Search:

Yes, it's doing fine! I'm back to the stuff that was happening before the rogue processes... minor stuff that I think is drivers and such. But that's not malware. So, I guess this thread can be...

Yeah, was a whole lot of fun, wasn't it? :laugh: Now, Windows Update has 12 updates waiting for me. Here goes nothing...

That was the fix. I thought we had done something to prevent changes being made by 'other' processes, but I couldn't remember what it was. However, resetting to defaults did what I was looking for.
...

No, it was something you had me do to make sure that default settings for IE weren't being changed by the rogue processes. I can't remember specifically what it was, but I seem to recall opening IE,...

Yeah... If it ain't broke, there's no job security for the repair tech... :lip:

Anywho, still no occurrences of the rogue processes. And just out of curiosity, you had me make a change to...

I was wearing my bulletproof vest... :D: I had thought about the possibility of bringing the original problem back, then remembered that the folder was deleted, so the offending DLL's are no longer...

The entire registry was restored - the whole shootin' match. Like I had mentioned in one of my last posts, this will restore all the 'bad' stuff too... but we know what was removed. The fixlist...

OK... the following is the results of comparing the two registry files. The section "Reg2" is the registry that I was having the problem with. The section "Reg3" is the restored registry that works....

Yes, I did, and I have the backups still available. I thought I had posted this already, but I figured out how to do the registry restore, and all is working well again. The registry key that was...

I know what dancing a jig is all about!

Just out of curiosity, I have something going on now (not related to the original problem!). One of the registry keys seems to have been... corrupted?...

Yes, it was a battle! But, we managed to track it down, and win the fight.



Yes I did, no it's not. I had removed it per your instructions in a prior message. That's when the problem went away....

I did a quick search of the registry, and came up with the colers.dll file in 4 locations. I didn't find the other one that was in the deleted directory, tivesen.dll.
I've attached a file with the...

OK, I think I'm ready to say that the problem is gone. :D:

I'm still curious as to which program was running that called the DLL's that were deleted. I know that's not an easy thing to do. Is it...

The status report for today is... still no rogue processes. :)

It looks like we have the problem under control. Quick question... what program was calling the DLL's? Do I need to remove that...

I have the 2 DLL files isolated in secure storage. Here are the VirusTotal links:


colers.dll
...

So far today, everything looked good. I'm going leave Firefox active for a bit tonight, to see if any rogue processes come up. I'm fairly confident that I won't see any, but, once bit, twice...

Looking good so far. :) If I can go another day or two without the rogue processes, then I'll feel safe saying it's fixed. I'm an electronic service rep for a machine tool manufacturing company, so...

Same here! So far, no rogue processes coming up... still cautiously monitoring...

Yep, that's the one. It seems to be behaving a little better now. I'll be watching closely for a couple of days, just to be sure, and will keep you posted.

I ran the FRST fixlist, here's the log:...

We may be on to something here... I left the computer connected to the internet for a couple of hours, which usually results in my rogue processes starting. So far, (keep your fingers crossed...), no...

Done. Took some fiddling, but I got it. Had to boot in safe mode, then use a utility to remove it - it was marked system/hidden.

I'm going to have to get to that tomorrow...

I did scan the file, here's the link:
...

I'm extremely picky about network security. The tech was actively pinging outbound, and getting valid echo returns, but the ISP servers were getting no response whatsoever from my network. The tech...

I can't find the fixlist that you asked for... I think it was overwritten somewhere along the line. Here's the latest fixlog:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64)...

I had a few bumps in the carpet with some of the information...

The link to the article about the router malware apparently is out of date, it goes to a page with several articles, but the one...

I can't delete the Youtube file with the standard Windows stuff. I ran FRST, SystemLook, and Panda Cloud Cleaner. Here's the Panda log file, and the SystemLook log file:


Malware. FILE:...

The log is posted in message 76.

I'm waiting for a backup to complete before I run Panda Cloud Cleaner, and reinstall of MalwareBytes.

Winvxm was quarrantined, so it wasn't available. Here's the result link for the Youtubeseve.exe file:
...

Did that last night, do you need it again?




Yes, I did. But I still have the problem.

I'll see if the file scan has any results... those files should have been quarantined by MalwareBytes.

I ran SpyBot, and all checks came up clean. Then I ran MalwareBytes... here's it's log:

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/07 10:10:21 -0500</date>...

Firefox just asked me if I wanted to set it as my default browser... again. I set it as my default browser 4 or 5 times a day now.

I also had an AVG detection this morning... see capture16.jpg....

Ok, will do. And, just for info, when I launched Firefox to log on here, it asked me if I wanted to set it as my default browser.


Again.

That's supposed to be an additional security layer from Dell. I'm aware that it's there, but I don't use it (that I'm aware of). It's one of those 'new' things that I haven't had the time to play...

This may help.....

The Enigma_5.32 file is known safe, I have it running on several computers. It's part of the BOINC (Berkley Open Infrastructure for Network Computing) science projects. This particular one is...

Here's the MBRCheck log:


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base...

Fourth group...

Third group...

Second group...

Here's the first group of files. There are a total of 19.

I ran GMER, but I can't get the log file to you. The file is over 44K in length, which exceeds the 20,000 character length for the message. The upload manager is taking forever to upload it, like...

I don't have any alerts or error messages, but I still have the rogue processes coming up occasionally. I was checking a few other forums, and I found one that described almost exactly what's...

I didn't have a 'view DLL's' option... but there was an option to show a lower pane. I used that. There were 3 instances of Iexplore running. 1 appeared to be a subprocess of Firefox (that's the...

There was no IE plugin. I'll have to run Process Explorer tomorrow. Here's the results of the search:


Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-28 20:22:28...

I don't think so... all I need to do is open Firefox and wait. IExplore magically appears in the process list. Internet Explorer is *not* running, but task manager says it is. It's not available on...

Notice with this set of captures, I end up with 3 pages open, and 4 processes running. It started with 1 page and 3 processes, then went to 2 pages and 3 processes, and now I have 3 pages and 4...

The attached files are a sample of how these processes work. This forum had a database connection problem earlier, which gave me a good opportunity to catch a couple of screen captures. I couldn't...

My phone is Android. My son and grand daughters have Iphones, but they don't use any of my computers. The way these processes run, after they get started (usually within a minute or two of starting a...

I didn't even know I had those toolbars. They're gone now. I did keep NetSetMan and Slysoft, both are licensed packages that I've used for a long time on severral computers.

But, I still have my...

That's Dell protected Workspace. As far as I'm aware, it loads on boot.