Jump to content

Search the Community

Showing results for tags 'removed'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






Found 14 results

  1. when i run maleware bytes it removes my antivirus could anyone tell me how i can stop this as im happy with the anti virus i use totalAV
  2. I have used MalwareBytes for years, I am even an Affiliate (1967). Today I noticed that my product (Premium) was uninstalled. I attempted to run using the Start, RUN command and MBAM to get started. Nothing. Not listed in Programs either. Desktop shortcut, Gone! I downloaded the Free Version and it picked up my licence and upgraded by free version to Premium. It needed to be updated, The last scan report is from August. I know for a fact this was running properly last week. Can anyone provide an explanation? Thanks, MH
  3. Hello All, My MB program was removed/uninstall/disappear itself. (move failed or error code 183) I was helped by a support agent from Malwarebytes and suggested below instructions. I hope this will help other to resolve the issue at earliest without waiting for late response due to high support demands. As there was an update and some users faced the issue on it. To install updates program needs to uninstall existing version and then after reboot, it install the latest one. But due to some technical issue, it was not happening thus the program was disappearing. This is a known issue that can be resolved by simply manually downloading and running the Malwarebytes setup file. Please, we aware we have addressed this issue to prevent it in the future. To Resolve this issue, it was very simple but needed to follow the instruction carefully. As we don't know what version was installed earlier so use "mb-clean" tool to remove previous version or leftovers. ***Before running clean tool it is always recommended to copy or write down your license key. ***NOTE: If you have any other anti-virus installed on your computer please disable or turn off the RTP for a while after downloading the requested tools in step 1 and step 2, till we finish below installation process. STEP 1 **** https://downloads.malwarebytes.com/file/mb_clean **** More info about MB-CLEAN > https://support.malwarebytes.com/docs/DOC-1112 - Double-click the file to launch the MB-Clean tool. A black DOS window will appear. - Allow the tool to run its course, which should only take about a minute. - Reboot your computer when prompted. - You will find a log file named "mb-cleanresult.txt" on your Desktop. - After reboot, MB utility will ask you to download latest MB3.x version, click YES if you want to download but for some technical issue, if it won't ask to install, proceed then go to step 2 to download and install it manually. Please attach the mb-clean-result.txt log in your next reply if you face any issue after this process. STEP 2: Download MB3 Installer (3.x.x.x) > http://downloads.malwarebytes.com/file/mbam - Press “Accept” and then follow the prompts on the installer window. - Malwarebytes will open automatically to the new welcome screen. - If you have a premium subscription for either Malwarebytes Anti-Malware or Malwarebytes Anti-Exploit / Premium Proceed to Activation. STEP 3: Activation (Premium Subscribers Only) (Optional step) Note: If you do not already have your license key on hand, you can obtain your license info with the instructions provided in this link. https://www.cleverbridge.com/?scope=cusecolp Note: If you had purchased a key from official website or e-commerce payment partner cleverbridge. "View this video how to activate license" > https://support.malwarebytes.com/videos/1016 Full document for activating the license. > https://support.malwarebytes.com/docs/DOC-1142 Sometime you may decline to activate due to "usage level exceeded error", you can reset the key from my account portal https://my.malwarebytes.com/en/login Remember my account portal need your email which was used to purchase key before. You can register to my account using your email. How to deactivate/reset license from my account portal > https://support.malwarebytes.com/docs/DOC-1032 After above instruction, if nothing helps then there must be any other issue like infections or anti-virus conflicts, which is stopping Malwarebytes program to run or install. Please send us the log file to check for the issue. First, run frst tool and then mb-check tool and send mb-check-results.zip file located on the desktop. Check below article for instruction to obtain log file. ** https://support.malwarebytes.com/docs/DOC-1318 ** https://support.malwarebytes.com/docs/DOC-1375 Step 1 helped me to resolve my issue but for my friend, he needs to proceed step 2 as well. But at the end, we successfully running Malwarebytes 3.2.2 premium version.
  4. as soon my subscription was renewed it removed my maintenance program WINASO I proceeded to enter the program in the exclusion list but it will not let it reload only started removal upon renewing subscription and program updated had program downloaded from direct webpage from WINASO ....attached file malware.txt
  5. Hello, I have purchased Malware Premium, installed it and activated the license. in june 2017. Version 3.2.2. It happens for the fourth time now that the program disapears from my desktop. I have Windows 10. It's very anoying and it cost me a lot of time to re-install the program again and again. What is going on and how can I prevent this?
  6. Hello. I recently downloaded a file because I was stupid and got ratted. They bought stuff using my paypal. Good thing I canceled my credit card and refunded the payments. I reformated my whole computer but it said some personal files were not deleted. I scanned and couldn't find anything, right when I thought I was clean my PC shutdown. Help?! FRST.txt Addition.txt
  7. My Photoshop.exe file was just quarantined. Here is the report. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/5/17 Protection Event Time: 2:23 PM Logfile: Administrator: Yes -Software Information- Version: Components Version: 1.0.103 Update Package Version: 1.0.2090 License: Premium -System Information- OS: Windows 10 CPU: x64 File System: NTFS User: System -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe, Quarantined, [0], [-1],0.0.0 (end)
  8. As a photographer the last thing I ever thought would happen would be my copy of Malwarebytes 3.0 misidentify and remove a copy of Photoshop.exe from my computer thinking it was ransomware.. I have not rebooted hoping that there is a way to get the file back and working. Can anyone help me?
  9. In the Malwarebytes Management Console I have a good amount of clients highlighted in red. After performing quick scans, they remain red. I have checked the policy and it indicates that for PUP, PUM and P2P are all set to "show in results list and check for removal." Why aren't the threats being removed? Do I have to do a full scan? Do I have to go to each client and delete these manually?
  10. I'm worried something is wrong with my computer please help me. I am unable to remove a deleted Administrator accounts temp folder. A white box that pops up after everything is loaded what when computer is shutdown Firefox high procces useage while sitting on bing search webpage Longer then avg startup times Thanks for looking. FRST.txt Addition.txt
  11. Thank you Malwarebytes for saving my computer! It removed over 50 items my Microsoft Security Essentials missed. Most of them were PUPs, but that doesn't stop me from thanking you. I even removed 2 pieces of spyware and a trojan that Microsoft Security Essentials missed! Thank you so much. Ever since my first scan with Malwarebytes, I have been using it every day without a problem.
  12. I Removed 35 infections based from the Rightsurf adware and i thought it was gone. But now, it just advertised "RazerComms" to me again, even though Rightsurf IS no longer in the task manager. I then looked for "RazerComms" and found the files, but cant delete them because of "no longer in C:\Users\richard\Appdata\local\chrome\user data\default\web aplications\www.razerzone.com\http_80 It just advertised so something is still going on. I really need help. Thanks.
  13. Windows Vista 64 bit | 4GB of RAM | AMD Athlon™ 7750 Dual Core Processor 2.71 GHz | My PC started getting slower 4 months ago, and programs were being downloaded by themselves. thought my brother downloaded them, so I didn't do anything. When I asked him and he said "no", I immediately downloaded MalwareBytes (Free Version). So I scanned and there was about 450 infections, and about 96% of it was "pup.mywebsearch", the rest were Trojans and adware. I removed them,and when I restarted the computer it got WAYY WORSE, even a right click took forever to load. Then, Windows Explorer wasnt responding, so I holded the power button to start on Safe Mode, and it wasn't so slow. So I don't know what to do, so I'm posting the DDS.txt here. If you need the MalwareBytes log, please ask me. ----------------------------------------------------------------------------------------------------------------------------- dds.txt attach.txt
  14. This is going to be a mouthfull, so a million thank-you's before hand. I'm working on a shared computer my office. I come in after several days off to find that the computer has a fake antivirus program. I don't know who downloaded it or from where. I run Malwarebytes Antimalware and Superantispyware as my protection programs. I was unable to update due to the fake antivurus, so I restarted in safe mode and ran some scans there. I ran a scan for both Malwarebytes and Superantispyware and this is what I found (Note to readers: The logs say "No Action Taken" becuase I saved the logfile before I quarantened and removed the malware with the above mentioned programs). Superantispyware Log: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/29/2012 at 03:14 PM Application Version : 5.0.1148 Core Rules Database Version : 8601 Trace Rules Database Version: 6413 Scan type : Complete Scan Total Scan Time : 00:25:36 Operating System Information Windows 7 Professional 32-bit (Build 6.01.7600) UAC Off - Administrator Memory items scanned : 342 Memory threats detected : 0 Registry items scanned : 42788 Registry threats detected : 1 File items scanned : 31213 File threats detected : 17 Adware.Tracking Cookie C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@advertising[2].txt [ Cookie:brent@advertising.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@atdmt[1].txt [ Cookie:brent@atdmt.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@pointroll[2].txt [ Cookie:brent@pointroll.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@ru4[2].txt [ Cookie:brent@ru4.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@adbrite[2].txt [ Cookie:brent@adbrite.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@c.atdmt[2].txt [ Cookie:brent@c.atdmt.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@lucidmedia[1].txt [ Cookie:brent@lucidmedia.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@yieldmanager[1].txt [ Cookie:brent@yieldmanager.net/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@serving-sys[2].txt [ Cookie:brent@serving-sys.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@kanoodle[2].txt [ Cookie:brent@kanoodle.com/ ] C:\USERS\BRENT\AppData\Roaming\Microsoft\Windows\Cookies\Low\brent@legolas-media[2].txt [ Cookie:brent@legolas-media.com/ ] ds.serving-sys.com [ C:\USERS\BRENT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N59VDAZK ] socialstreamingplayer.crystalmedianetworks.com [ C:\USERS\BRENT\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N59VDAZK ] C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SYSTEM@S3.TRAFFICNO[2].TXT [ /S3.TRAFFICNO ] Trojan.Agent/Gen-FakeAlert[Local] C:\PROGRAMDATA\B7E8586B000083BB67CF2E1FA6014588\B7E8586B000083BB67CF2E1FA6014588.EXE C:\$RECYCLE.BIN\S-1-5-21-1557514261-2431698323-2000263041-1000\$RM1A0AX.LNK [b7E8586B000083BB67CF2E1FA6014588] C:\PROGRAMDATA\B7E8586B000083BB67CF2E1FA6014588\B7E8586B000083BB67CF2E1FA6014588.EXE C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SMART FORTRESS 2012\SMART FORTRESS 2012.LNK Malwarebytes Log: Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.05.29.07 Windows 7 x86 NTFS (Safe Mode) Internet Explorer 8.0.7600.16385 User :: QUERCUSCRUSADER [administrator] 5/29/2012 3:28:07 PM mbam-log-2012-05-29 (15-54-52).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 364709 Time elapsed: 26 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKCR\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Bad: (C:\Users\User\AppData\Local\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\n.) Good: (%SystemRoot%\system32\shdocvw.dll) -> No action taken. HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\n.) Good: (%systemroot%\system32\wbem\wbemess.dll) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\User\AppData\Local\uzsqvv.exe (Trojan.Agent) -> No action taken. C:\Windows\Installer\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\U\00000001.@ (Trojan.Small) -> No action taken. C:\Windows\Installer\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\U\80000000.@ (Trojan.Sirefef) -> No action taken. C:\Windows\Installer\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\U\800000cb.@ (Rootkit.0Access) -> No action taken. (end) After doing this in safemode, I restarted the copmuter, updaded both programs to the current versions, and restarted again in safemode and scanned again. Only Malwarebytes found infected files this time. Scan log follows (Note to readers: Again, the logs say "No Action Taken" becuase I saved the logfile before I quarantened and removed the malware with the above mentioned programs). Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.05.15.06 Windows 7 x86 NTFS (Safe Mode) Internet Explorer 8.0.7600.16385 User :: QUERCUSCRUSADER [administrator] 5/29/2012 2:49:26 PM mbam-log-2012-05-29 (15-16-54).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 361863 Time elapsed: 26 minute(s), 42 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Fortress 2012 (Trojan.LameShield) -> No action taken. Registry Values Detected: 3 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ipcofmon (IPH.Trojan.Agent.CPN) -> Data: rundll32 "C:\Users\User\AppData\Local\Temp\audiicpl.dll",CreateProcessNotify -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MdRandomGeneratorCtrl (Trojan.Agent.SZ) -> Data: "C:\Users\User\AppData\Local\MdRandomGeneratorCtrl\MdRandomGeneratorCtrl.exe" /w -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|B7E8586B000083BB67CF2E1FA6014588 (Trojan.LameShield) -> Data: C:\ProgramData\B7E8586B000083BB67CF2E1FA6014588\B7E8586B000083BB67CF2E1FA6014588.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\Users\User\AppData\Local\Temp\audiicpl.dll (IPH.Trojan.Agent.CPN) -> No action taken. C:\Users\User\AppData\Local\MdRandomGeneratorCtrl\MdRandomGeneratorCtrl.exe (Trojan.Agent.SZ) -> No action taken. C:\ProgramData\B7E8586B000083BB67CF2E1FA6014588\B7E8586B000083BB67CF2E1FA6014588.exe (Trojan.LameShield) -> No action taken. C:\Users\User\AppData\Local\Temp\~!#6BC0.tmp (Trojan.Agent.SZ) -> No action taken. C:\Users\User\AppData\Local\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\n (Trojan.Dropper.PE4) -> No action taken. C:\Windows\Installer\{4d4830d5-5942-7a78-b692-ddf374d48a2e}\n (Trojan.Dropper.PE4) -> No action taken. (end) I restarted in safe mode, scanned a third time and found nothing. I wasn't convinced it was gone, however, and decided ot try one more scan. I restarted regularly this time and scanned a third time to try and catch anything that might only be visible to the program after a normal startup. Malwarebytes Anti-Malware www.malwarebytes.org Database version: v2012.06.02.05 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 User :: QUERCUSCRUSADER [administrator] 6/2/2012 10:24:55 AM mbam-log-2012-06-02 (10-24-55).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 369234 Time elapsed: 32 minute(s), 52 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 1 C:\Users\User\AppData\Local\Temp\qeupd.dll (Trojan.Agent) -> Delete on reboot. Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|qeupd (Trojan.Agent) -> Data: rundll32.exe "C:\Users\User\AppData\Local\Temp\qeupd.dll",SteamAPI_GetSteamInstallPath -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\User\AppData\Local\Temp\qeupd.dll (Trojan.Agent) -> Delete on reboot. (end) I scanned several times after, both in safe mode as well as after a normal startup, and found nothing. I kept an eye on the machine for several days, updating and scanning whenever I could. Today is about 5 days later, I even scanned this morning and didn't find any problems. This is where things get. . . wierd. . . I noticed while trying to work that a Microsoft Word file wouldn't open. There was no error message, the mouse would show the Windows loading wheel for about one full second and then. . . Nothing. Even after a restart, no joy. I tried Excel and PowerPoint as well. Same thing. Then I tried to open a new, blank document. Same thing. At this point, I'm confused so I go into program files and find. . .nothing (See attached "Office Clip 1-3"). By now, I'm sure it has something to do with the virus. So I downlaod and Install HijackThis and run the scan, copy the log into two different online analyzers. Both of these didn't come up with anything that could be dnagerous (to my limited knowledge and experience). The log follows. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:57:47 AM, on 6/5/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Sophos\AutoUpdate\ALMon.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Program Files\WordWeb\wweb32.exe C:\Windows\System32\rundll32.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup O4 - HKCU\..\Run: [nemsv] rundll32.exe "C:\Users\User\AppData\Local\Temp\nemsv.dll",RectPatchSize O4 - HKUS\S-1-5-21-1557514261-2431698323-2000263041-1000\..\Run: [WordWeb] "C:\Program Files\WordWeb\wweb32.exe" -startup (User '?') O4 - HKUS\S-1-5-21-1557514261-2431698323-2000263041-1000\..\Run: [nemsv] rundll32.exe "C:\Users\User\AppData\Local\Temp\nemsv.dll",RectPatchSize (User '?') O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- End of file - 5523 bytes I know that some viruses begin with a startup file, so here is also a log of my startup files copied out of CCleaner. Yes HKCU:Run nemsv rundll32.exe "C:\Users\User\AppData\Local\Temp\nemsv.dll",RectPatchSize Yes HKCU:Run WordWeb "C:\Program Files\WordWeb\wweb32.exe" -startup Yes HKLM:Run Adobe ARM "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Yes HKLM:Run Adobe Reader Speed Launcher "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Yes HKLM:Run HotKeysCmds C:\Windows\system32\hkcmd.exe Yes HKLM:Run IgfxTray C:\Windows\system32\igfxtray.exe Yes HKLM:Run IntelliPoint "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" Yes HKLM:Run itype "C:\Program Files\Microsoft IntelliType Pro\itype.exe" Yes HKLM:Run Malwarebytes Anti-Malware (reboot) "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript Yes HKLM:Run Persistence C:\Windows\system32\igfxpers.exe Yes HKLM:Run RtHDVCpl C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s Yes HKLM:Run Sophos AutoUpdate Monitor C:\Program Files\Sophos\AutoUpdate\almon.exe Yes HKLM:Run SunJavaUpdateSched "C:\Program Files\Common Files\Java\Java Update\jusched.exe" So, this is the gist of it. I have no clue what to do here, I don't even know what's wrong. I would just relaod MS Office, but I have a code key without a disk (for activating computers preloaded with MS Office) and I think you guys can help me better than having to jump through hoops to have Microsoft send me a CD with office on it. If I'm missing any information that is relevant, please let me know and I'll update as soon as possible.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.