Highlighted
verlon54
2 Bronze

fake antivirus popup

Yesterday I was surfing the net and all the sudden I had a popup that said viruses and trojans were on my computer and I need to clean them up. So I went to Cnet.com to AVG antivirus program.  Apparently the virus/malware had haijacked my computer and I wound buying the faux program. When I finally realized what had happen I had to cancel my credit card etc.  For all you out there the people who are running this company are collecting money through CLICKBANK.com. located in Idaho.  My bank called them and supposely they are crediting the money back into my account. We'll see.......  

This what I have done since doing a little investigating I downloaded Microsoft Security Essentials and ran a scan which showed no results.  I tried to download a malware removal tool from Microsoft but that did not work.

 Luckily on 2/16 I used Dell DataSafe and recreated 2 recovery discs. I have Windows defender.  I did have the virus program that was provided with my Studio and I was suppose to get thirty days but it quit working after a couple of weeks. I tried to download a couple of different antivirus programs to replace it but was unable to  due to windows firewall......  Iam really frustrated.  PLEASE HELP!!!![:S

 
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [systray] C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Dell Touch Zone.lnk = C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Unknown owner - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10606 bytes

0 Kudos
28 Replies
7 Gold

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

I tried to download a couple of different antivirus programs to replace it but was unable to  due to windows firewall..
The Windows firewall should not prevent you from downlloading an anti-virus program. Did you completely remove your previous anti-virus first?

Are you able to post a log?

Please Read This Before Posting For Malware Removal Help


Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
topmahof
3 Argentium

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

the exact same program got me.  i restored my system to a previously set point in time and it disappeared.  click programs, accessories, system tools, system restore, and let windows restore your system to a previous time.  you will lose anything that was put on your computer from the restore date to now, but it will get rid of that virus.  just make sure you go back before you got infected.   good luck

0 Kudos
verlon54
2 Bronze

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

I am not sure going to back to a restore point will solve this problem - from what I understand this kind of virus buries itself and is hard to remove.  Everything I have been able to find out about it leads me to believe you have wipe your computer clean and then reinstall Windows.  I am in the process of sending my log so that it can looked over by a tech.  I would probably check more closely because you are not only getting malware but also spyware.  Make sure you make the discs from Dells Datasafe as this will help with the process - I am hoping I will not have to do this but rather be safe than not.

0 Kudos
7 Gold

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

I'm not a Dell Tech, but I can tell you that Hijackthis was not built to run on Windows 7, so that won't be much help. I wish you had told us you were running Win 7 when you first posted. Now that you have edited to include the log, I have a bit more info.

Try a scan with MBAM. * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use the update link mentioned below to manually update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "lookinhere.exe". Copy the installer file and the update file to a CD or flash drive. Transfer the files to the infected computer. Install the "lookinhere.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top.
  • It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully.
  • Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report into your next reply and exit MBAM. We may have to remove this manually if that does not work.

Note:-- If MBAM encounters a file that is difficult to remove,
you may be asked to reboot your computer so it can proceed with the disinfection process.
Regardless if prompted to restart the computer or not, please do so immediately.
Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

-- MBAM may make changes to your registry as part of its disinfection routine.
If you're using other security programs that detect registry changes (like Spybot's Teatimer),
they may interfere with the fix or alert you after scanning with MBAM.
Please disable such programs until disinfection is complete or permit them to allow the changes.

**If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from HERE


Windows Insider MVP 2016 - Present

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
verlon54
2 Bronze

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

Thankyou for your help I follow your instructions  I am posting the results........What should I do now  Thankyou

nternet Explorer 8.0.7600.16385

2/24/2010 11:39:48 AM
mbam-log-2010-02-24 (11-39-48).txt

Scan type: Quick Scan
Objects scanned: 97670
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Windows/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\$Recycle.Bin\S-1-5-21-2372496266-1293665413-2271099843-1000\$RDGPNMW.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Users\wendy\downloads\regtool.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Windows\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

0 Kudos
7 Gold

Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745


We need to see some additional information about what is happening in your machine.

  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.
  • Click Yes at the prompt for Optional Scan.
  • When done, DDS will open two (2) logs
  • 1. DDS.txt
    2. Attach.txt

  • Save both reports to your desktop.
  • Copy/paste both logs to your reply on the forum.
  • Close the program window, and delete the program from your desktop.
  • Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.


    Windows Insider MVP 2016 - Present

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    verlon54
    2 Bronze

    Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

    here are the scan logs you requested


    DDS (Ver_09-12-01.01) - NTFSX64 
    Run by wendy at 12:28:36.70 on Wed 02/24/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4057.2586 [GMT -8:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files (x86)\Dell Touch Zone\fingertapps.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Dell\Dell Mobile Broadband\systray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\vds.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\vdsldr.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\wendy\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uLocal Page = \blank.htm
    uStart Page = hxxp://www.google.com/ig?hl=en
    mLocal Page = c:\windows\syswow64\blank.htm
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
    mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [systray] c:\program files (x86)\dell\dell mobile broadband\systray.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
    mRunOnce: [Launcher] c:\program files (x86)\dell datasafe local backup\components\scheduler\Launcher.exe
    mRunOnce: [STToasterLauncher] c:\program files (x86)\dell datasafe local backup\toasterLauncher.exe
    StartupFolder: c:\users\wendy\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\common files\logishrd\ereg\setpoint\eReg.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellto~1.lnk - c:\program files (x86)\dell touch zone\fingertapps.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
    mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
    mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
    mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
    mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
    mRunOnce-x64: [DSUpdateLauncher] "c:\program files (x86)\dell datasafe local backup\components\dsupdate\hstart.exe" /noconsole /d="c:\program files (x86)\dell datasafe local backup\components\dsupdate" /runas "c:\program files (x86)\dell datasafe local backup\components\dsupdate\DSUpd.exe"

    ============= SERVICES / DRIVERS ===============

    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-2-22 33800]
    R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-9-30 55280]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 164720]
    R1 NvtSp50;Novatel Wireless NDIS 5 Single-Packet Read Protocol Driver;c:\windows\system32\drivers\NvtSp50.sys [2009-7-15 27648]
    R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
    R2 SftService;SoftThinks Agent Service;c:\program files (x86)\dell datasafe local backup\SftService.exe [2009-9-30 656624]
    R2 WMCoreService;Mobile Broadband Service;c:\program files (x86)\dell\dell wwan\wmcore\mini_wmcore.exe servicemode --> c:\program files (x86)\dell\dell wwan\wmcore\mini_WMCore.exe servicemode [?]
    R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Acceler.sys [2009-9-30 23912]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-9-30 172704]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-31 138752]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 40832]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-9-30 5435904]
    R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdgx64.sys [2009-9-30 69152]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-12-19 314400]
    S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-5 135664]

    =============== Created Last 30 ================

    2010-02-24 19:33:43 0 d-----w- c:\users\wendy\appdata\roaming\Malwarebytes
    2010-02-24 19:33:37 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-02-24 19:33:37 0 d-----w- c:\programdata\Malwarebytes
    2010-02-24 19:33:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-02-24 16:45:12 0 d-----w- c:\program files (x86)\Trend Micro
    2010-02-23 07:38:17 0 d-----w- c:\program files (x86)\Microsoft Antimalware
    2010-02-23 07:38:07 0 d-----w- c:\program files\Microsoft Security Essentials
    2010-02-22 22:59:13 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
    2010-02-22 22:59:12 0 d-----w- c:\program files (x86)\Panda Security
    2010-02-22 17:19:32 0 d-----w- c:\program files (x86)\Anti-Virus Elite
    2010-02-20 23:57:00 74471 ----a-w- c:\users\wendy\.recently-used.xbel
    2010-02-20 08:34:33 0 d-----w- c:\users\wendy\appdata\roaming\Reg-Tool
    2010-02-20 08:34:25 0 d-----w- c:\program files (x86)\Reg-Tool
    2010-02-20 06:17:37 0 ----a-w- c:\windows\syswow64\config.nt
    2010-02-20 06:17:17 0 d-----w- c:\programdata\Alwil Software
    2010-02-20 06:17:17 0 d-----w- c:\program files\Alwil Software
    2010-02-11 04:38:48 132 ----a-w- c:\users\wendy\.gtk-bookmarks
    2010-02-09 04:17:44 0 d-----w- c:\programdata\LogiShrd
    2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2010-02-09 04:17:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2010-02-09 04:17:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2010-02-09 04:17:01 190992 ----a-w- c:\windows\system32\BtCoreIf.dll
    2010-02-09 04:17:00 96272 ----a-w- c:\windows\system32\KemXML.dll
    2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\KemUtil.dll
    2010-02-09 04:17:00 235536 ----a-w- c:\windows\system32\kemutb.dll
    2010-02-09 04:17:00 159248 ----a-w- c:\windows\system32\KemWnd.dll
    2010-02-09 04:16:54 0 d-----w- c:\programdata\Logitech
    2010-02-09 04:16:52 0 d-----w- c:\program files\common files\Logishrd
    2010-02-09 04:16:50 0 d-----w- c:\program files\Logitech
    2010-02-05 01:55:49 0 d-----w- c:\users\wendy\appdata\roaming\Dell Touch Zone
    2010-02-05 01:55:47 0 d-----w- c:\program files (x86)\Dell Touch Zone
    2010-02-05 01:42:23 4480 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-02-04 07:29:36 756 ----a-w- c:\users\wendy\appdata\roaming\wklnhst.dat
    2010-02-02 02:32:44 0 d-----w- c:\programdata\CyberLink
    2010-02-02 01:51:25 0 d--h--w- c:\programdata\CanonBJ
    2010-02-01 17:41:01 0 d-----w- c:\users\wendy\appdata\roaming\Roxio Log Files
    2010-02-01 06:40:23 15168 ----a-w- c:\windows\system32\results.xml
    2010-02-01 06:36:07 0 d-----w- c:\windows\syswow64\SDA
    2010-02-01 06:36:07 0 d-----w- c:\program files (x86)\O2Micro
    2010-02-01 06:33:50 0 d-----w- c:\program files\IDT
    2010-02-01 06:31:55 0 d-----w- c:\program files\ATI Technologies
    2010-02-01 06:31:52 0 d-----w- c:\program files\ATI
    2010-02-01 06:28:52 5120 ----a-w- c:\windows\system32\HdmiCoin.dll
    2010-02-01 06:28:52 138752 ----a-w- c:\windows\system32\drivers\IntcHdmi.sys
    2010-02-01 06:26:00 53248 ----a-w- c:\windows\syswow64\CSVer.dll
    2010-02-01 06:25:11 0 d-----w- c:\program files (x86)\Realtek
    2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\Telespree
    2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Zeepe Framework 7
    2010-02-01 06:21:31 0 d-----w- c:\program files (x86)\common files\Telespree
    2010-02-01 06:21:30 0 d-----w- c:\programdata\Novatel Wireless
    2010-01-31 10:04:19 0 d-----w- c:\programdata\NOS
    2010-01-27 17:39:06 389632 ----a-w- c:\windows\system32\winlogon.exe
    2010-01-27 17:39:06 2870272 ----a-w- c:\windows\explorer.exe
    2010-01-27 17:39:06 2614272 ----a-w- c:\windows\syswow64\explorer.exe
    2010-01-27 07:52:34 0 d-----w- c:\users\wendy\.thumbnails
    2010-01-27 07:19:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    2010-01-27 07:02:40 0 d-----w- c:\users\wendy\.gimp-2.6
    2010-01-27 07:02:03 0 d-----w- c:\program files (x86)\GIMP-2.0
    2010-01-27 05:59:44 0 d-----w- C:\Temp

    ==================== Find3M  ====================

    2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll
    2010-01-22 19:54:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
    2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll
    2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe
    2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
    2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll
    2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll
    2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll
    2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
    2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
    2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe
    2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
    2010-01-14 19:12:06 212352 ------w- c:\windows\system32\MpSigStub.exe
    2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll
    2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll
    2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe
    2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll
    2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe
    2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe
    2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll
    2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll
    2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll
    2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll
    2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll
    2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll
    2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll
    2009-12-15 10:35:32 760344 ----a-w- c:\windows\syswow64\igxpun.exe
    2009-12-15 10:35:32 166424 ----a-w- c:\windows\system32\igfxtray.exe
    2009-12-15 10:35:30 510488 ----a-w- c:\windows\system32\igfxsrvc.exe
    2009-12-15 10:35:30 3126808 ----a-w- c:\windows\system32\GfxUI.exe
    2009-12-15 10:35:28 410136 ----a-w- c:\windows\system32\igfxpers.exe
    2009-12-15 10:35:28 390680 ----a-w- c:\windows\system32\hkcmd.exe
    2009-12-15 10:35:28 222744 ----a-w- c:\windows\system32\igfxext.exe
    2009-12-15 10:35:28 152600 ----a-w- c:\windows\system32\difx64.exe
    2009-12-15 10:30:28 91136 ----a-w- c:\windows\system32\igfxCoIn_v2021.dll
    2009-12-15 10:26:42 5968896 ----a-w- c:\windows\system32\igdumd64.dll
    2009-12-15 10:25:06 982224 ----a-w- c:\windows\syswow64\igkrng500.bin
    2009-12-15 10:25:06 982224 ----a-w- c:\windows\system32\igkrng500.bin
    2009-12-15 10:25:06 92292 ----a-w- c:\windows\syswow64\igfcg500m.bin
    2009-12-15 10:25:06 92292 ----a-w- c:\windows\system32\igfcg500m.bin
    2009-12-15 10:25:06 439336 ----a-w- c:\windows\syswow64\igcompkrng500.bin
    2009-12-15 10:25:06 439336 ----a-w- c:\windows\system32\igcompkrng500.bin
    2009-12-15 10:21:26 4499456 ----a-w- c:\windows\syswow64\igdumd32.dll
    2009-12-15 10:16:04 550912 ----a-w- c:\windows\syswow64\igdumdx32.dll
    2009-12-15 10:15:04 4099072 ----a-w- c:\windows\system32\igd10umd64.dll
    2009-12-15 10:12:00 3896832 ----a-w- c:\windows\syswow64\igd10umd32.dll
    2009-12-15 10:08:14 5517312 ----a-w- c:\windows\system32\ig4dev64.dll
    2009-12-15 10:07:26 8129024 ----a-w- c:\windows\system32\ig4icd64.dll
    2009-12-15 10:02:20 4077568 ----a-w- c:\windows\syswow64\ig4dev32.dll
    2009-12-15 10:02:06 6060032 ----a-w- c:\windows\syswow64\ig4icd32.dll
    2009-12-15 09:53:30 377856 ----a-w- c:\windows\system32\igfxTMM.dll
    2009-12-15 09:53:30 27648 ----a-w- c:\windows\system32\igfxexps.dll
    2009-12-15 09:53:28 248320 ----a-w- c:\windows\system32\igfxpph.dll
    2009-12-15 09:53:10 61440 ----a-w- c:\windows\system32\igfxsrvc.dll
    2009-12-15 09:52:44 108544 ----a-w- c:\windows\system32\hccutils.dll
    2009-12-15 09:52:34 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
    2009-12-15 09:52:34 268800 ----a-w- c:\windows\system32\igfxdev.dll
    2009-12-15 09:52:34 119296 ----a-w- c:\windows\system32\gfxSrvc.dll
    2009-12-15 09:52:08 9014784 ----a-w- c:\windows\system32\igfxress.dll
    2009-12-15 09:52:08 142336 ----a-w- c:\windows\system32\igfxdo.dll
    2009-12-15 09:48:30 59392 ----a-w- c:\windows\syswow64\oemdspif.dll
    2009-12-15 09:47:36 226304 ----a-w- c:\windows\syswow64\igfxdv32.dll
    2009-12-15 09:42:44 208896 ----a-w- c:\windows\syswow64\iglhsip32.dll
    2009-12-15 09:42:44 205824 ----a-w- c:\windows\system32\iglhsip64.dll
    2009-12-15 09:42:44 187392 ----a-w- c:\windows\system32\iglhcp64.dll
    2009-12-15 09:42:44 143360 ----a-w- c:\windows\syswow64\iglhcp32.dll
    2009-12-13 09:46:36 960512 ----a-w- c:\windows\system32\CPFilters.dll
    2009-12-13 09:46:36 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2009-12-13 09:46:34 552960 ----a-w- c:\windows\system32\msdri.dll
    2009-12-13 09:30:50 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
    2009-12-13 09:30:50 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
    2009-12-03 17:27:28 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2009-12-03 17:27:28 104480 ----a-w- c:\windows\system32\RTNUninst64.dll
    2009-12-02 08:17:14 716800 ----a-w- c:\windows\syswow64\jscript.dll
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-09-30 23:20:52 75 --sh--r- c:\windows\CT4CET.bin
    2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 05:12:52 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 12:28:48.46 ===============

    0 Kudos
    7 Gold

    Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

    Please post your Attach.txt. Thanks.


    Windows Insider MVP 2016 - Present

    Microsoft MVP - Consumer Security 2006-2016

    Social Media and Community Professional

    0 Kudos
    verlon54
    2 Bronze

    Re: faux antivirus program "Antivirus Elite 5.0" has hijacked my Studio 1745

    http://en.community.dell.com/cfs-file.ashx/__key/CommunityServer.Discussions.Components.Files/3521/4...

    I hope this is what you want - if you need for me to paste in the whole report text please let me know I am keeping an eye on this so I can do whatever as soon as you need it-Thankyou

    0 Kudos