 2016-09-19 17:16 - 0032256 _____ () C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-30 22:20 - 2016-03-26 23:34 - 0007598 _____ () C:\Users\USER\AppData\Local\Resmon.ResmonCfg
2014-11-09 13:34 - 2016-05-25 10:03 - 0021455 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-14 10:27
 
==================== End of FRST.txt ============================

 
I'll appreciate any help. Thanks.

Relevance 100%
Preferred Solution: Avast keeps asking for Mail Shield Security Exclusions

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: Avast keeps asking for Mail Shield Security Exclusions

I'm sorry for the second topic, the browser gave me internet error (or something) and I clicked refresh.

1 more replies
Relevance 99.47%

Hello,
For several days AVAST keeps popping up all the time messages like this one:
 
"MAIL SHIELD SECURITY EXCLUSION
Avast has indentified a problem with this site certificate.
You can add this certificate as an exclusion, if you are sure about it.
Click the 'View' button for more details about the certificate.
If you want to change your certificates/exclusions, please open the Windows Certificate browser and perform the required operations directly from within the system certificate storage.
Legitimate public sites and mail servers should not ask you to do this.
 
SERVER
Location: smtp.stcable.net
Process: C:\Windows\SysWOW64\regsvr32.exe
CERTIFICATE STATUS
This site attempts to identify itself with invalid information.
Problems:
The certificate is not trusted."

 
I either close it or select "CANCEL" but it starts to worry me. I saw another topic with the same problem but it's closed without solution. Here's the contents of the FRST.txt report:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by USER (administrator) on ОЛЕГ-PC (14-11-2016 19:47:08)
Running from C:\Users\USER\Desktop
Loaded Profiles: USER & UpdatusUser (Available Profiles: USER & UpdatusUser)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Български (България)
Internet Explorer Version 11 (Default browser:... Read more

More replies
Relevance 98.6%

Hello Guys,
My system:
Toshiba  / Satellite C55-A   /  Intel ® Celeron  ® N2820
64 bit Windows 8.1
I am at the end of my rope. I have tried everything. First, let me say I am not good at technical things on a computer, just enough to be dangerous. So if some things I say seem crazy, they probably are.  So here is the story. About a week ago I received a email on my go daddy webmail.  www.login.securserver.net. That is how I long into that email. Now, that is not my main email. My main email is gmail, which I use the most.
The email I received on the go daddy email was a Notice of Apperance in Court #00406341. It contained a zip file,  Court Notification 00406341.zip.   Of course being stupid, I unzipped the file, thinking it was something important, since I have some court cases ongoing for business.
With research  I think it is a Kuluoz or another one that starts with  A.  cant remember.
It put a zip file in my downloads folder  Court_Notification_00406341.doc, which shows as File Type: Java Script file, 8.84kb.  That is the only one I noticed, not sure if they are more somewhere.  Then things started getting a little weird. Nothing major, I still get emails, still send them, and my system seems to be running normally, except for Avast Mail Shield security exclusions ,  It keeps poping up at least 40 times a day, saying 
 
Now, here I used to get different info, like websit... Read more

Answer:Avast keeps giving me Mail Shield Security Exclusions

hi,
 
We will start with FRST to remove some items from the log.
 
Usually Iam only on this site once or twice per day so you may not get a reply from me until the next day.
 
Copy/paste whats below in the box into notepad. Save it as fixlist.txt in the same location you have FRST, your desktop. Click the FRST icon like before and this time click on the fix button just once. When done you will find a fixlog on your desktop. Please post the fixlog in your reply. Machine may reboot to finish the process.

HKLM\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\Philip\tmp2098815588907764838.exe
C:\Users\Philip\tmp3347511962698503720.exe
C:\Users\Philip\tmp7839474401173251832.exe
2014-03-10 16:57 - 2014-03-10 16:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
SearchScopes: HKU\S-1-5-21-2793440623-1628646824-2415799637-1001 -> {21A3F5B1-BB9E-458A-815D-54E44AA350A8} URL =
CHR HKU\S-1-5-21-2793440623-16286... Read more

5 more replies
Relevance 80.77%

Hi,

I've just installed Avast! free antivirus on my Windows 7 PC. The installation installed something called the Mail Shield. Is there any point in having this turned on if I only access my emails using Yahoo's webmail service? Does it only scan mail if I use a client such as Windows Live Mail 2011?

Thanks in Advance!

Answer:Do I need the Avast Free Mail Shield if I use Yahoo Mail online

You don't need it if you are using a web based mail like yahoo. You can do a custom install of avast and untick the mail shield.

9 more replies
Relevance 75.85%

I have gotten an error message from Avast when downloading email.

The message says that Avast mail shield cannot scan the emails because
I have an SSL secure connection configured in the mail client, Outlook Express 6.

Both incoming and outgoing server ports have "This server requires a secure connection (SSL)" ticked ON.

I think this setting may be required for att.yahoo.com servers. :confused

Should I just disable the mail guard in Avast?

Thanks
 

Answer:Avast Mail Shield not working with AT&T account and Outlook Express

Have you read this?
http://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=458
 

1 more replies
Relevance 75.85%

I recently had to restore from a system image (full restore of C:\ drive where my program and system files are kept, no changes to D:\ so my personal files weren't reset, and probably some temp files and preferences weren't either) and after doing so, and then reinstalling avast onto this system image (the image was made at a time when I had a different antivirus) I encountered a problem with firefox which seems to be something to do with conflicts with it and avast.
Immediately after the system imaging firefox worked fine, and immediately after avast's installation avast worked fine too. The I updated both of them to the latest state, restarted and logged back on. This time when I opened avast to go to google I got a warning about a certificate on google's page being unrecognised (Unfortunately I can't remember the exact wording), But I was able to follow some of the options on the dialogue brought up by firefox and see a certificate related to avast was causing the issues. I tested by temporarily disbaling avast's web and mail shields and opening firefox again, that time it went to google.co.uk without issues. I turned the web and mail shields of avast back on and I got the same certificate problem again.
Eventually I used the "I know the risks button" in firefox and created an exception, which I think might not have been the best way to solve this. Because I still had problems loading other https pages (for exmaple the links to google plus or gmail from the google home pa... Read more

Answer:Conflicts involving avast's web/mail shield certificates and firefox

It's a known issue with avast! from my experience, take a look.https://support.mozilla.org/fr/questions/981937https://forum.avast.com/index.php?topic=161376.0http://kb.mozillazine.org/SSL_Security_Errorhttps://support.mozilla.org/fr/questions/1032509I think the instructions you are looking for are in the first link.

16 more replies
Relevance 75.44%

Purchased avast internet security in November 2011. It's suddenly stopped working. "Fix Now" button not responding and unable to restart program as I'm being advised that the file system shield is unreachable! Any idea what's happened? Please help.
Angie.

Answer:avast internet security: file system shield

You have posted this twice - to avoid confusion:-
Please tick this thread as resolved (click the rigt hand column) and do as suggested in the other thread and reinstall avast.

1 more replies
Relevance 67.65%

I am having a problem in my sister's laptop. She does have antivirus installed (AVG Internet Security). However, its license expired, so I downgraded it to free version. After, downgrading it, I installed Avast! as it's antivirus and decided to uninstall AVG. Then, a few minutes ago after rebooting the laptop, a window opened saying that Trojan is infecting my computer, I heal it.. Then, another pops out. Heal and heal and heal..

After doing it, I rebooted the laptop thinking that it will refresh the system. Unfortunately, after rebooting, I cannot connect to Internet now. :cry :cry :cry Help me please? I already performed the Malware removing however, it did not help the laptop. I attached the files you asked me.. Please, help please? Thank you!
 

Answer:Avast error code 10050/No internet connection/Cannot start web shield in Avast

Welcome to Major Geeks!

Please attach the below log from Malwarebytes as requested:
Code:

"C:\Users\MSI\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\"
Oct 23 2012 11802 "mbam-log-2012-10-23 (21-32-26).txt"

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=101702
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.searchcompletion.com?si=29053&bs=true&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.searchcompletion.com?si=29053&bs=true&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchcompletion.com?si=29053&home=true
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.searchcompletion.com?si=29053&bs=true&q=
R1... Read more

1 more replies
Relevance 67.65%

End webcam spying ? for good ? with Webcam Shield and Avast Premier

Essentially, with Webcam Shield you have total control over what (and who!) uses your camera. This means you can now force any app to ask your permission before it can access your webcam.

Simply put, Webcam Shield promises to:
Protect Privacy
Give you total control over your webcam
Help prevent blackmail
With webcams now embedded in so many devices, it?s never been more important to protect yourself and your family from prying eyes and those with unknown motives.

& +

Automatically fix and update over 127,000 drivers for peak PC performance
Less crashing Faster browsing Better graphics Richer audio Fewer device problems

Print, scan, import files. Play crystal clear videos and make crackle-free voice calls. Avast Driver Updater auto-scans and updates your drivers to reduce and prevent problems with:

Printers and scanners, Photo and video cameras, Headphones and speakers, Mouse and keyboards, Monitors and Wifi routers, and other external devices.

MORE : Avast Driver Updater & Scanner | For Peak PC Performance
 

Answer:Avast have new tools: Webcam Shield feature & Avast Driver Updater.

Windows has webcam shield built-in. It works great!
 

0 more replies
Relevance 65.19%

Hello,
I am facing an issue with the proxy configuration file extension while using "Use automatic configuration script" in IE.
When using .dat, having an exclude:
if (shExpMatch(url, "*whatismyipaddress.com*")) return "DIRECT";
if (dnsDomainIs(hsot, "whatismyipaddress.com")) return "DIRECT";
if (localHostOrDomainIs(host, "whatismyipaddress.com")) return "DIRECT";
Traffic to http://whatismyipaddress.com still goes through the proxy.
When changing the proxy configuration file extension to .pac instead of .dat:
Traffic to http://whatismyipaddress.com goes Directly to the Internet bypassing the proxy.
User agents:
Win10 IE11: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Win7 IE11: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Have you seen this issue before? I have tested on both Windows 10 and Windows 7 IE 11.
Thank you in advance,
Nael

More replies
Relevance 63.96%

Need some help with Norton Internet Security and keeping it from deleting/clearing my cookies for websites like this or others when I have my log-in credentials saved. Basically every time I run a scan it clears my cookies making me have to re-log in to all my sites.

Anyone who's using NIS know how to keep it from doing this?

Please, no NIS bites or get something else. Would like the answer to this one.

Thanks.

Answer:Norton Internet Security & exclusions

This is somewhat strange. This never happened to me when I was running NIS. Are you sure it is NIS doing it and not e.g. CCleaner.

Since the beginning of the year my NIS license had expired and I am using MSE in the interim. But as soon as I find one of those zero dollar deals again I will get back to NIS.

If nothing else, I would call the Symantec help line. Maybe you have some odd setting. Those guys at the help line have always been very helpful when I was facing a NIS problem.

5 more replies
Relevance 63.96%

Need some help with Norton Internet Security and keeping it from deleting/clearing my cookies for websites like this or others when I have my log-in credentials saved. Basically every time I run a scan it clears my cookies making me have to re-log in to all my sites.

Anyone who's using NIS know how to keep it from doing this?

Please, no NIS bites or get something else. Would like the answer to this one.

Thanks.

BTW this is a Win 8 laptop, and I installed NIS myself.

Answer:Norton Internet Security & exclusions

Unknown about NIS.
But I use Norton 360 with NO problems with log-in's after a norton scan.

4 more replies
Relevance 59.04%

Now I can't access this site on another computer because I get the message: Avast Web Shield has blocked access to this page because the following certificate is invalid, SS1278353 Cloudflaressl.com. I've run the Avast software, Malwarebytes, Adwarecleaner, and 360 Total security to no avail.

What's up?
 

More replies
Relevance 59.04%

I really like Avast AV very much. I have a question about the Web Shield part of the program. On the program itself, generally 6 of the 7 modules are running. I do not have Outlook or MS Exchange so for that area the program says, "The Program is Waiting for a Subsystem to Start." (or something like that.)

About once a month, maybe twice a month, I will notice 5 of the 7 providers running and the program will have one of the Web Shields running. However, it will say, "The Program is Waiting for a Subsystem to Start." (instead of saying, "The Provider is currently running." The funny part is that when I go to webpages and do a check, the Web Sheld is still scanning them. So on the Web Shield thing, what is Avast waiting for?

This is a common issue with the program based on Internet Searches. I don't know if this is a bug or the way that Avast 4.8 works. Can you also provide information about the two different shields that the program uses? One is the Web Shield, the other is called the P2P Shield.

The updates are working fine. Oh, it hasn't happend often enough, but so far the only way that I can get the Web Shield back to not saying, "The Program is Waiting for a Subsystem to Start." is to do a reboot.

Jack
 

Answer:Question About Avast 4.8 AV Web Shield?

Go to control panel and uninstall avast, when you try it it will display 4 choises choose repair.
Webshield scans scripts, cookies such stuff from yout browser.
And psp shield scans files downloaded from utorrent, limewire you can see them all if you right click avast icon choose on access protection contol psp program-customize.
 

2 more replies
Relevance 59.04%

Hello everyone I have a problem with my Toshiba laptop. Avast! Pro Antivirus keeps popping up from down right corner of my screen saying that Avast Web shield blocked malwarius web page or file. It's popping up literally every second and i need a solution how to stop this and remove viruses if I even have them. ( I already looked on web for solutions and everyone is saying different so i don't want to mess it all up).Edit: Topic moved from Windows 7 to AII ~ Computerxpds

Answer:Avast web shield problem, need help!

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

1 more replies
Relevance 58.22%

Hi everyone,

new beta version 17.5.2298 is released.

What's new:
- Tiny Firewall for blocking EternalBlue exploit - (internal) It is a part of StreamFilter, turned ON/OFF by Online Shield
- internal fixes

As many of you are aware Avast and AVG are 1 company now. Cause development of 2 different UIs takes different time, in this beta we introduce Ransomware shield in AVG beta now. You can expect Ransomware shield in Avast in next betas.

If you wanna try Ransomware protection in AVG build, check this link:
- AVG Antivirus Beta 17.5.3017

Download links:
BETA testing - Overview & Download links
 

Answer:Finally,the ransomware shield in avast

Good, but why they need a whole new tiny shield for stopping an exploit and this has to go through beta and be delivered after tests!? There are firewalls for blocking ports like the Windows Firewall and the Avast one in paid solutions. Maybe it is a sign that they need something like Norton's IPS?
 

3 more replies
Relevance 58.22%

Thanks for your time.

I just installed Antivir and felt naked without a web shield, so I reinstalled everything in Avast! except the standard shield.

In theory, this should work, however the apps froze on startup, so I set Avast! to launch after all other applications load and they seem to like each other now.

What I'm here to ask is whether this should theoretically cause any problems.

Please don't reply with, "OMG YOU ONLY NEED ONE ANTIVIRUS" because I am only running one antivirus. My reasoning for running both apps is so that the Avast! web shield will take effect during browsing, and Avira will handle everything locally. The issue I have with using Avast! for everything is that it seems to constantly scan all my files, without letting me set it to just "scan on application read/write" which causes major slowdowns.
 

Answer:Antivir + Avast (Web Shield Only) Compatibility

Wow no one has any experience with this pairing? That's amazing.
OK thanks anyway.
 

1 more replies
Relevance 58.22%

Hello!

Brand new computer (well, used, but new to me) and the same old virus problems.

The Avast Behavior Shield turns itself off every time I hit "Connect" on VZAccess manager during the last 24 hours. Avast does warn me that it's off and I click it back on manually. Says it's back on, but I have my doubts.

Particularly as when I tried to surf eBay, the website suddenly thought I lived in the Czech Republic. Yeah, I've changed my eBay password and my PayPal on a friend's clean computer already.

So here's the DDS log with the ATTACH, err, attached.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.18377
Run by Lois at 19:58:07 on 2017-05-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2302.1316 [GMT -7:00]
.
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus *Disabled* {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\s... Read more

More replies
Relevance 58.22%

i'm having some problems with my broadband but have just notice that my avast is not running. whenever i try to start it up it says" unable to reach file system shield. shield unreachable. how can i get it going again, thanks

Answer:avast smart shield not running

an happen with a corrupt update. rmove avast with the removal tool click here and reinstall.

1 more replies
Relevance 58.22%

I recently went from Avast 4.8 to Avast 5 and am pleased with the new version. I note that it has a Behavior Shield and can't recall if the earlier version also had. What I would like to know is this: does the Behavior Shield make Threatfire, which I also use, redundant?

Unfortunately, although I tried to glean an answer from Avast's Help Center, I do not know enough about computers to know what the description there of the Behavior Shield amounts to: it 'monitors all activity on your computer and detects and blocks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.'

I have XP, SP 3.

Thanks in anticipation.

Answer:Avast 5's Behavior Shield and Threatfire

Behavior shield - monitors all activity on your computer and detects and bloxks any unusual activity that might indicate the presence of malware. It does this by continuously monitoring your computer's entry points using special sensors to identify anything suspicious.avast! 5.0 Quick User GuideThreatFire monitors your machines activity and uses an intelligent behavioral engine to alert you about malicious behavior rather than rely on signatures. - How ThreatFire WorksAs such there will be some redundancy using both but their technology is different and therefore, what is detected may vary.

2 more replies
Relevance 58.22%

Every time I open firefox, a window or tab I get a frightfully well spoken lady telling me a threat has been detected. I've run malwarebytes (4 PUP detected and removed) and scanned with Avast (no problems detected). Only intrusion found recently is homepage hijacked by search engine which is OutBrowse sp4 but can't find it in programs (control Panel) to remove it. Any ideas pls?

Answer:Avast Web Shield threat detected

Take a read here - there is a LINK to download AdwCleaner which should be able to remove it.
outbrowse removal guide

2 more replies
Relevance 58.22%

Last April, a gentle person from Europe helped someone with this same problem.  I tried to follow the advice, but find I need some help. What I've done: 1)  Run Malwarebytes software daily.2)  Uninstalled Avast and reinstalled it.3)  Installed IE 11.4)  Have trouble with downloads.  I get Current Security settings do not allow download.  I've gone into Internet Options and attempted to change all settings to allow file downloads.  I accomplished this once, but then it does not last.5)  I've run Tweaking.com, Windows Repair All-in-one. The Avast Web Shield is still popping up. Thanks for any help!Edit: Moved topic from Windows 7 to the more appropriate forum.~ Animal

Answer:Avast Web Shield notifications appear constantly

Please run the following scans in the order they appear.
 
Please run Malwarebytes AntiMalware
 
Please download Malwarebytes Anti-Malware.  After clicking on the link the download will start automatically.
 
1)  Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.
 
2)  Malwarebytes will automatically open.  If this is the first time you have run this version of Malwarbytes you will see an image like the one below.
 

 
Click on Update Now, after Malwarebytes is updated click on Scan.
 
If this isn't the first time you have run this version, then you will see an image like the one below.  Click on Scan
 

 
You will be prompted to update Malwarebytes, to do so click on Update Now.
 
 
 
3)  The scan will automatically run now.
 

 
 
4)  When the scan is complete the results will be displayed.  Click on Quarantine All, then click on Apply Actions
 

 
 
5)  To complete any actions taken you will be asked if you want to restart your computer, click on Yes
 
 
 
6)  Please post the Malwarebytes log.
 
To find your Malwarebytes log,download mbam-check.exe from here and save it to your desktop.
 
To open the log double click on mbam-check.exe on your desktop.  When the log opens, scroll down toward the bottom of the log to Quarantined Items. &... Read more

3 more replies
Relevance 58.22%

Greetings all! I apologize if this isn't the right place for this! I'm trying to help my boss get his computer squared away and I'm having issues with Avast Web Shield popping up constantly. As of the typing of this message, it seems to have slowed down a little bit, but I want to make sure the problem is solved and that there is not going to be any issues going forward for him!
 
I would try to do something myself, but every time I've searched anything online about this, it says that every case is different and that solutions only work in that particular situation.

Answer:Avast Web Shield Working Overtime

You have the option to turn off the Web Shield permanently according to the info in link below.
Turn Off (Disable, Pause) Avast Antivirus 2015
 

1 more replies
Relevance 58.22%

Hello,

My son got into some bad stuff which led me to this forum a few months back. After some research I went with Avast Anti Virus (free version), Malware Bytes (paid version), and Comodo Firewall (free version). I have had a lot of slow behavior when surfing and doing email. The cursor is unstable and I cannot type things without a long wait. I turned of the Avast Behavior Shield and everything is a lot better. What have I lost turing off this feature? There are still several other Avast Shields running along with the Malware Bytes and Comodo.

Any suggestions? Should I try a different AV program?

Thanks,

Dave

Answer:Avast 5 Behavior Shield Slows Down XP?

hello daveplaysbass,The behaviour shield is a bit of a mystery! There's quite a few questions about it on the Avast forums and no real answers. I think the guys on there have been waiting for months for a 'promised' explanation from an Avast official. Found out a few things tho. This is a quote from an interview with a Avast official ...."The Behavior Shield that we shipped in version 5.0 is a new component that is going to be further developed moving forward. For example, in version 5.1, we will be adding more sensors that will allow for even finer-grain filtering.For now, the Behavior Shield is focused on exploits coming via typical mechanisms (browser, PDF reader, and flash vulnerabilities, for example). It also closely monitors all kernel-mode code (drivers) loaded into the operating system, and is able to detect zero-day rootkits."So whilst it's new and not operating at it's fullest potential, it still is an important part of Avast!It's not supposed to use hardly any system resources, but a few people have had problems with it conflicting with other software. One person had the problem of it conflicting with the 'Payed' version of Malwarebytes. And thats interesting because my set up is the same as yours, Avast(free), Comodo firewall(free) but i have the Free version of Malwarebytes, and i have no problems with conflicts.Its worth checking to see if there's any information in the Behaviour Shield report( at the bottom of the Behaviour shield page) in th... Read more

1 more replies
Relevance 58.22%

the behaviour shield is yet not improved....

i still see the shield is not yet fully operational on auto decide it should be able to block atleast 50% of malware beahviour atleast...

i see the behav shield records suspicious events but doesnt block them neither no alerts are displayed....why??

I saw all this in my tests...behav shield records suspicious events but doesnt display a pop-up and neither blocks it....

when avast sees something bad is suspicious is going on it should block it....what's the deal with that??
 

Answer:no improvement in avast 7 for behaviour shield.

Likely Behavior Shield uses heuristics analysis so therefore a file that's known to be malicious/suspicious will popup so for Sandbox feature too.

When its set to ask a behavior popup must shown with the option.
 

24 more replies
Relevance 57.81%

Good day,
 
I've been getting a lot of alert from avast as per the topic title. The specifics of it are as below
 
Object: hxxp://69.65.5.105/ (Changed tt to xx in the URL for obvious reason)
Infection: URL:Mal
Process: C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
 
Avast will keep on alerting me at a very random interval. sometimes as often as once every 4-5 minutes. When I stop the FileZilla Server service, the alert will stop too. As soon as I start the service again, avast will immediately start alerting me again. One peculiar things I have noticed since avast started alerting me on this is that I cannot download any file directly from the browser (Chrome, Firefox) anymore. I started noticing this one when I wanted to download DDS. 
 
Anyway, I've got my hand on the DDS software from another PC. Unfortunately running the software gave me the following error message
 
"DDS is not meant to run in 'Compatibility Mode'. The program shall now exit."
 
Thus I'm not able to produce the logs to accompany this post. By the way, I'm using Windows 8.1 Pro (64-bit). I'm pretty sure I'm infected and any help will be much appreciated.

Answer:Avast web shield has blocked a harmful webpage

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

4 more replies
Relevance 57.81%

S y s t e m I n f o r m a t i o n

OS Name Microsoft Windows 7 Ultimate
Version 6.1.7600 Build 7600
System Manufacturer INTELR
System Model AWRDACPI
System Type X86-based PC
Processor Intel(R) Pentium(R) 4 CPU 2.40GHz, 2394 Mhz, 1 Core(s), 1 Logical Processor(s)
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 27/01/2004
SMBIOS Version 2.2
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Hardware Abstraction Layer Version = "6.1.7600.16385"
Installed Physical Memory (RAM) 1.50 GB
Available Physical Memory 536 MB
Total Virtual Memory 3.00 GB
Available Virtual Memory 1.69 GB

I installed AVAST Free Antivirus Version 5.0.677

Enabled the REAL-TIME SHIELDS (which include 7 options) all listed below:

File System Shield
Mail Shield
Web Shield
P2P Shield
IM Shield
Network Shield
Behavior Shield

I'm only able to enable 6 of the 7 Shields without locking out all internet web page traffic loading.
Every time I enable the WEB SHIELD it prevents any pages loading.

My questions are why, how do I correct it & what exposure does it present not having it enabled???

Any help to resolve these issues would be really appreciated.!
 

More replies
Relevance 56.99%

Can anyone suggest the most appropriate settings for COMODO HIPS so that it would work with Avast behavior shield in tandem?
 

Answer:Avast Behavior Shield with COMODO HIPS. Which settings should I use?

U can use safe mode in comodo hips. It should work realy nice with the behavour shield from avast. Well, i would turn off hips totaly if u use comodo firewall and avast. there is no need for hips.
 

5 more replies
Relevance 56.99%

I get this specific error "avast! Web Shield has blocked a harmful webpage or file
 
Infection: URL:Mal
 
Process: C:\Windows\System32\svchost.exe"
 
Everytime I opened up google, I actually removed avast thinking malwarebytes would remove it, but it didn't. I did multiple threat runs on avast + malware, stuff showed up I got rid of it, yet it's still here. I don't see the error anymore only because I removed the avast, I want to get rid of it could someone help me.
 
I also get something called Nexxtcoup on my google extensions, everytime I remove it, I'll close google and then bam it's back there.

Answer:avast! Web Shield has blocked a harmful webpage or file

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

1 more replies
Relevance 56.99%

Working on a computer with 32-bit Vista. Windows Updates appear to be stuck - any updates are rolled back with the error of them "not being configured properly". Tried Googling and trying individual update solutions, but no luck.
 
PC had Microsoft Security Essentials installed, I removed it and installed Avast. Although Avast installs, the Web shield appears to be permanently disabled.
 
I have run Adwcleaner, Malwarebytes Anti-malware and Eset online scanner.  A few low-level threats were found and cleaned, but nothing has changed with the symptoms above.
 
Thanks for the help!
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016 01
Ran by Shari (administrator) on P2JOFFICE (21-03-2016 11:16:46)
Running from J:\
Loaded Profiles: Shari (Available Profiles: Denise Pauls & Shari)
Platform: Windows Vista ™ Home Premium (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST ... Read more

Answer:Vista not accepting updates & blocking Avast web shield

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the LogFile button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleanerCx.txt (x is a number).===I need more information. Please run this tool.Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Pleas... Read more

16 more replies
Relevance 56.99%

Hello I'm having problems with the Avast! web shield popping up very often and have no idea what to do. Pop ups go along the line of
 
Avast Web Shield has blocked a harmful webpage or file.
  Object:  htp://filesonlinehere.com/sync/?rmbs=...
Infection:  URL:Mal
Process:  C:\Program Files (x86)\...\chrome.exe
 
I have posted the DDS log below
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 10.67.2
Run by LEOLEOLEOLEO at 1:06:42 on 2015-01-11
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8141.4816 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Please download AdwCleaner by Xplode onto your Desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Click the Report button and the report will open in Notepad.IMPORTANTIf you click the Clean button all items listed in the report will be removed.If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click the Scan button and wait for the process to complete.Check off the element(s) you wish to keep.Click on the Clean button follow the prompts.A log file will automatically open after the scan has finished.Please post the content of that log file with your next answer.You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).===Download the version of this tool for your operating system.Farbar Recovery Scan Tool (64 bit)Farbar Recovery Scan Tool (32 bit)and save it to a folder on your computer's Desktop.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first t... Read more

11 more replies
Relevance 56.99%

Hello, Thanks for being there for us.
I have a problem with my computer. After downloading a PDF file which instead of opening, suddenly disappeared and I cannot locate it. From there on whenever I open Firefox or iexplorer, Avast starts alerting me that it’s blocking a harmful website or file. Although these alerts stop when I go offline and so far the computer is running properly. Kindly assist me to fix this problem.
 
Thanks alot.
 
Taha

Answer:Avast web shield blocking harmful website whenever i go online

Hello Taha,please run a FRST scan to start with:Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

9 more replies
Relevance 56.99%

Hello!
 
I installed Avast recently and have the premium trial version of it at the moment. Every so often, there's a notification that pops up with "Avast! Web Shield has blocked a harmful webpage or file", and some random website. It notifies that it's running through Chrome even when I'm not currently running it (I'm mostly using Firefox). I believe my computer may be infected because I started seeing ads that appear normally where they shouldn't (with a description like ads by deall2ddeualit), and some Firefox addons that enabled these ads that were installed without me knowing about it.
Somewhat related, I allowed a scan from Avast of the computer files while it was booting up and accidentally unplugged the power which turned off the computer mid scan. When I booted it up again, I was entered into something like a temporary account where all my saved documents were pretty much gone. After another reboot, it did the same thing except now it stated that the copy of windows was not genuine. And after a third reboot, everything seemed restored. However, it feels as though start up is somewhat slow now. I'm not quite sure what happened here.
I'm not quite sure where to start, but I believe I need to provide a log? How do I go about doing that?

 

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545315 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

2 more replies
Relevance 56.99%

Good Day
 
I have an Avast Premier antivirus
and recently this pop-up has been coming up frequently(actualy starting to be annoying now)
I have done a full scan and nothing seems to help.
I have attached the logs i ran with DDS
help would be apreciated,
thanx
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.67.2
Run by user at 9:02:46 on 2014-08-08
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.1954.340 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explor... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello tonata I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

15 more replies
Relevance 56.99%

I'm sure you've seen these topics before...
I need some help about the constant popups avast has given me FOR EXAMPLE
 
Avast Web Shield has blocked a harmful webpage or file.Object:  htp://filesonlinehere.com/sync/?rmbs=...Infection:  URL:MalProcess:  C:\Program Files (x86)\...\chrome.exe
 

 
If there is anything I need to provide, please elaborate and I will be grateful to supply it

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

18 more replies
Relevance 56.99%

For a week, I have been getting constant alerts from Avast!, and since I updated Malwarebytes, it is also giving me alerts.
 
Avast! Alert: 
Avast! Web Shield has blocked a harmful webpage or file.
Object: http://brozblagrom-c2.com/online/526 (This changes with ever new alert popup, usualy 6 or more will show up at once)
Infection: URL:Mal
Process: C:\Windows\System32\svchost.exe
 
Malwarebytes Alert: 
Malicious Website Blocked
Domain: forteen-meters7.me
IP: 5.45.6.199
Port: 50271
Type: Outbound
Process: C:\Windows\System32\svchost.exe
 
 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.45.2
Run by Kistoway at 16:17:04 on 2014-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3564.1531 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microso... Read more

Answer:Avast! Web Shield has blocked a harmful webpage or file

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/539339 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

11 more replies
Relevance 56.99%

So basically I only installed the behavior shield from the avast installation wizard. I was thinking having Kaspersky as my main AV along with avast's behavior blocker is a good set up. However, admittingly I am a novice, and I don't know if these two will clash. So far, everything seems to be going smoothly, but the WD notification icon is displaying that X and is saying I shouldn't have more than one AV installed. Thanks.
 

Answer:Using Kaspersky free with only Avast Behavior Shield installed.

I personally think it should work ok running these 2 programs if Avast is only enabled for behavior blocking.
 

20 more replies
Relevance 56.99%

Every time I click on the Account hyperlink to access my YouTube account on YouTube Avast Network Shield blocks the attempt. This is obviously a false alarm but I don't see a option to edit it's block list or to make a exception though I see it for the Web Shield. Is there anyway to fix this or do I have to pause it each time I want to access the account page on YouTube because thats the only thing that works.
 

Answer:Avast Network Shield Blocks YouTube/Account

Outlawstar15a2 said:





Every time I click on the Account hyperlink to access my YouTube account on YouTube Avast Network Shield blocks the attempt. This is obviously a false alarm but I don't see a option to edit it's block list or to make a exception though I see it for the Web Shield. Is there anyway to fix this or do I have to pause it each time I want to access the account page on YouTube because thats the only thing that works.Click to expand...

You're not alone, see Avast forum. Avast has acknowledged the problem and an update should be available soon.
 

1 more replies
Relevance 56.99%

Q. 1.There is a Heuristic Scale and Test Whole file box in File shield.
Should I Scale up it to high (from normal) and check the "Test whole File" box, for better protection?

Q 2. There are two tabs in File Shield settings, "Scan when opening" and "Scan when Writing"
Should I tick the Scan All files in both Opening and Writing for better Protection? (It will scan all files that are being opened or written in the system but there will be negative impact that IDC)

Q. 3. Should I tick "All Packers" or go with Default packers.

Q. 4. Should I activate Avast Aggressive Hardened mode because I don't like Voodooshield as it shows its Pro Version Advertisement in every Startup which is too much annoying for me.
 

More replies
Relevance 56.58%

Hi there, My laptop and i are in deep trouble. 2 days ago, i was trying to download a game from the internet and it got me to this. i was opening a lot of links and pages, installing and uninstalling a lot of stuffs and right now, im in big trouble. There is an ads keep popping up on the bottom right corner of my desktop, and it keep on popping up throughout the day. at first it was a chinese game ads and then it becomes a chinese shopping ads and others. it pops up everytime i turn on my computer, and i wasnt even on the browser and it pops up. soon after that, my antivirus which is avast keep on giving this message 'Avast! Web Shield has blocked a harmful webpage or file URL: hxxttp://js.union001.com/PClick.aspx?AID=19927&KEY=CF3C8B99B339869B0A2895A79B102D884535DEAF40EC8624Infection: URL:MalProcess: C:\Program Files (x86)\t_201601210117\201601210117\lsas.exe.it is so annoying and i dont know how to fix this. I have read through some of the forum here, but still i do not understand what should i do first. would someone please help me. i do not wish to format my laptop please. im running windows 7 X64bit. im very grateful if someone could provide me steps by steps instruction so that i could catch up on what to do and im new here. thank you very much for any of your help.

Answer:'Avast! Web Shield has blocked a harmful webpage or file' with ads keep popping

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

6 more replies
Relevance 56.58%

Cleaning up my daughters computer - Dell Vostro 260 - Intel I5-2400, 4GB RAM, Windows 7 Home Premium 64bit.
 
Ran Malwarebytes, adwcleaner and CCleaner.  Installed avast free and ran boot time scan.   
 
Now receive continuing popups from avast stating:
 
avast! Web Shield has blocked a harmful webpage or file. 
Object:  hxxp://on-bend.com/b/opt/CB8F9...............
Infection:  URL:Mal  Process: c:\Windows\explorer.exe
 
Also appears that MS Update does not work and some downloads are being blocked.
 
Ran DDS as directed.  Only produced Attach.txt file (Below).  Rechecked and the DDS.txt box was checked - reran but did not produce this file.
 
Thanks in advance!!
 
********************************************
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/10/2012 10:44:31 AM
System Uptime: 1/7/2005 6:12:05 PM (83176 hours ago)
.
Motherboard: Dell Inc. |  | 0GDG8Y      
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz | CPU 1 | 3101/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 332.036 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C6300 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C6300 series
PNP Device ID: ROOT\I... Read more

Answer:avast! Web Shield has blocked a harmful webpage or file - explorer.exe

Hi there,this is malware for sure. Please run the following scans:Step 1Please download TDSSKiller and save it to your Desktop.Start tdsskiller.exe with administrator privileges.Accept the EULA and the KSN Statement.Click on Change parameters.Make sure that all available options (except "Loaded modules") are checked and click OK.Click on Start scan.If any threats are found don't delete them but choose the Skip option for all of them.Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).Copy and paste its contents in your next reply.Step 2Please download Farbar Recovery Scan Tool and save it to your Desktop.(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply.

11 more replies
Relevance 56.58%

Hi, My laptop keeps getting a popup from avast stating this below Avast web shield has blocked a harmful webpage or file Object:  http://weath4us.info/qOxXS:f<GM///Infection:  URL:MalC:\users\joseph\AppData\Roaming\CrashRep\GUP.exe Joseph is the user of this laptop.  This popup come up whether I'm browsing the internet or just on my desktop in word or something similar.  I have run spybot and only thing it finds is Browser:cache for internet explorer.  I have windows 10 home on a Toshiba Satellite.  What do I need to do?  Do I have a virus on my laptop? Thanks,Joseph   Here is the log info  --------------------------------------------------------------------------- SecurityCheck by glax24 v.1.4.0.32 [01.11.15]WebSite: www.safezone.ccDateLog: 24.12.2015 00:27:43Path starting: C:\Users\Joseph\AppData\Local\Temp\SecurityCheck\SecurityCheck.exeLog directory: C:\SecurityCheck\IsAdmin: TrueUser: JosephVersionXML: 2.20is-21.12.2015___________________________________________________________________________Windows 10(6.3.10586) (x64) Core Lang: English(0409)Installation date OS: 21.12.2015 01:01:20LicenseStatus: Office 15, OfficeO365ProPlusR_Subscription1 edition Timebased activation will expire :84194 minutesLicenseStatus: Windows®, Core edition The machine is permanently activated.Boot Mode: NormalDefault Browser: C:\WINDOWS\system32\LaunchWinApp.exeSystemDrive: C: FS: [NTFS] Capacity: [... Read more

Answer:Avast Web Shield has blocked a harmful webpage or file.... am I infected

Uninstall Spybot from your machine. Then Download Security Check to your desktop, right click it run as administrator. When the program completes, the tool will automatically open a log file, please post that log here in your next post.
 
Adware Cleaner Scan.
 
Please download AdwCleaner by Xplode onto your desktop.
Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
JRT Scan.
Please download Junkware Removal Tool and save it on your desktop.
 
Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log is saved to your desktop and will automatically open.
Please post the JRT log.
 
Adware Removal Tool Scan.
 
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.
 
 

 
Hit Ok.
 

 
Hit next m... Read more

5 more replies
Relevance 56.58%

I keep getting messages from avast saying it is blocking a webpage or file. My task manager shows there are a lot of processes running. My computer is acting really slow now, and it started making buzzing noises, and on startup the fan is making an incredible racket as well. Malwarebytes hasn't found anything. What should I do? I saw other people post, but there were warnings not to repeat these things. 
 
Each warning has three fields, object: infection: and Process: 
usually says http;//f0fff0...... or fa8072 or maybe go.wymedia
 
infection is always url mal
 and process is generally windows syswow64/dllhost or program files....iexplores/exe

Answer:Avast popup - web shield has blocked harmful webpage or file

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

20 more replies
Relevance 56.17%

avast free with online armor or upgrade avast? is it worth upgrading avast cos i dnt feel people should have to pay others jsut to protect there computer
 

Answer:Avast Free with Online Armor or Upgrade Avast Internet Security?

i suggest 360TS+OutPost firewall.
 

7 more replies
Relevance 56.17%

Confuse between Avast Free and Avast Internet Security .. In terms of memory usage. Which will use less CPU and RAM?
Can you help me?
 

Answer:Avast Free and Avast Internet Security ( in terms of memory usage )

I know that the free version is light weight but Internet Security may be higher considering that it uses a firewall and various other stuff. But to be honest I have no idea. I would recommend trying to trial version of Internet Security and see how it does and then try out the free version.
 

6 more replies
Relevance 55.76%

I have a problem similar to this post ( http://www.bleepingcomputer.com/forums/t/531503/avast-web-shield-has-blocked-a-harmful-webpage-or-file-coming-up-all-the-time/ ) and was hoping for some help.
 
2 or three days ago I started having frequent messages from Avast! about harmful pages. 
Ex. http://tinypic.com/view.php?pic=mt76m0&s=8#.U5n3YfldWSo
 
 
The gist of the message is:
 
Object: hxxp://getmeegan.info/?e=svon&publisher=1091&dd=4&country=US&ind=531952001116606
 
Infection: URL:Mal
 
Process: C:\Windows\System32\svchost.exe
 
Avast! takes me to this page when I click more details on the pop-up: http://tinypic.com/view.php?pic=epoho6&s=8#.U5n4VPldWSo
 
The messages information have been consistent, the same Object, Infection type, and Process.
 
 
My laptop has been fine except I get constant messages from Avast causing me to worry.
 
Thank you for reading this.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.55.2
Run by Mumsie at 12:14:48 on 2014-06-12
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files (x86)\Launch Manag... Read more

Answer:"Avast! Web Shield has blocked a harmful webpage or file" coming up frequently

Hello and welcome to Bleeping Computer! My nickname is Pystryker , and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with youIf you are receiving help for this issue at another forum, please let me know so I can close this thread.Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.Please read through my instructions carefully and completely before executing them. I will lay the instructions out in a step by step order to make them easy to follow.Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.Please make sure you (if you are able) to print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may in... Read more

2 more replies
Relevance 55.76%

Hello! Hope I'm in the right place!
 
Last night I was just playing RuneScape and had two safe webpages open, when suddenly my computer restarted on its own for no reason. After restarting, I logged back in and now my Avast! keeps popping up saying that it has blocked a malicious URL, even when I'm not using the internet. Here is what it says:
 
avast! Web Shield has blocked a harmful webpage or file
 
Object: (Various, I will post pictures)
 
Infection: URL:Mal
 
Process: C:\Windows\System32\svchost.exe
 
I have ran Malwarebytes, Rkill, aswMBR, and Avast, all have come up clean except Malwarebytes, I will post my logs for aswMBR and Rkill as I do not know how for Avast! and every time I try to export my log for MBAM it keeps crashing. 
 
This isn't affecting my computer's performance, other than the MBAM thing, but it is very annoying and I hope someone can help me solve this issue. 
aswMBR log: aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-04-17 22:32:39
-----------------------------
22:32:39.365    OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:39.365    Number of processors: 4 586 0x2A07
22:32:39.366    ComputerName: DAVIDSIMON-PC  UserName: David Simon
22:32:41.122    Initialize success
22:32:43.930    AVAST engine defs: 14041703
22:32:56.680    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:32:56.... Read more

Answer:"Avast! Web Shield has blocked a harmful webpage or file" coming up all the time

Hello,
 
 
I think that you have Zekos (Pigeon) on board:
 
 * C:\Windows\System32\rpcss.dll : 515,072 : 11/20/2010 11:24 PM : d8d58144e133b0d429b69671f1300cb2 [NoSig]
 +-> C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll : 512,000 : 11/20/2010 11:24 PM : 5c627d1b1138676c0a7ab2c2c190d123 [Pos Repl]

 
Your topic should be moved to the MRT area where more tools are allowed.
 
 
Regards,
Georgi

18 more replies
Relevance 55.76%

Just like what is described in these two topics (http://www.bleepingcomputer.com/forums/t/531503/avast-web-shield-has-blocked-a-harmful-webpage-or-file-coming-up-all-the-time/ & http://www.bleepingcomputer.com/forums/t/537505/avast-web-shield-has-blocked-a-harmful-webpage-or-file-coming-up-frequently/).
 
As in the other posts my laptop restarted itself last night and since then whenever I have been connected to the internet I keep receiving notifications from Avast saying that a threat was blocked:
 
Object:http://getmeegan.info/?e=svon&cht=2&dcu=1&cpatch=2&dcs=1&pf=1&publisher=1091&dd=4&country=AU&.....
 
Infection:URL:Mal
 
Process:C:\Windows\System32\svchost.exe
 
The notifications are all the same and come in pairs(two at a time), I have tried following this guide with no luck (http://necroneurology.hubpages.com/hub/How-to-EASILY-remove-the-svchostexe-Trojan)
 
 
If anyone has anytime to help out I would be really grateful.
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17126  BrowserJavaVersion: 10.60.2
Run by k at 0:16:26 on 2014-06-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.64.1033.18.3986.1200 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D... Read more

Answer:"Avast! Web Shield has blocked a harmful webpage or file" constant notifications

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/538830 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

12 more replies
Relevance 55.76%

Hello everyone,
 
LighthouseParty had been trying to help me with my problem and suggested that I would post here as he did everything he could to help. Here is our threat link to see what he tried - http://www.bleepingcomputer.com/forums/t/558159/computer-running-slowly-antivirus-constantly-scanning/#entry3555990
 
I have posted my DDS info below. Thanks for anyone who can help.
 
Eric
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17420
Run by mark at 16:46:36 on 2014-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4343 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\... Read more

Answer:Avast realtime shield constantly pops up infections when connected to internet

Hello and welcome.  Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!Please do not run any scans or install/uninstall any applications without being directed to do so.Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.   Please download Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

18 more replies
Relevance 55.76%

Greetings,

This morning my pc got hit with this awful trojan called "Security Shield"...which has led to browser / search hijacks, Microsoft Security Essentials being disabled and unavailable to restart, and even an annoying flashing Windows login screen that prevents me from putting in my login password if I lock my pc.

Here is the DDS log and I've attached ark.txt and attach.txt.

Thank you for your help!

art_vandelay
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by glindholm at 9:53:50 on 2012-08-07
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3977.1251 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\... Read more

Answer:Security Shield trojan - browser/web hijacking, MS Security Essentials being disabled, etc

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

9 more replies
Relevance 55.35%

I've got something screwy going on with my home WinXP box, and I'm hoping someone here can point me in the direction of a solution to the problem.
I'm running XP Home, Service Pack 2, on a machine with (according to the properties tag) 960MB RAM. I've been running Avast antivirus, and allowing it to update definitions automatically. At the time this incident happened, the most recent update it had acquired was from yesterday morning.
There was a power outage at my house yesterday morning, lasting for ~2 minutes. I powered the system back on after that, and everything appeared to be working; I mention this merely for completeness of information.
The first symptom of my problem occured yesterday afternoon. I heard the little 'ding' sound made by a download finishing, during a time where I had no downloads running, and within a few minutes of this, my system seemed to grind to a halt. Anything I already had running would continue to work, but I couldn't open anything new, including the windows task manager, nor could I get new pages to load in the copy of Firefox I was running. I was planning to visit my parents' house at that point, so I powered the system down and took it with me. I had to manually power the system down (done via the on/off switch just above the power cable socket); the attempt to shut the system down fell victim to the same halt as everything else.
For the record, I may have had Spider Solitare up when I heard the ding, an... Read more

More replies
Relevance 55.35%

I have looking at my network shield in Avast! Pro. I've noticed that whenever I open save file prompt I see http://127.0.0.1.:5357/767aa349-1aa1...-01eb939773ce/ spike.
It does not indicate infection and just goes on, is this stuff normal?

Malwarebytes doesn't see anything wrong. I generally get a http://192.168.1.1:5678/igd.xml spike precedes the 127... spike

Avast boot scan also finds nothing
Typing http://127.0.0.1.:5357/767aa349-1aa1...-01eb939773ce/ into Run gets "Bad Request - Invalid Hostname

HTTP Error 400. The request hostname is invalid."
Can anyone else on Win 7 Home Premium 64-bit try this for themselves?

Open a save file prompt and look at your network shield at the same time and see if that connection or a similar connection shows up.

I don't seem to have any weird issues otherwise.

I have attached the DDS stuff

Answer:Weird spike in Avast network shield whenever opening a save file prompt

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help


Quote:




NOTE: We are aware that users sometimes seek help from several Forums at the same time. Unfortunately, this can cause confusion and actually wastes time and resources - yours, ours and other Volunteers across the community. If you have already posted at another Forum, please advise us, or them, and choose just one.




As this issue is being addressed at the Avast forums, this topic is now closed.

1 more replies
Relevance 54.94%

Security Shield 2009 (Total Internet Security) Find Security Shield 2009 at click hereSecurity Shield 2009 gives you the best protection available today. Our Triple Threat Protection is a unique set of technologies that protect against identity theft, confidential data leakage and all Internet threats. Add privacy and parental controls, an integrated firewall, a new and improved interface and much, much more! Powered by Kaspersky Labs technology, Security Shield 2009 has defended against more than 80,000 malicious Internet attacks - more than 200 a day. The volume is unprecedented. To guard against these threats, Security Shield 2009 now offers Triple Threat Protection. PCSecurityShield provides free technical support for The Security Shield virus protection customers as well as all PCSecurityShield products. Security Shield 2008 is Vista Compatible.Automated Hourly Anti-Malware Updates Independent tests show Security Shield is #1 for detecting viruses and spyware. Our Internet Security Lab is world renowned for the fastest response to Internet threats - less than two hours once a threat is discovered. Combined with our standard hourly updates, you're only minutes away from the latest protection directly from the Lab! Intelligent Proactive Heuristics Zero-day exploits can attack and destroy in seconds. PCSecurityShield runs all files that don't match our signature database in a safe, isolated section to check for malicious behavior. This failsafe method checks the code withou... Read more

Answer:Security Shield 2009 (Total Internet Security)

You are not allowed to advertise on here.Even so maybe this review might put folk off.click here

4 more replies
Relevance 54.53%

I haven't used avast for a while so I thought of downloading it and trying.

The other day I was looking to avast 6 features and I came across this feature called as "SafeZone". I clicked it and it switched me to an avast OS. They only include a browser, no my computer or documents. I thought it will be nice to test malware links in it.

Is avast SafeZone good or should I continue with my VMware Win-7 OS to test malwares. I felt no slow down while using SafeZone.

Thanks.
 

Answer:avast! Internet Security 6 - avast! SafeZone

SafeZone isn't meant for testing malware links, nor is it an OS.

The avast! SafeZone is special web browser in avast! Pro Antivirus 6.x and avast! Internet Security 6.x, which allows you to browse the web in a private, secure environment, invisible to the rest of your system.Click to expand...

Sources / Read More

Remember to buy Avast, if you want to continue using Avast! Pro, or Internet Security. Or check to see if there are any license giveaways.
 

2 more replies
Relevance 54.53%

AIS has SecureDNS.

A user in Avast forum mentioned "It is programmed so that it is used, and not your isp or other dns services".

I think during install this should be mentioned that SecureDNS enabled will use Avast DNS instead of ISP DNS or system DNS.

SecureDNS enabled gives randomly "check if the site name entered is correct".

SecureDNS disabled gives no probs.

And this is confirmed. I am checking for past few days.

Anyone with the prob?
And does SecureDNS has malware/phishing protection?
 

Answer:Avast SecureDNS in avast Internet Security?

SecureDNS is design to provide protection against hijacking webpage which translates the web address to IP to determine if its in blacklist + in my view the malware/phishing protection may already incorporate in Web shield so there's no problem if both turn on.
 

2 more replies
Relevance 53.3%

Avast runs my mail through secure ports. Mail and Calendar sees this as "trickery" per its pop up message and won't connect to these ports so, no email on that port, or don't use that security feature of Avast, which I pay for. Solutions anyone?

More replies
Relevance 53.3%

Hello,
I have ran avast antivirus but everytime it does not delete the infected .sys file , as it seems to replicate even if the antivirus deletes it over and over again. In addition, the mail scanner of avast pops up and shows services.exe and svchost.exe sending mail to unknown senders. The computer appears to be slower than usual and often has a hard time booting even in safe mode. the machine is runnning windows xp SP2 and has 256mb of ram. I have no idea how the virus came into the pc as i am not the main user, maybe an out of date java problem?
I hope the information is helpful to see some light on this problem.
P.S windows xp is in french on this computer if it's of any relevance
Thanx a lot in advance!

Here is the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.11.16, on 13/12/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Cy... Read more

Answer:Avast mail scanner shows svchost and services.exe sending mail to unknown senders

Anyone willing to help?
Thank you in advance,
Gonza
 

1 more replies
Relevance 51.66%

running vista just downloaded avg 9 had problem with residents shield not being active even though all components are ticked then it activated after a restart but then e-mail scanner started showing its not active but all components are checked so restarted again then resident shield not working this time so the problem seems to be when one is working the other is not any suggestions how to get them both working at same time please?

Answer:avg 9 resident shield & e mail scanner

Have you tried running another update.[but then e-mail scanner started showing its not active but all components are checked]Maybe if you have scan outgoing mail ticked.Untick it.have you changed any of the settings since you downloaded it.

10 more replies
Relevance 51.66%

hello as the title says these are the only two types f protection i have on my laptop it is brand new and im not sure if these two alone are good enough against all the threats on the world wide web please can you either reassure me or give me any links to other security you might reccomend? it would be very much appreciated thanks alot!
 

Answer:Solved: i have avast anti virus and windows security are these sufficient security fo

That's why we gave you some suggestions in this thread (posts #2 and 3) to boost your security: http://forums.techguy.org/general-security/843100-im-noob-i-need-fire.html
 

2 more replies
Relevance 51.66%
Question: my security shield

i recently got a virus called my security shield. even after the virus was removed i still cant open AVG or window defender when i try i get a message saying operation have been cancelled due to restrictions on this computer......how do i fix this i downloaded hijack this like was recommended by my teacher in college and am now posting it here in hopes to get this problem fixedLogfile of Trend Micro HijackThis v2.0.4Scan saved at 8:07:19 PM, on 9/23/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exeC:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exeC:\Program Files (x86)\LimeWire\LimeWire.exeC:\windows\SysWOW64\DllHost.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exeC:\Program Files (x86)\Windows Live\Toolbar\wltuser.exeC:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exeC:\windows\SysWOW64\DllHost.exeR1 - HKCU\Software\Micro... Read more

Answer:my security shield

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

8 more replies
Relevance 51.66%
Question: My Security Shield

I was following instructions on how to get rid of the My Security Shield virus. I am at the last step where I need to delete a HOST file and replace it with a good one. I am not sure where to go to find the HOSTS files. I have Windows Vista.Thank you!Ok I've found a C:\Windows\System32\Drivers\etc Do I just delete this folder and replace it with the one from your site? It says to delete the file not folder but I don't have a file called that I have a folder with services, protocol, Imhosts.sam, networks, and host_new. Do I delete the whole folder and then when I download the new file I make a new folder???

Answer:My Security Shield

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

2 more replies
Relevance 51.66%
Question: Security Shield

Trying to get rid of this malware using the bleeping computer instructions but am caught up trying to run the malwarebytes setup. I get an error message stating that the mbam-setup.exe is not a valid Win32 application. What do i need to do?

Answer:Security Shield

Hello, did you run RKill first? If you rebooted you need to run Rkill again.Try thisFor XPGo here to Doug KNox's Windows? XP File Association FixesRun 9th down on left... EXE File Association Fix ... the EXE not EML one.FOR VISTAGo to File association fixes for Windows VistaClick the exe boxInstructions:To fix the association for a particular file type, download the corresponding fix from the above links table (Use Right-click - Save as option in your browser to download the fixes). Unzip the fix and extract the .REG file to the Desktop. Right-click the REG file and choose Merge. Note that you need to be an administrator to apply these fixes.

1 more replies
Relevance 51.66%

Hi. I seem to be infected with the Security Shield Virus. I began receiving the pop-up alerts this morning. I followed the instructions at http://www.bleepingcomputer.com/virus-removal/remove-my-security-shield. I ran MalwareBytes, it found 2 small threats and removed them, but I still got the Security Shield alerts after restart. I followed the beginnings of another Security Shield post to maybe quicken the process. Here are the logs from OTL. I tried to run Rookit, but kept getting a termination error. Thank you in advance for any help.OTL.txt LogOTL logfile created on: 2/5/2012 10:44:14 AM - Run 1OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Dalton\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.75 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 41.38% Memory free7.49 Gb Paging File | 5.04 Gb Available in Paging File | 67.33% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 282.46 Gb Total Space | 166.41 Gb Free Space | 58.91% Space Free | Partition Type: NTFSDrive D: | 15.34 Gb Total Space | 2.52 Gb Free Space | 16.41% Space Free | Partition Type: NTFSDrive E: | 99.34 Mb Total Space | 96.77 Mb Free Space | 97.42% Space Free | Pa... Read more

Answer:Security Shield Help

Hello I Would like you to do the following.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the following
Log from Combofixlet me know of any problems you may have had
How is the computer doing now?Gringo

14 more replies
Relevance 51.66%
Question: Security Shield

I got the Security Shield virus. I followed the directions at
www.bleepingcomputer.com/virus-removal/remove-security-shield

iExplore & RKill found and killed a program, but MBAM
did not find anything!
AVG did not find anything, but ESET online did.
my hosts file and IE settings were not modified.

I restarted in normal mode and I no longer get the popups.
Did I get off lucky? or is something still there?
Thanks

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by mikec at 22:01:09 on 2012-02-03
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2583 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:... Read more

Answer:Security Shield

Hi, Welcome to Bleeping Computer.My name is Shannon and I will be working with you to remove the malware that is on your machine.I apologize for the delay in replying to your post, but this forum is extremely busy.Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.Do Not make any changes on your own to the infected computer.Please set your system to show all files.Click Start, open My Computer, select the Tools menu and click Folder Options.Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.Uncheck: Hide file extensions for known file typesUncheck the Hide protected operating system files (recommended) option.Click Yes to confirm.Now, let's look more thoroughly at the infected computer -We need to see some information about what is happening in your machine. Please perform the following scan:We need to create an OTL Report
Please download OTL from here:Main MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Change the "Extra Registry" option to "Use SafeList"Push the button.Two reports will open, copy and paste them into your reply:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease note: You may have to disable any script protection running if the scan fails to run. After down... Read more

7 more replies
Relevance 51.66%
Question: Security Shield

So I got the Security Shield virus or infection. I went to the page to remove it and I followed all the steps. However, when I got to the part that says remove hosts and then download the hosts again, it won't let me save the hosts. An message pops up that says I don't have access because I am not an administrator. I should be able to do cuz I am the administrator. Please tell me what I am doing wrong, I followed all the steps so it should be working?? Thanks

Answer:Security Shield

Before checking hosts file lets check if PC is cleanDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Please download GMER from here(doesnot work on 64 bit OS)http://www2.gmer.net/download.phpTemporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.Now click the Scan button. If you see a rootkit warning window, click OK.When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.Click the Copy button and paste the results into your next reply. DownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here

3 more replies
Relevance 51.66%

My aunt has an older windows xp laptop. She is getting popups from security shield. I read the guide on the site I tried to run MBAM, but it wouldn't let me do anything pretty much.. then I did rkill (after the shield window had already popped up, that was the only way I could get anything to run) and it said it disabled some stuff so I ran MBAM again. it still shows no infected files, but every time I clicked on ANYTHING, the stupid security shield was popping up. I just rebooted the computer and so far it's not showing anything, but MBAM didn't remove anything so I am nervous.. She has left the laptop with me

Answer:ugh. security shield

HI, let's try it this way..Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malwa... Read more

8 more replies
Relevance 51.66%
Question: Security Shield...

Hi Guys

Today I was on a popular sport website and this programme called Security Shield came up and somehow installed itself. I've had a search on here and see it's quite a common problem. Basically I just wanna run by you what action I took and whether i'm likely to be left with any issues still.

I used a youtube video guide to remove it. I downloaded and ran RKill, then Malwarebytes, did the scan and it picked up 2 virues. I wiped them, restarted and here I am now. The thing is, I didn't do this in 'safe mode with networking', I just did it in my normal log on. Is that a problem? Will my PC be completely clear now? I have McAfee and that didn't pick anything up, waste of money!

On one youtube video they said if you get Security Shield on your PC, it means you've probably had a virus/trojan on your PC for a week or two! Is that true as i've used credit/debit cards online in the past fortnight...

Thanks for your help.

Answer:Security Shield...

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

1 more replies
Relevance 51.66%
Question: security shield

How do I get rid of Security shield?
THX

Answer:security shield

Hello and to BleepingComputer.Let's see what we're dealing with here.Please download RKill by Grinler from one of the 4 links below and save it to your desktop.Link 1Link 2Link 3Link 4Before we begin, you should disable any anti-malware software you have installed so it does not interfere with RKill running. This is because some anti-malware software mistakenly detects RKill as malicious. Please refer to this page if you are not sure how to disable your security software.Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed. If nothing happens or if the tool does not run, please let me know in your next reply***************************************************Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download linkIMPORTANT!!! - when you save the file, rename it to something random, such as bubbles.exe This must be done before beginning the download!MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mba... Read more

1 more replies
Relevance 51.66%
Question: Security Shield

Hi All

Newbie here - Sorry if this has been dealt with in previous posts, after some quite considerable reading I'm still at a loss .

I have been hit with the "Security Shield" malware for the second time, first time was last year and the auto removal steps posted in Bleeping Computer fixed the problem.

Well about an hour ago my laptop got hit again, I followed the steps as before, run in Safeboot, run Rkill, Run an updated Malware Bytes delete files found. Rebooted computer and bang samething. What am I missing this time round, is there another way to go about removing this ?

Appreciate any help.

Thanks
Ceanmor

Answer:Security Shield

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resu... Read more

3 more replies
Relevance 51.66%
Question: Security shield

I am running Vista and have security shield issues..Ive tried running RKill and the popup etc have disappeared but now when i go into my quick launch or start program a pop up says i need to set associations ...wondering if this is still security sheild having its way with my computer.Ive run malwarebytes and it detected it and i removed it but still have the same problem.Thanks in advance for any help here..... Twin

More replies
Relevance 51.66%
Question: My Security Shield

HiI am new to the site.Can any one help me remove "My Security Shield" that has attached itself to my computer. It is an absolute pain.Cheers"Happy New Year" to all readersEddy(Moderator edit: post moved to more appropriate forum. jgw)

Answer:My Security Shield

Hello and welcome.Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next replyDo not reboot your computer after running rkill as the malware programs w... Read more

1 more replies
Relevance 51.66%
Question: My Security Shield

Win 7 OS. It looks like I have this new bug. While not completely horrible it's annoying. It won't let me turn anti-virus programs so what would be the first course of action?
 

Answer:My Security Shield

Uh-0h, I must not have included enough information. Is it that the fix is so ridiculously simple that I should be able to fix it myself? @%&*?$!
 

1 more replies
Relevance 51.66%

Hi:

All day I have had this security Shield pop-up informing me about viriuses on my computer, however i have to pay for the service. My AVG anti-virus seem not to be working and when I tried to re-install the AVG anti virus protection, I am getting an error message avgrks 86 sys. stoping system failure. the security shield is happening every minute. What do I do to protect my computer and delete the viriuses that are now on my computer.

Need your help urgently!
 

Answer:Security Shield Pop-ups

What should I do at this time. shutdown and wait. Not sure what is happening.
 

1 more replies
Relevance 51.66%
Question: My Security Shield

I started getting pop-ups from My Security Shield (MSS) saying my computer, Windows XP, and files were infected with a virus, all of the web sites I tried to go to MSS would pop up saying that there was a risk in opening the web page. They could fix the problems for $$$. I ran Sambot Search & Destroy multiple times to identify possible virus and malware, cleaned my computer but MSS just poped up again. How can I remove this?

Answer:My Security Shield

Download the following:Malwarebytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan w... Read more

1 more replies
Relevance 51.66%

According to my wife, she was browsing Google links when she got hit by a virus. She knew the program "My Security Shield" was not legit (in the past I stressed that there are trojans that tries to act like legit anti-virus or anti-spyware but really aren't). She tried to start up AVG, which she knows is legit, but said she couldn't. She immediately turned the computer off, and informed me so I can get to it later.I powered up the computer after getting rid of antennas from the wireless card in the back (in hopes that it doesn't go online), and as soon as Windows finishes booting up, I also immediately disabled the wireless card, so now it is completely offline.A window also came up, titled "My Security Shield". A quick Google search confirms my fear that this is not a legit program. Other things observed: 1) AVG-Free would also not start up for me.2) Unable to do CTRL+ALT+DEL for some reason (so I can't take a look at running processes)3) A "add new hardware" wizard came up, but I canceled out of it - it is possible this is already happening before virus hit, so maybe it has nothing to do with virus. Keeping this short and sweet, but containing enough details before I proceed (I have used bleepingcomputer.com previously to remove virus from my own computer. Hopefully I followed all guidelines posted here http://www.bleepingcomputer.com/forums/topic41987.htmlAnd once again, thanks in advance!

Answer:"My Security Shield"

Update: am following instructions for "My Security Shield" remove as per here: http://www.bleepingcomputer.com/virus-remo...security-shieldWill get back to this thread afterwards with results

17 more replies
Relevance 51.66%

It is a malware that wants me to buy their product, it is a scam.

Answer:how to get rid of Security Shield?

Where is it and what did you try to get rid of it?
If you can run your anti virus. See if you can remove or isolate
Download and run malwarebytes. Try to isolate or remove

18 more replies
Relevance 51.66%
Question: Security Shield

I have been recieving SECURITY SHIELD popups for this program telling me I have 9 malicious programs, 16 viruses, 7 adwares, 1 spyware, and 1 tracking cookie. This pop up keeps telling me I have to purchase their program to get rid of these. Please Help

Answer:Security Shield

Hello and welcome. Security Shield is a rogue anti-spyware program from the same family as Security Tool. This rogue is installed through other malware and fake online anti-malware scanners. When installed, Security Shield will be configured to start automatically when Windows starts. Once started, it will perform a scan of your computer and state that there are numerous infections present on your computer. If you attempt, though, to remove any of these so-called infections the program will state that you first need to purchase it. In reality, all of the files it states are infections are legitimate Windows files. Therefore, do not manually delete any of the files it states are infections as you may cause Windows to not operate correctly. Please follow our Removal Guide here Remove Security Shield or SecurityShield (Uninstall Guide) .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

1 more replies
Relevance 51.66%
Question: security shield

please help me get rid of securty shield w/o alot of technical jargon.Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:security shield

Hi,

You have a removal instruction here http://www.bleepingcomputer.com/virus-removal/remove-security-shield

Hope this help

Max

1 more replies
Relevance 51.66%
Question: Pc Security Shield

Hi to all in cyberspace...wonder if anyone can help...

last week my norton software expired...did a bit of a search and found PC Security ~ in a servy it came out tops and also best value for money / paid by cc and downloaded it all. All seems to be working fine...except the PC on which I downloaded it (my partners desk top) now cannot conenct to the internet.
All very weird / we are wireless in the house, so my email and internet works (hence I can chat to you) his email works...but somehow cannot connect to internet....

Not sure if it is the PC Security software or not, but it's the last thing I changed and then we started having problems....

anyone have any ideas...? would be great to hear from anyone...

thanks
Daisy

Answer:Pc Security Shield

I see that PC Security has something called Internet Lock. Have you checked your settings there? It is possible that it is blocking your internet connection.

Orange Blossom

8 more replies
Relevance 51.66%
Question: my security shield

how do i remove my security shield from my computerEdit: Moved topic from Introductions to the more appropriate forum. ~ Animal

Answer:my security shield

Post that question here

2 more replies
Relevance 51.66%
Question: security shield

I have security shield coming up al the time, it want let me use my own antivirus software I have Advanced system care ProHelp please. I am not very good with computers I am 72 year old female and need help in terms that I can understand. I went to security shield removal but cannot find what they tell me to look for.thank you IngjoeEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:security shield

Take a look here: Remove Security Shield or SecurityShield (Uninstall Guide)

1 more replies
Relevance 51.66%
Question: Security Shield

Somehow my husbands computer ended up with a rogue security program called Security Shield. I have done everything to get rid of it. Rkill won't run because this thing keeps popping up. Please help!

Answer:Security Shield

Hello Melody. I am not sure exacyly how you approached this so i want to try my way,please. Reboot into Safe Mode with Networking How to enter safe mode(XP/Vista)Using the F8 MethodRestart your computer. When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu. Select the option for Safe Mode with Networking using the arrow keys. Then press enter on your keyboard to boot into Safe Mode. >>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
If nothing happens or if the tool does not run, please let me know in your next repl... Read more

1 more replies
Relevance 51.66%

Hi Boopme,

I had the same problem as the lady above. I did everything you mentioned, except at first when I tried using fixreg it said not all of the changes could be made to the registry. After I booted Malwarebytes the Security Shield is still alive and kicking. Any further updates on this problem? Thanks

Answer:Security Shield Also

Hello, I've split you to your own topic here as I feel you 2 are needing different solutions.We need a deeper look. Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Let me know if that went well.

1 more replies
Relevance 51.66%
Question: My Security Shield

I have tried to download RKill, but the virus will not allow me to run the programEdit: Moved topic from Bleeping Computer Announcements, Comments, & Suggestions to the more appropriate forum. ~ Animal

Answer:My Security Shield

Are you downloading the iExplore.exe version?

1 more replies
Relevance 51.66%
Question: security shield

Security Shield is taking over my computer. More and more things are not working and kept shutting down my computerEdit: Moved topic from XP to the more appropriate forum. ~ Animal

Answer:security shield

Take a look here: Remove Security Shield or SecurityShield (Uninstall Guide)

1 more replies
Relevance 51.66%
Question: My security shield

I have gotten a "my security shield" attachment.

How do I remove it?

Bob Bigart
 

Answer:My security shield

You need to run the below and post in the Malware Forum not the Software Forum

READ & RUN ME FIRST. Malware Removal Guide
 

1 more replies
Relevance 51.66%
Question: Security Shield

I followed instructions from the following url:
http://malwaretips.com/blogs/security-shield-virus/
until the end of step 4 (malwarebytes)
the issues that came up are as follows:
1) without internet access, i was unable to download the files myself and had to transfer them via memory stick after downloading on my currently functional computer
2) during step 2, IE never had the option checked for "use a proxy server for your LAN" (i.e. it was already unchecked). Firefox also did not have any proxy server established but I went ahead and clicked on "no proxy". It should be noted that the internet was able to access at that point my proper home page at that point, although I did not do any further web surfing to see if there was continued access to other websites.
3) During step 4, malwarebytes was unable to update (the update would simply "time out"). I went ahead and ran walwarebytes (withou a reboot beforehand, as per the instructions). After running for well over an hour, it detected several infections. Only the first box was unchecked. I checked the box so that all were checked and clicked on "remove selected" -- at that point the program appeared to freeze. I waited for quite a while and went ahead and restarted (in normal mode).
Unfortunately it led me back to right where I started (with security shield pop-ups). I did not complete any further subsequent steps.
Please assist.
Also, of note, when I ran OTL, at the end there was an er... Read more

Answer:Security Shield

Hello ziggy,
While in Normal Mode , are you able to connect to the Internet?

<hr />
Please take note of the below:

I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your com... Read more

18 more replies
Relevance 51.66%
Question: Security Shield

My computer has the virus 'Security Shield' and as I followed the instructions on this website I did everything, but when I run any downloaded version of rkill, it doesn't show that it is finding 'Security Shield' or in fact anything at all! Nor is it found when I run your Malwarebytes thingy and when it asks to be restarted further in the process, Security Shield pops up again.

PLEASE HELP ASAP!!! I've got no real idea what I'm doing except following these instructions and when that's not working I'm getting worried and frustrated!

Answer:Security Shield

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

3 more replies
Relevance 51.66%
Question: Security Shield

My PC has been taken over by this Security Shield. I followed the instruction from (kevinf80) for removal. I ran rkill, then MBAM in safe mode, then re-booted and security shield was still there and would not allow me to re-run MBAM. I downloaded Hijack this, GMER and DDS .

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:50:21, on 12/26/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17106)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-887... Read more

More replies
Relevance 51.66%

I'm using an HP with Windows 7.

I downloaded Firefox from Mozilla's site yesterday and added a few add ons and that was it. Today I had "My Shield Security" take over my computer. I got into safe mode and ran a quick scan with my Microsoft antivirus and it appears to be gone. I also did a system restore to a few weeks back, just to be on the safe side.

Then I got on my internet (via IE) and tried to go to gmail. When the log in page popped up I noticed the favicon was different so I went to Google's main page and it looked normal. Then I clicked gmail from there and it took me to my email without me logging in. When I clicked Account Settings I was logged out.

I cleared my cookies, temp files, etc. and Google still automatically logged me in. I checked some other accounts and I was logged out on some and I was still logged in to my Amazon account, which I thought was weird. Amazon.com also looked like it got a facelift, but when I looked at it on another computer it still had the same design.
So I unistalled IE9 and now I'm on IE8, but I cannot reinstall IE9, it fails every time. None of the problems were solved by doing that either. (In safe mode now, they are all looking back to normal though)
As I'm posting this I am running Malwarebytes AntiMalware. Is that enough or is there something else to totally get rid of that trojan? Microsoft Security Essentials already found and deleted several corrupt files. Will that do the trick? Or do I... Read more

Answer:"My Shield Security" What Now?

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

1 more replies
Relevance 51.66%
Question: my security shield

hi ive tryed all sorts malwarebytes, supperanti spy ware, defogger but what seems to be the problem is my security shield hooks it self to all downloads and clears it self so they cant find it to cleen ??????? ive searched regedit with no sucksess just sucks lol any help would be greatfull

Answer:my security shield

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415362 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies