Sat Feb 28, 2015 8:31 pm by bob
I'd suggest looking through that process list and getting rid of things you don't want/need/recognise.
1st on my hitlist is ProtectWindowsManager and the STab programs A google search shows nothing good about these (it could be wrong of course).
Potential malware:
- Code:
54. ProtectService.exe - Process ID: 2012 (C:\Program Files (x86)\STab\ProtectService.exe) [Admin:NO]
28. CmdShell.exe - Process ID: 3948 (C:\Program Files (x86)\STab\cmdshell.exe) [Admin:YES]
36. HPNotify.exe - Process ID: 3992 (C:\Program Files (x86)\STab\HPNotify.exe) [Admin:YES]
55. ProtectWindowsManager.exe - Process ID: 1596 (C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe) [Admin:NO]
The below can sometime have an effect on your DNS configuration - you should check to see you are connecting using the DNS servers you expect to.
Browser redirects/trackers/hijackers:
- Code:
3. apnmcp.exe - Process ID: 4276 (C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe) [Admin:NO]
37. IdcLdr.exe - Process ID: 1868 (C:\Users\BigD\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe) [Admin:NO]
38. IdcLdr_x64.exe - Process ID: 7040 (C:\Users\BigD\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe) [Admin:NO]
83. TBNotifier.exe - Process ID: 6116 (C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe) [Admin:NO]
Toolbars (unless you really need it).
- Code:
56. SeaPort.EXE - Process ID: 3192 (C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe) [Admin:NO]
And finally, as I wrote in
this post:
bob wrote:FYI:disabling AV doesn't prevent it's filter drivers from loading.
This article covers it in this excerpt:
Most antivirus software uses filter drivers that work together with a service to scan for viruses. These filter drivers are still loaded after the service is deactivated. These filter drivers scan files as they are opened and closed on a hard disk. For troubleshooting purposes, temporarily remove the antivirus software or contact the manufacturer of the software to determine whether a newer version is available.
