Has anyone ever heard of this process? I can't find any info on any search engines, which is odd. I cannot end it through task manager, Process Explorer, Command Prompt, or anything else, even in full safe mode with a clean boot. Process Explorer shows that it is consistently creating subprocess "sihaglc.exe", which is constantly creating and ending multiple instances of "rekmpgn.exe", which itself sometimes has another subprocess of the same name.
So anyway, how this happened is my stupid boyfriend decided to download some shady stuff on my computer while I was sleeping last night. When I turned on my computer, there were ads playing through my speakers, but I couldn't find the source. I eventually found that many processes called "Collectives" and "Gilbride", continuously starting after ending them. There was also a process called Ampersands and AnonymizerLauncher, though those did not clone themselves. I eventually managed to locate all of the cloned copies of the Collectives and Gilbride executables and deleted them in safe mode. They didn't clone themselves and I no longer have the advertisement issues.
Anyway, I am still concerned about this avewmsosvc.exe process. I have no idea what it could be doing to my computer. I know that it kept adaware from starting and blocked Windows Defender from turning on real-time protection. It stopped the Spybot updater service from running, though I was able to run and update Malwarebytes (though it would not start after I restarted my computer without reinstalling - it also was unable to activate the real time protection), which did find 175 "problems", though not this process. I was able to install AVG (yes I uninstalled everything else) and it found no problems and doesn't seem to have trouble running.
Does anyone have any ideas? Is there another anti-virus or -malware I should try? I appreciate any help! Thanks!
Edit: Oh and if it helps, avewmsosvc.exe is in my System32 folder.
Edited by Hayama, 13 December 2017 - 02:26 PM.