Jump to content

Search the Community

Showing results for tags 'windows7'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL






  1. Good Day, I need help removing a cloudnet virus that keeps coming back which I have been attempting to remove for months but it keeps returning. I have been using MalwareBytes which detects the 8 infected files every time it scans after a reboot and have tried using other software such as HitmanPro but the virus keeps coming back. I recently saw a thread where somebody used something called FRST fixlist to fix such malware and wanted to know how it could be done and if I can do it as a beginner? Scan Results.txt
  2. Hello, I have a problem with installing the update for Malware Bytes on my old laptop With Windows 7 64 bit. Every time I do it, I get after some time the message "installation failed". I am attaching the logs and I'd appreciate your help. mb-check-results.zip
  3. Hello everyone, I am new here. I am using a HP pavilion DM4, with windows 7 home premium, and about 20 days ago (7/8/2019, I got a black screen with a cursor only after logging into my Admin Account, even on safemode. the day before this issue occurred (7/7/2019), I had turned off my AVG, while trying to run a malwarebytes scan, to do so, I changed its (AVGs) permissions to EVERYONE and I also set the AVG off, and restarted my computer, Lo and Behold, I couldn't get back on my ADMIN main user!, I am currently writing this on the same laptop, but on the account of a secondary user. I can only open a few Antivirus programs such as malwarebytes and AVG, however I cannot run Roguekiller or MSERT as they freeze. Ive done many test and NONE concluded malware, except a Malware bytes Anti Rootkit scan which detected 4 trojan files located in C:$\recyclebin (system recycle bin?). I've since removed them and I am currently attempting all my options. The crazy thing is, I actually fixed the problem, via system restore, and all was good! however I became stupid in thinking and decided to RE-RESTORE the system, because I was upset that my google chrome had updated!!!, and thus the problem had returned, and the old restore points have vanished since!. I would really love some help because I am sure something has taken over the admin privileges of the system, and is running SVCHOST.EXE and CONSENT.EXE upon start. Ive studied the strings and the threads and they run at 25% CPUs, jamming the system up. Ive also noticed something keeps closing antiviruses and services.exe when i try to open them. (I see all this via PROCESSEXPLORER from the second account with admin privileges). I cannot run SERVICES.EXE, but i can run regedit, msconfig, task manager, etc. Ive done SFC/scan as well as CHKDSK and it found some corrupt files and "fixed them", but the issue persist. Ive downloaded FRST, roguekiller, combofix, adwcleaner,. I have not run them, I am awaiting assistance (from you guys). please help me!!!! thank you in advance!
  4. Hello: I installed 7Zip, which appears to have installed Bandoo PUP. Malwarebytes advised me of this, and I quarantined the files, but I'm afraid that Bandoo may have left files. I understand Bandoo can actually install a rootkit. Can you help me remove it? I have done a complete scan with Malwarebytes, and it didn't find anything, but just want to be sure. Thanks!
  5. I recently did a scan with Malwarebytes and once completed there were over 2000 threats detected. One was a Trojan DNS. Proceeded to quarantine and remove all threats. Once removed all internet stopped working. Everything else seems to be working fine. Just cannot get on the internet via wired or wireless connections. I have read seve
  6. Since 17/12/2018 I started getting intermittent random PC freezes/lockups on my Windows 7 PC. I'm a long term user of MB, also on two Windows 10 PCs which are not having any problems. My MB version on the Windows 7 PC (now uninstalled) were: Malwarebytes Version: Component Package Version: 1.0.508 Update Package Version: 1.0.8722 My Windows 7 version is: Windows 7 Ultimate Version 6.1 (Build7601: Service Pack 1) My PC would freeze (screen frozen no mouse, or keyboard action possible) at random intervals, anywhere from 2 minutes after login to 120 minutes after login. Failures NEVER occurred in Windows Safe Mode with networking enabled, nor in Windows normal mode with the Ethernet network disconnected. Failures DID occur in Windows Normal Mode at a login prompt, without any users logged in or any applications running. Unaware that MB was the cause of my freezes, following one of the failures, I detected activity in the log file MBAMSERVICE.LOG as pasted below. Accessing reports in these Malwarebytes forums I read entries about MB causing freezes earlier in 2018 such as "3.4.4 is freezing my computer" By Anorax, March 12, 2018 in Malwarebytes 3 Support Forum, so I decided to completely uninstall MB on my Windows 7 PC. From the time I first logged in to Windows 7 normal mode after Malwarebytes was removed (now some 30 hours) I have not had any further PC Freezes, or lockups. What I am trying to determine is whether others have had similar 'freezing lockups' in Windows 7? What version of MB I should be using to prevent them? And is there any configuration action I can take to prevent such freezes/lockups happening again? Thank you. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ My PC freeze occurred at 01/11/19 17:19:34 following which I rebooted my PC into Safe Mode at 17:37:22. The entries in this file near the time of failure, there were many Warning entries prior to the PC freeze/lockup: 01/11/19 " 16:19:31.722" 663499 0228 09b8 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 16:19:35.691" 667465 0e9c 0f54 INFO ActionsShim ActionsShim::FinishUpdate "actionsshim.cpp" 129 "Finishing u 01/11/19 " 16:19:35.838" 667606 0e9c 0f54 INFO MBAMShimImpl MBAMShimImpl::FinishUpdate "mbamshimimpl.cpp" 131 "MBAMCor 01/11/19 " 16:19:35.979" 667746 0e9c 0f54 INFO MBAMShimImpl MBAMShimImpl::InitializeInternal "mbamshimimpl.cpp" 62 01/11/19 " 16:19:33.194" 664971 01dc 020c WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 16:19:38.137" 669914 0228 09b8 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 16:19:39.212" 670989 01dc 0258 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 16:19:43.238" 675016 0e9c 0f54 INFO MBAMCoreImpl MBAMCoreImpl::Initialize "mbamcoreimpl.cpp" 123 "MBAMCor 01/11/19 " 16:19:43.238" 675016 0e9c 0f54 INFO BrowserSDKShim BrowserSDKShim::FinishUpdate "browsersdkshim.cpp" 154 01/11/19 " 16:19:43.390" 675156 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Pro 01/11/19 " 16:19:43.390" 675156 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Upd 01/11/19 " 16:19:43.400" 675172 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Upd 01/11/19 " 16:19:43.409" 675187 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Val 01/11/19 " 16:19:44.575" 676342 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Val 01/11/19 " 16:19:44.575" 676342 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Che 01/11/19 " 16:19:44.580" 676357 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Pro 01/11/19 " 16:19:44.580" 676357 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoU 01/11/19 " 16:19:44.580" 676357 0e9c 1424 INFO CleanControllerImpl CleanDBParser::Parse "cleandbparser.cpp" 18 "Parsing 01/11/19 " 16:19:44.582" 676357 0e9c 1424 INFO GalaxyRuleParser mb::common::galaxyrules::SimpleRuleFileParserV2::Parse 01/11/19 " 16:19:44.630" 676394 0e9c 1678 INFO MBAMWebProtection CSIRPCompleteCanceledIrp "cancelsafeirps.c" 99 "Min 01/11/19 " 16:19:44.630" 676394 0e9c 167c INFO MBAMWebProtection CSIRPCompleteCanceledIrp "cancelsafeirps.c" 99 "Min 01/11/19 " 16:19:44.634" 676398 0e9c 1690 INFO MBAMWebProtection DriverDispatchCleanup "driver.c" 203 "Client has disc 01/11/19 " 16:19:44.638" 676402 0004 0040 INFO MBAMWebProtection AddressHostFinalize "addresshost.c" 404 "At most 0 'loca 01/11/19 " 16:19:44.638" 676402 0004 0040 INFO MBAMWebProtection DriverUnload "driver.c" 162 "MBAMWebProtection servi 01/11/19 " 16:19:44.883" 676654 0e9c 1500 INFO MWACShimImpl MwacShimImpl::Initialize "mwacshimimpl.cpp" 357 "Initial 01/11/19 " 16:19:44.909" 676685 0e9c 1500 INFO MWACShimImpl MwacShimImpl::InitializeInternal "mwacshimimpl.cpp" 113 01/11/19 " 16:19:44.909" 676685 0e9c 1500 INFO MwacLibImpl MWAC_Initialize "mwaclib.cpp" 27 "Initializing Mwac SDK (3.1. 01/11/19 " 16:19:46.035" 677808 0e9c 1500 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InitializeMw 01/11/19 " 16:19:45.211" 676987 0004 002c INFO MBAMWebProtection DriverEntry "driver.c" 121 "MBAMWebProtection service s 01/11/19 " 16:19:45.214" 676990 0e9c 062c INFO MBAMWebProtection DriverDispatchCreate "driver.c" 191 "Client has conn 01/11/19 " 16:19:48.151" 679928 0228 0310 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj ~ 01/11/19 " 17:08:33.126" 3604903 0c28 0690 INFO MBAMChameleon EnumerateAndDeleteIfeoKeys "watchdog-common.c" 1029 "Enu 01/11/19 " 17:08:33.126" 3604903 0c28 0690 INFO MBAMChameleon EnumerateAndDeleteIfeoKeys "watchdog-common.c" 1099 "Enu ~ 01/11/19 " 17:18:51.980" 4223757 01dc 0258 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:01.153" 4232930 0228 09b8 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:04.023" 4235800 01dc 0258 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:11.167" 4242944 0228 0310 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:13.058" 4244835 01dc 0258 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:21.168" 4252945 0228 0310 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:22.087" 4253864 01dc 0224 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:26.584" 4258359 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Val 01/11/19 " 17:19:27.755" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Val 01/11/19 " 17:19:27.755" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Che 01/11/19 " 17:19:27.760" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoU 01/11/19 " 17:19:27.760" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoU 01/11/19 " 17:19:27.761" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Get 01/11/19 " 17:19:27.761" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Get 01/11/19 " 17:19:27.761" 4259529 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::Get 01/11/19 " 17:19:28.930" 4260699 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoU 01/11/19 " 17:19:28.930" 4260699 0e9c 0f54 INFO UpdateControllerImpl mb::updatecontrollerimpl::CUpdateControllerImpl::DoU 01/11/19 " 17:19:31.182" 4262959 0228 0320 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj 01/11/19 " 17:19:34.131" 4265908 01dc 0224 WARNING MBAMChameleon PreProcHandleOperationRoutine "mbamwatchdog.c" 725 "Obj Following this entry my PC froze/locked up. Restarted PC. 1101/11/19 " 17:37:22.399" 24273 042c 0448 INFO LogController CLogController::Start "logcontroller.cpp" 93 "Started log 01/11/19 " 17:37:22.399" 24273 042c 0448 INFO LogController CLogController::Start "logcontroller.cpp" 95 "Local time
  7. Can you help to overcome following problem Malwarebytes Premium blocks Microsoft Office Word Malicious Memory Protection Exploit: 1 Malware.Exploit.Agent.Generic, , blocked, [0], [392684],0.0.0 Exploit code executing from Heap memory blocked In addition, I also run EMET 5.0, which reports the following when trying to open Word or Excel, which both get blocked by EMET 5.0: EMET detected SimExecFlow mitigation and will close the application Assuming that Malwarebytes and EMET 5.0 are fully compatible, I wonder what is causing the problem: Here is the report of Malwarebytes: -Exploit-Daten- Malwarebytes www.malwarebytes.com -Protokolldetails- Datum des Schutzereignisses: 23.03.18 Uhrzeit des Schutzereignisses: 08:46 Protokolldatei: 44d01e5a-2e6e-11e8-b14b-00241d745f82.json Administrator: Ja -Softwaredaten- Version: Komponentenversion: 1.0.322 Version des Aktualisierungspakets: 1.0.4458 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: System -Einzelheiten zu Exploits- Datei: 0 (keine bösartigen Elemente erkannt) Exploit: 1 Malware.Exploit.Agent.Generic, , Blockiert, [0], [392684],0.0.0 -Exploit-Daten- Betroffene Anwendung: Microsoft Office Word Schutzebene: Malicious Memory Protection Schutzverfahren: Exploit code executing from Heap memory blocked Dateiname: URL: END Thanks for any help and advice on this most annoying and concering problem. A. Naseweiss
  8. Hi, Recently we have been experiencing random and spiking plague of the BSOD on our Dell systems (all latitude E7470 + very recently some OptiPlex AIO). For almost all of the machines it is related to either Intel WiFi or Graphic driver (Widi). Some are Kernel_data_inpage and other. Recently we were able to narrow plenty of those errors to malwarebytes. For example, one of the machines was restored to factory image. Some basic software was installed. It looked to be fine until Malwareybtes was installed - instant crash right and left. You would boot computer, login and every few minutes it would result in blue screen. Once malwarebytes was removed BSOD would stop. We have reinstalled it and it seems to be fine now. It is really puzzling. We are using endpoint + anti-exploit. I know dell puts a lot of crap software on their images but this is what we have to live with. Maybe something gets in conflict? Does anyone else experience similar problems? I would say it started around those updates for Intel processors. Any chance malwarebytes has problem with it? I am more than happy to answer any questions.
  9. I have downloaded a torrent of sims 4 game it was 16 GB so I lefted 2 days downloading after the torrent finished the popups websites on google chrome keep opening and cmd saying it is transfering files and there was written simstransfer.info and many process then navigate to copied successfully of two files but when I tried to capture the process so I can put it here it goes away fast to another in cmd and then cmd stay opened and doesn't go by itself .. I then close it by myself... I have tried many antimalwares but they did nothing although I saw the reports and removed malwares but the problem still exist, tried Hitman and tried them in safe mode with networking but still the same what I have noticed is that cmd starts poping up and so for the websites pop ups when startup and then repeats in different times through the day. I uninstalled utorrent and any of the recent programs.In cmd says that is from system 32. If I can capture the cmd proccess I will put here... and thank you.
  10. Good afternoon I downloaded an Internet program and at the time of installation entered a trojan with the name of hijack.exefile I already ran the scan with the malware and every time I restart the computer it back would like help and support to solve my program is bought and I already downloaded the dds.src and already did the scan I would like to Pulb what appears in the TXT of the DDS hugs from Brazil Note: My programs only open when I open as ADM DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 Run by Usuario at 13:10:48 on 2017-11-13 Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.16285.13055 [GMT -2:00] . AV: Malwarebytes *Enabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B} SP: Malwarebytes *Enabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\DAODx.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Diebold\Warsaw\core.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe F:\Program Files (x86)\Steam\Steam.exe F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe F:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll uRun: [Spotify Web Helper] C:\Users\Usuario\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart uRun: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 TCP: NameServer = TCP: Interfaces\{E532C053-0A6C-4C55-B342-8A9C6715F8A2} : DHCPNameServer = SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-SSODL: WebCheck - <orphaned> x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\x3xoe7yl.default\ FF - plugin: C:\Program Files\VideoLAN\VLC\npvlc.dll . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2017-9-20 83656] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2017-9-20 43720] R0 MBAMChameleon;MBAMChameleon;C:\Windows\System32\drivers\MbamChameleon.sys [2017-11-12 192952] R0 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\mbamswissarmy.sys [2017-11-12 252232] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2017-9-24 283064] R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Windows\System32\drivers\mbae64.sys [2017-9-25 77440] R1 wsddntf;Diebold Network Monitor;C:\Windows\System32\drivers\wsddntf.sys [2017-10-29 36984] R2 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2017-9-20 817760] R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2257016] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2017-9-20 246272] R2 Focusrite Control Server;Focusrite Control Server;C:\Program Files\Focusrite\Focusrite Control\Server\ControlServer.exe [2017-9-22 1313792] R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-25 6058960] R2 TeamViewer;TeamViewer 12;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2017-9-21 10803440] R2 Warsaw Technology;Warsaw Technology;C:\Program Files\Diebold\Warsaw\core.exe [2017-10-29 1056304] R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-8-16 140032] R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-8-16 424192] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2017-9-20 95760] R3 FocusriteUSB;Focusrite USB;C:\Windows\System32\drivers\FocusriteUSB.sys [2017-9-22 87056] R3 FocusriteUSBAudio;Focusrite USB Audio;C:\Windows\System32\drivers\FocusriteUSBAudio.sys [2017-9-22 45072] R3 FocusriteUSBMidi;Focusrite USB MIDI;C:\Windows\System32\drivers\FocusriteUSBMidi.sys [2017-9-22 36880] R3 FocusriteUSBSwRoot;USB Audio Root;C:\Windows\System32\drivers\FocusriteUSBSwRoot.sys [2017-9-22 88592] R3 MBAMFarflt;MBAMFarflt;C:\Windows\System32\drivers\farflt.sys [2017-11-12 110016] R3 MBAMProtection;MBAMProtection;C:\Windows\System32\drivers\mbam.sys [2017-11-12 45504] R3 MBAMWebProtection;MBAMWebProtection;C:\Windows\System32\drivers\mwac.sys [2017-11-12 84256] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2017-9-20 943832] S1 wsddfac;wsddfac;C:\Windows\System32\drivers\wsddfac.sys [2017-10-29 28376] S1 wsddpp;Warsaw - Driver (PP);C:\Windows\System32\drivers\wsddpp.sys [2017-10-29 25184] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-4-21 107656] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-4-21 128648] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-7-18 358880] S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168] S3 iobit_monitor_server;iobit_monitor_server;C:\PROGRA~2\IObit\ADVANC~1\drivers\Monitor_win7_x64.sys [2017-11-12 14680] S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 wsddprm;Warsaw - Driver (PRM);C:\Windows\System32\drivers\wsddprm.sys [2017-10-29 25184] . =============== Created Last 30 ================ . 2017-11-12 19:36:42 -------- d-----w- C:\ProgramData\ProductData 2017-11-12 19:36:24 -------- d-----w- C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A} 2017-11-12 19:36:23 -------- d-----w- C:\Program Files (x86)\Common Files\IObit 2017-11-12 19:36:14 -------- d-----w- C:\Users\Usuario\AppData\Roaming\IObit 2017-11-12 19:36:14 -------- d-----w- C:\Program Files (x86)\IObit 2017-11-12 19:35:57 -------- d-----w- C:\ProgramData\IObit 2017-11-12 19:20:51 -------- d-----w- C:\Users\Usuario\AppData\Local\ElevatedDiagnostics 2017-11-12 16:10:26 192952 ----a-w- C:\Windows\System32\drivers\MbamChameleon.sys 2017-11-12 16:10:24 84256 ----a-w- C:\Windows\System32\drivers\mwac.sys 2017-11-12 16:10:24 45504 ----a-w- C:\Windows\System32\drivers\mbam.sys 2017-11-12 16:10:24 252232 ----a-w- C:\Windows\System32\drivers\mbamswissarmy.sys 2017-11-12 16:10:24 110016 ----a-w- C:\Windows\System32\drivers\farflt.sys 2017-11-12 11:17:02 0 ----a-w- C:\Windows\directx.sys 2017-11-12 00:18:40 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe 2017-11-09 20:49:24 -------- d-sh--w- C:\ProgramData\SecuROM 2017-11-09 20:43:48 -------- d-----w- C:\Windows\SysWow64\xlive 2017-11-09 20:43:48 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2017-11-09 20:41:24 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll 2017-10-29 21:46:57 36984 ----a-w- C:\Windows\System32\drivers\wsddntf.sys 2017-10-29 21:46:57 28376 ----a-w- C:\Windows\System32\drivers\wsddfac.sys 2017-10-29 21:46:57 25184 ------w- C:\Windows\System32\drivers\wsddprm.sys 2017-10-29 21:46:57 25184 ------w- C:\Windows\System32\drivers\wsddpp.sys 2017-10-29 21:46:55 -------- d--h--w- C:\Program Files (x86)\GAS Tecnologia 2017-10-29 21:46:55 -------- d--h--w- C:\Program Files (x86)\Diebold 2017-10-29 21:46:34 -------- d-----w- C:\Program Files\Diebold 2017-10-29 21:45:47 -------- d-----w- C:\Users\Usuario\AppData\Local\Aplicativo Itau 2017-10-25 21:03:31 -------- d-----w- C:\Users\Usuario\aTubeCatcher 2017-10-23 18:51:38 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Cycling '74 . ==================== Find3M ==================== . 2017-11-11 16:27:12 16 ----a-w- C:\Windows\System32\msvcsv60.dll 2017-11-11 16:27:12 16 ----a-w- C:\Users\Usuario\AppData\Roaming\msregsvv.dll 2017-10-29 21:48:42 1856 ----a-w- C:\Windows\Fonts\Warsaw Bold.ttf 2017-10-09 16:16:04 77440 ----a-w- C:\Windows\System32\drivers\mbae64.sys 2017-09-25 18:30:17 7649280 ----a-w- C:\Program Files (x86)\GUT3C93.tmp 2017-09-24 19:20:49 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2017-09-24 19:20:49 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2017-09-24 19:20:49 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2017-09-24 15:27:59 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2017-09-20 21:24:00 1864 ----a-w- C:\Windows\Fonts\dbldwrsw.ttf 2017-09-20 20:48:12 0 ----a-w- C:\Windows\ativpsrm.bin . ============= FINISH: 13:11:00,68 ===============
  11. Hello, wonderful helpers! My desktop computer is running in 64 bit mode with Windows 7 professional with service pack 1 with an i7 CPU and 16GB RAM. It is protected by MALWAREBYTES PREMIUM. Malwarebytes version, version of compnents package 1.0.103, version of actualisation package 1.0.3171, edition premium, correct licence id, correct licence key, status unlimited. I am having problems running the update as usual. No update is done after a longer time of waiting. I really need help and will follow your instructions in topic Hope to hear of you soon! Andy Munich, Germany
  12. Hello, so I had a weird error message popping up in my Windows 7 x64 so I ran all the available security tools, and I unfortunately found a couple of infections. The strangest thing was that there was a Mozilla.zip (with the content of the Firefox /AppData files) in my Roaming folder created last night, so I was wondering if my passwords have been stolen, as I save a lot of them in Firefox and I had no Master Password? I would be also grateful if anyone could check my log files, but I guess my system is clean now, only the Mozilla.zip bugs me..... Malwarebytes.txt AdwCleaner[S0].txt FRST.txt Addition.txt ComboFix.txt HitmanPro_20171024_1332.log
  13. Hello- my computer has recently started doing something very unusual such as blocking programs (that are unharmful), Popping up everytime I log in, everytime I open up my browser, or any other app/program, and also pops up if I don't touch my computer for a certain amount of time. It started doing this about a week ago and I'd really like to resolve it. Each time it pops up it says the same thing: "C:Windows\system32\ncrypt.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support." I've tried uninstalling C:Windows\system32\ncrypt.dll to re-install it but it won't even do that! Please help
  14. While I was out, I got bluescreened. WhoCrashed is telling me that Win7 is blaming the Anti-Ransomware module. As per support sticky, mb-check results(with FRST results) is attached, as is the log: mb-check-results.zip
  15. I scanned my Win7 with Malwarebytes after it experienced issues. 3 generic Trojans were found& removed. Cleanup / restart took overnight to run. My PC starts now but I always get a BSOD about 5 minutes after startup, even in Safe Mode. I've downloaded FRST & run. It doesn't finish before the reboot, logs are attached. I'd greatly appreciate any recommendations on next steps to recover. Addition.txt FRST.txt
  16. Hello. I'm a Windows 7 user and a few months ago, I've changed my laptop's keyboard (hardware) into a new one because some keys were malfunctioned. At first, everything seems fine but soon the keys started to going crazy. Some keys turned to shortcut keys (like opening a new window, open the control panel, etc) or freezed the screen . I don't know whether this got to do with malware or because it has a conflict with other program. After I changed to that new keyboard, I uninstalled some programs, bought and downloaded Microsoft Office 2016 and Malwarebytes Premium 3.0. The problem getting worse so I decided to restore the system. At first, it worked well but later, the same problem came back again. After googling for some help, I found out that my windows key is always stuck (though it seems didn't stuck physically) whenever I open the on-screen keyboard. So I downloaded SharpKeys to disable/turn off the windows key and I confirmed that the key didn't stick on the screen keyboard anymore. But, 'magically', my problem isn't solved yet. Sometimes, the short keys pop up randomly when I type the key *sigh* I have to restart my laptop a few times to make it better. Help me please...
  17. On Monday, I received the upgrade to Malwarebytes 3.0.6 from the previous one and I have to say, I am not happy with it at all. My main gripe is that it has become more resource-heavy when one of its processes, "MBAMProcess", takes up over 300MB of memory and with that number being higher than "explorer.exe" and "svchost.exe" combined, and even worse when I have Mozilla Firefox open that also consumes memory, and this is because I only have 4GB of memory for this laptop (which is a Dell Inspiron N7010) and when I performed the first scan with it, the laptop is forced to work harder as it causes its fan to spin faster, implicating that the scanning process is now much more intense and to be frank, is not good for a seven-year old machine. Don't want the fan to wear out each time I do a scan. Also, the animations within the program are somewhat choppy even during the scan and from what I've seen and experienced, I feel this is more optimised for Windows 10 but that's solely my opinion. Unhappy with this, I decided to downgrade it back to but after I did that, I am denied of real-time protection and with the program nagging me to upgrade each time I open it. Even if this has three more months of support, I feel this is entirely not fair unless I done something wrong. According to the FAQ, I didn't know you had to reboot after the removal of the new version and then install the older one. Maybe that's why I'm getting this but, I don't know. I don't really want to part with the software itself as it has been very good to me since I had it, and I hope things will change for the next release even with what I said above.
  18. Hi, I'm on another system this time, and the infection is much worse. I started a threat scan, but at a certain point in the scan, it took over an hour on a file and never scanned it, so I assumed it had stalled. At that time, there were only 7 detections, and 6 of them were adware while one was a PUP. I tried to do more scans after that and they all stalled and I noticed that there were more detections. As of the most recent one, there were 27 detections. I have attached the following logs. Please help. Addition_26-12-2016 22.21.24.txt FRST_26-12-2016 22.21.24.txt
  19. Over the last couple of days Malwarebytes has behaved impeccably but, on logging in to the laptop this afternoon, I got the mbamtray.exe error message shown in the attached image file - I've not seem this error before. However Malwarebytes Tray Icon does appear in the system tray as normal and reports no errors; furthermore, by right clicking on it I can open the application as normal and Malwarebytes shows itself as up to date. I pass this on in case it helps to resolve any current issues with Malwarebytes 3.0 - I attach a JPG of the error message and Malwarebytes zipped log files. Windows 7 SP 1 x64 - build 7601 Malwarebytes Version 3.04.1269 MSE with real time protection switched off CryptoPrevent Premium Edition logs.zip
  20. Good Evening, We have had a very unusual event happen today (and latter end of yesterday). We have Malwarebytes for Business deployed at several customers office (all seperate, no relations) and today a quite a few computers BSOD'ed on Windows 7 machines (x86 and x64) on Startup (When the windows logo appears). So one would have to restart the machine in order for it to happen. I assumed it might be a an update that Microsoft rolled out (KB3197869, on Nov. 15). However it I since tried machine that were not affected and they seem fine. I am not blaming Malwarebytes for this, I am just seeing if someone else is having these issues. The two common denominators are Malwarebytes (for business) and KB3197869 (Or so it would seem). I would appreciate any input and insight. Thanks
  21. Hello, I have an old PC (with decent specs though) that is running windows VISTA, which I think must be the worst OS ever. I want to donate this PC to a charity, so would really like to put a better OS on it, but I don't really want to buy one. So, I was wondering - I do have a laptop that came with Windows7 - and I've got the licence key on the back of the laptop - but the laptop was upgraded to Windows 10. Would that Windows7 licence key still work and how could I upgrade the VISTA to Windows 7? Welcome any other good ideas also! Many thanks!
  22. Hey ! I recently used malwarebytes and Adwcleaner to remove weather chicken and other malware, but after the removal my internet stopped working( though it is connected and working on other devices). The system I'am working on is Windows 7 service pack 1, 32 bit. Please help !! ASAP !
  23. MBAM & MBAE for Business subscription were purchased yesterday and downloaded from the link supplied. Installed MBAM with no problem. The icon displayed, app started, ran an update and a full scan. Installed MBAE but the GUI & icon on the taskbar are never displayed after the install. I clicked MBAE in the start menu but it never displayes n icon or notification message at taskbar. I checked the event viewer and there are no entries in the application or system Event logs mentioning Malwarebytes. I rebooted and nothing changes. I opened Word 2013 and the MBAE notification does not display and the app icon is not displayed as running. I opened task manager and the service is running. PC is running Windows 7 Pro, Windows domain with 2008 r2 server, Symantec Endpoint Protection 12x. All non-optional windows updates were already applied.
  24. Yesterday I had downloaded the free version of Malwarebytes version database update was showing 5th April, 2015 so I wanted to update it. When I made an attempt, it said " NO UPDATES AVAILABLE ".. I donot know why this is happening and seek your help in this matter. I am using Microsoft Security Essentials as my Anti Virus on Windows 7, 64 bit. Service Pack 1. Your help in this matter will be greatly appreciated. Thanking you in anticipation
  25. This is my first post in MalwareBytes Forum, I had been using MBAE Beta for quite sometime till I discovered the latest version 1:04:1:1012 yesterday. I immediately downloaded this version in the same folder as the Beta version, my parttion D Drive. Thereafter, in the Event Viewer, I got the following error Faulty Application Name W Script exe. version 5.8.7601.19283 Faulty Module Name mbae64. dll_unloaded version Faultin Application Path C:\Windows\System32\W Script exe. Faultin Module Path mbae64.dll Event ID 1000 Level Error Task Category {100} I thought this problem arose since I didn't uninstall the Beta version earlier before downloading the new version. So I again uninstalled MBAE and then again downloaded the above version. The following things have been observed by me now. 1.All my batch files and W Scripts which used to work fast, have now slowed down by a couple of seconds. 2.The frequency of the above errors have come down, but nonetheless, still appear in my Event Viewer. Even my Reliability Monitor indicates this as an error and thereafter all my batch files/ Wscipts [ which are activated by my Schedule Task ] become slow by a couple of seconds. My questions .... 1. Should I unstall and again install in my C Drive ? 2. What is the reason that MBAE is clashing with WScipt on my Computer ? Can someone please help me on this Anshi
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.