Doctor9fan

Same for me, removal via the clean up tool & reinstall makes no difference. I wondered whether it was due to MBAM requiring administration rights on startup.

MBAE transferred over fine after the redstone update, had a problem with MBAM not auto starting but then again several of my other programs required either reregistering or an update/service pack to work with AU.

I've had that in the past, pressing ctl, alt delete usually worked for me to 'kick' the screen into showing the desktop. Is you OS up to date with patches etc?

By what you say CS seems to be suggesting that if you have MBAM then you get the full version of anti exploit free of charge, if that was the case then I think they'd publicise that more. A nice thought but tbh I can't see it being the case. If it's true then I think we'd all like to know how to activate the full version of anti exploit.

Usually MBAM requires a ID & Key (or is that for downloaded version only). You may have to contact support.

I looked when I first registered the laptop, even visited via a link on PC specialist's website stating it was for support & downloading driver updates but there's nothing.

Thanks again, these are the specs: PC Specialist Optimus VII V17-960 Gaming Laptop, Intel Core i7-6700HQ 2.60GHz 8GB RAM, 2TB HDD, 17.3" LED, DVDRW, NVIDIA GTX 960M, WIFI, Webcam, Bluetooth, Windows 10 Home 64bit As everything is working fine, perhaps I don't require any updates to drivers, will remove iobit.

Just to download drivers for my new laptop, have checked the official website for it but can't find the driver downloads page/link.

Thanks, is there any alternative to the driver booster/downloaded?

I ran JRT & it removed several files & folders pertaining to iobit driver booster pro, which meant that I could no longer run it. I had to reinstall the program. Is this a false positive?

Having had my license reactivated by support after moving to a new laptop (after the other's motherboard died) I thought that it would make things easier in situations like this to be able to do this via an account. A user would create an account which would be connected to their Malwarebytes programs so that we could remove a licence from a PC & transfer it or renew a license. I'm sure many of the support requests are for help to reset a license so this would free up support for other requests for help.

I receive the notification on Windows 10. Check that the setting has been enabled to show the notification in the program.

I had the same with my license being blocked after upgrading to Windows 10, after being told about only using the license on one computer & explaining that I was using it on one computer & I believed Win 10 upgrade was the problem support unblocked the license. Perhaps you need to contact support again.

Even though your user isn't using IE it'll be on the system as it's built into Windows.

I have the free version running a trial pro version, the icon is under the hidden taskbar icons, there should be an up arrow beside all the tray icons, if you click on that it'll bring up the hidden icons.

Johnny & Jimmy were playing in the schoolyard when Johnny said "My Dad's clever he can blow smoke rings out of his nose". To which Jimmy replied "Well my Dad's cleverer as he can blow smoke rings out of his arse". How do you know? says Johnny to which Jimmy replies "'cause of the nicotine stains in his underpants".

Update: Found that after another restart all the games which I thought had been restored with the system restore (originally checked & the folders & files had been returned) had disappeared as though removed, am downloading all the games again. Laptop is running smoother so I think we can close this thread. Thanks for the help TwinHeadedEagle.

I have rescanned with FRST & have included both files as attachments, defender still says it's enabled even though it is disabled by Norton. FRST.txt Addition.txt

Thanks Firefox, I have started a topic in the malware removal forum concerning potential problems found in my logs & am being assisted there.

Now restored via safe mode.

Tried twice but restore failed, am now trying restore in safe mode. If that fails will try another restore point.

Should I run Zoek again after restore or await your reply saying what to do next?

Yes I noticed it deleted some games of mine.

Here's the log: Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by Virginia on 13/01/2016 at 18:50:53.34. Microsoft Windows 10 Pro 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Virginia\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 13/01/2016 6:54:47 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\AGEIA Technologies deleted successfully C:\PROGRA~3\APN deleted successfully C:\PROGRA~3\Canon IJ Network Tool deleted successfully C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\PCSettings deleted successfully C:\PROGRA~3\RealNetworks deleted successfully C:\PROGRA~3\Skype deleted successfully C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} deleted successfully C:\Users\Virginia\AppData\Local\ActiveSync deleted successfully C:\Users\Virginia\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Virginia\AppData\Local\EmieSiteList deleted successfully C:\Users\Virginia\AppData\Local\EmieUserList deleted successfully C:\Users\Virginia\AppData\Local\NetworkTiles deleted successfully C:\Users\Virginia\AppData\Local\PackageStaging deleted successfully C:\Users\Virginia\AppData\Local\PeerDistRepub deleted successfully C:\Users\Virginia\AppData\Local\Samsung deleted successfully C:\Users\Virginia\AppData\Local\Secunia PSI deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1186474453-134891824-2603582206-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-1186474453-134891824-2603582206-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AGEIA Technologies not found C:\PROGRA~2\Redemption Cemetery - Grave Testimony Collector's Edition not found C:\PROGRA~3\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} not found C:\PROGRA~2\Redemption Cemetery - Grave Testimony Collector’s Edition not found C:\PROGRA~2\Enigmatis - The Ghosts of Maple Creek Collector's Edition deleted C:\PROGRA~2\Redemption Cemetery - Children's Plight Collector's Edition deleted C:\PROGRA~2\MCF - Dire Grove Sacred Grove deleted C:\PROGRA~2\Enigmatis - The Mists of Ravenwood Collector's Edition deleted C:\PROGRA~2\Mystery Case Files - Dire Grove Collector's Edition deleted C:\PROGRA~2\Mystery Case Files - Escape from Ravenhearst Collector's Edition deleted C:\PROGRA~2\Mystery Case Files - Key to Ravenhearst Collectors Edition deleted C:\PROGRA~2\Mystery Case Files - Ravenhearst Unlocked Collectors Edition deleted C:\PROGRA~2\Mystery Case Files - Return to Ravenhearst Original Soundtrack deleted C:\PROGRA~2\Redemption Cemetery - Salvation of the Lost Collectors Edition deleted C:\PROGRA~2\Sherlock Holmes and the Hound of the Baskervilles Collector's Edition deleted C:\PROGRA~2\Dark Realm - Princess of Ice deleted C:\PROGRA~2\Redemption Cemetery - Bitter Frost Collectors Edition deleted C:\PROGRA~2\Mystery Case Files - Return to Ravenhearst deleted C:\PROGRA~3\ProductData deleted C:\PROGRA~3\Package Cache deleted C:\Users\Virginia\AppData\Local\CrashRpt deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScreenSavers deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Halls - Revenge of Doctor Blackmore Collector's Edition deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Escape from Ravenhearst Collector's Edition deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Key to Ravenhearst Collectors Edition deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Ravenhearst Unlocked Collector's Edition deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Return to Ravenhearst deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Return to Ravenhearst Original Soundtrack deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\windows\SysNative\GroupPolicy\Machine deleted C:\windows\SysNative\GroupPolicy\User deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\WINDOWS\SysWow64\AI_RecycleBin deleted C:\Users\Virginia\Documents\Add-in Express deleted C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\um36m0cp.default-1434230614609\searchplugins\safesearch.xml deleted "C:\PROGRA~2\Haunted Legends - The Queen of Spades Collector's Edition" deleted "C:\PROGRA~2\Redemption Cemetery - Curse of the Raven Collector's Edition" deleted "C:\PROGRA~2\Redemption Cemetery - The Island of the Lost Collectors Edition" deleted "C:\PROGRA~2\Haunted Halls - Green Hills Sanitarium Collector's Edition" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\um36m0cp.default-1434230614609 user_pref("browser.startup.homepage", "http://www.virginmedia.com/"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon" [13/01/2016 03:06 PM] [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions] "{C1A2A613-35F1-4FCF-B27F-2840527B6556}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.4.24\coFFAddon" [13/01/2016 03:06 PM] ==== Firefox Extensions ====================== ProfilePath: C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\um36m0cp.default-1434230614609 - Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt - Undetermined - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.0.120\coFFPlgn ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions cjabmdjcfcfdmffimndhafhblfmpjdpe - C:\Program Files (x86)\Norton Security with Backup\Engine\22.5.5.15\Exts\Chrome.crx[05/11/2015 09:30 PM] hkhkiakolggnnicallabhkobalpeplpi - No path found[] iikflkcanblccfahdhdonehdalibjnif - No path found[] ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.virginmedia.com/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.virginmedia.com/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{74F2211B-B651-45BF-8C08-5B2ECA876C6F}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 HKCU\SearchScopes\{74F2211B-B651-45BF-8C08-5B2ECA876C6F} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Virginia\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Virginia\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Virginia\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Virginia\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=58452 folders=9007 15019166008 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Virginia\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 13/01/2016 at 21:17:10.34 ====================== I have rebooted.

Hi all, I was having problems with MBAM not starting when Windows starts so was asked to post logs from FRST program, an advisor mentioned having possible malware/virus problems as well as having problems with running two av software (Norton & Defender) which I thought as Norton disabled Defender was strange, I managed to turn off Defender & get MBAM starting with Windows but am concerned that 'nasties' might be present on my laptop. Windows 10 fully patched/upto date, Norton Security w/Backup fully upto date, MBAM fully upto date. I have run FRST again & attached the FRST & Addition txt files to this post. If someone would check them & if something is found help me remove them, computer not running strange & the only pup I have excluded from detection/removal is for a screensaver installer on an external HD. FRST.txt Addition.txt