Closed/Inactive Can't Open Certain .exe

  • Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
====================================================================

Security Check Scan.





  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the program completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
=============================================================================


HijackThis.



1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.
 

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
yes startups disabled but i've read that ATK packages are for fn button on laptops. but everything else is off.
yes ,safe mode.
and ok i will run adwcleaner again.
 

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 121
Java 8 Update 144
Java version 32-bit out of Date!
Google Chrome (75.0.3770.142)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
 

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
edit now thats not good formatting (?)


Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.19

Platform: x64 Windows 7 (Home Premium), 6.1.7601.23710, Service Pack: 1
Time: 01.08.2019 - 09:25 (UTC+02:00)
Language: OS: Czech (0x405). Display: Czech (0x405). Non-Unicode: Czech (0x405)
Elevated: Yes
Ran by: Reed (group: Administrator) on REED-PC, FirstRun: no

Chrome: 75.0.3770.142
Internet Explorer: 11.0.9600.18618
Default: "C:\Users\Reed\AppData\Local\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\ASUS.SYS\SIONExportService.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
1 C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
1 C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
1 C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
1 C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
1 C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
1 C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
1 C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe
1 C:\Program Files (x86)\Common Files\InstantOn\InsOnWMI.exe
1 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1 C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE
1 C:\Program Files (x86)\Notepad++\notepad++.exe
1 C:\Program Files (x86)\System Explorer\SystemExplorer.exe
1 C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
2 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Everything\Everything.exe
1 C:\Program Files\Intel\TurboBoost\TurboBoost.exe
7 C:\Program Files\Internet Explorer\iexplore.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\P4G\BatteryLife.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
17 C:\Users\Reed\AppData\Local\Google\Chrome\Application\chrome.exe
1 C:\Users\Reed\Desktop\DebugDiag\DbgHost.exe
1 C:\Users\Reed\Desktop\DebugDiag\DbgSvc.exe
1 C:\Users\Reed\Desktop\HiJackThis.exe
1 C:\Windows\AsScrPro.exe
1 C:\Windows\SysWOW64\ACEngSvr.exe
1 C:\Windows\SysWOW64\PnkBstrA.exe
1 C:\Windows\SysWOW64\PnkBstrB.exe
1 C:\Windows\System32\FBAgent.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\alg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\msdtc.exe
1 C:\Windows\System32\rpcnetp.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
16 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://www.seznam.cz/?clid=22668
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.seznam.cz/?clid=22668
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://www.seznam.cz/?clid=22668
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.seznam.cz/?clid=22668
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}: = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} - Seznam O1 - Hosts.ICS: 10.5.49.232 Reed-PC.mshome.net # 2024 7 2 30 6 21 43 292 O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2-32 - HKLM\..\BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O2-32 - HKLM\..\BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll O2-32 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3-32 - HKLM\..\Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR O4 - HKLM\..\Run: [AmIcoSinglun64] = C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe O4 - HKLM\..\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 O4 - HKLM\..\Run: [SynAsusAcpi] = C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe O4 - HKLM\..\Run: [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - MSConfig\startupreg: ASUS Screen Saver Protector [command] = C:\Windows\AsScrPro.exe (HKLM) (2019/07/17) O4 - MSConfig\startupreg: ASUSPRP [command] = C:\Program Files (x86)\ASUS\APRP\APRP.EXE (HKLM) (2019/08/01) O4 - MSConfig\startupreg: ASUSWebStorage [command] = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S (HKLM) (2019/07/31) O4 - MSConfig\startupreg: Adobe Creative Cloud [command] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (HKLM) (2019/07/17) (file missing) O4 - MSConfig\startupreg: AdobeCS6ServiceManager [command] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2019/07/17) O4 - MSConfig\startupreg: AdobeGCInvoker-1.0 [command] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (HKLM) (2019/08/01) O4 - MSConfig\startupreg: AthBtTray [command] = C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (HKLM) (2019/07/17) O4 - MSConfig\startupreg: AtherosBtStack [command] = C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (HKLM) (2019/07/17) O4 - MSConfig\startupreg: AvRepair [command] = C:\Program Files\AVAST Software\Avast\setup\instup.exe /instop:repair /wait (HKLM) (2019/07/31) (file missing) O4 - MSConfig\startupreg: CLMLServer [command] = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (HKLM) (2019/07/31) (file missing) O4 - MSConfig\startupreg: Discord [command] = C:\Users\Reed\AppData\Local\Discord\app-0.0.305\Discord.exe (HKCU) (2019/07/31) O4 - MSConfig\startupreg: Google Update [command] = C:\Users\Reed\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe (HKCU) (2019/07/31) O4 - MSConfig\startupreg: HotKeysCmds [command] = C:\Windows\system32\hkcmd.exe (HKLM) (2019/07/31) O4 - MSConfig\startupreg: ISUSPM [command] = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (HKCU) (2019/08/01) O4 - MSConfig\startupreg: IgfxTray [command] = C:\Windows\system32\igfxtray.exe (HKLM) (2019/08/01) O4 - MSConfig\startupreg: IntelTBRunOnce [command] = C:\Windows\system32\wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" (HKLM) (2019/07/31) O4 - MSConfig\startupreg: Nuance PDF Reader-reminder [command] = C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" (HKLM) (2019/07/31) O4 - MSConfig\startupreg: PWRISOVM.EXE [command] = C:\Program Files\PowerISO\PWRISOVM.EXE -startup (HKLM) (2019/07/31) O4 - MSConfig\startupreg: Persistence [command] = C:\Windows\system32\igfxpers.exe (HKLM) (2019/08/01) O4 - MSConfig\startupreg: RtHDVCpl [command] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (HKLM) (2019/07/17) O4 - MSConfig\startupreg: SwitchBoard [command] = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (HKLM) (2019/07/31) O4 - MSConfig\startupreg: SystemExplorerAutoStart [command] = C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY (HKLM) (2019/07/31) O4 - MSConfig\startupreg: UpdatePSTShortCut [command] = C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (HKLM) (2019/07/17) (file missing) O4-32 - HKLM\..\Run: [ATKMEDIA] = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4-32 - HKLM\..\Run: [ATKOSD2] = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4-32 - HKLM\..\Run: [HControlUser] = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4-32 - HKLM\..\Run: [SonicMasterTray] = C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe O4-32 - HKLM\..\Run: [Wireless Console 3] = C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Stáhnout pomocí &BitSpiritu: (default) = C:\Program Files (x86)\BitSpirit\bsurl.htm (file missing) O9 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - (no file) O9 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - (no file) O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Přidat na blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9-32 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: &Přidat na blog prostřednictvím aplikace Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9-32 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O17 - DHCP DNS 1: 10.5.50.1 O17 - DHCP DNS 2: 77.104.250.129 O17 - DHCP DNS 3: 81.92.158.230 O17 - DHCP DNS 4: 8.8.8.8 (Well-known DNS: Google) O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\AsusWSShellExt_B: AsusWSShellExt_B64 Class - {6D4133E5-0742-4ADC-8A8C-9303440F7190} - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll O21 - HKLM\..\ShellIconOverlayIdentifiers\AsusWSShellExt_O: AsusWSShellExt_O64 Class - {64174815-8D98-4CE6-8646-4C039977D808} - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll O22 - Task (.job): ASUS SmartLogon Console Sensor.job - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe O23 - Service R2: AFBAgent - C:\Windows\system32\FBAgent.exe O23 - Service R2: ASLDR Service - (ASLDRService) - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service R2: ASUS InstantOn Service - (ASUS InstantOn) - C:\Program Files (x86)\Common Files\InstantOn\InsOnSrv.exe O23 - Service R2: ATKGFNEX Service - (ATKGFNEXSrv) - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service R2: Atheros Bt&Wlan Coex Agent - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe O23 - Service R2: AtherosSvc - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service R2: Debug Diagnostic Service - (DbgSvc) - C:\Users\Reed\Desktop\DebugDiag\DbgSvc.exe O23 - Service R2: FABS - Helping agent for MAGIX media database - (Fabs) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe /DisableUI O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service R2: Intel(R) Turbo Boost Technology Monitor - (TurboBoost) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service R2: PACE License Services - (PaceLicenseDServices) - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe O23 - Service R2: PnkBstrA - C:\Windows\SysWOW64\PnkBstrA.exe O23 - Service R2: PnkBstrB - C:\Windows\SysWOW64\PnkBstrB.exe O23 - Service R2: Splashtop Meta Data Export Service - (Splashtop MDES) - C:\ASUS.SYS\SIONExportService.exe O23 - Service R3: BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe O23 - Service R3: System Explorer Service - (SystemExplorerHelpService) - C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe O23 - Service S2: BingBar Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe O23 - Service S2: Služba Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service S3: Adobe SwitchBoard - (SwitchBoard) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service S3: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service S3: Firebird Server - MAGIX Instance - (FirebirdServerMAGIXInstance) - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE O23 - Service S3: Služba Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- End of file - Time spent: 54,6 sec. - 35106 bytes, CRC32: FFFFFFFF. Sign: 
 
Last edited by a moderator:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
After that, re-run FRST in NORMAL Mode. Attach the two new logs.
 

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
and again

# -------------------------------
# Malwarebytes AdwCleaner 7.4.0.0
# -------------------------------
# Build: 07-23-2019
# Database: 2019-07-22.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 08-01-2019
# Duration: 00:00:03
# OS: Windows 7 Home Premium
# Cleaned: 3
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\SystemExplorerAutoStart

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted http://search.babylon.com/?affID=112555&tt=3412_1&babsrc=HP_ss&mntrId=30ad1a4e0000000000005404a6aa4adf
Deleted http://search.babylon.com/?affID=112555&tt=3412_1&babsrc=HP_ss&mntrId=30ad1a4e0000000000005404a6aa4adf

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3446 octets] - [30/07/2019 23:34:02]
AdwCleaner_Debug.log - [12416 octets] - [30/07/2019 23:40:30]
AdwCleaner[S01].txt - [2014 octets] - [01/08/2019 09:35:44]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.


O1 - Hosts.ICS: 10.5.49.232 Reed-PC.mshome.net # 2024 7 2 30 6 21 43 292
O2-32 - HKLM\..\BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3-32 - HKLM\..\Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [AmIcoSinglun64] = C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - MSConfig\startupreg: ASUS Screen Saver Protector [command] = C:\Windows\AsScrPro.exe (HKLM) (2019/07/17)
O4 - MSConfig\startupreg: ASUSPRP [command] = C:\Program Files (x86)\ASUS\APRP\APRP.EXE (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: ASUSWebStorage [command] = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Adobe Creative Cloud [command] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (HKLM) (2019/07/17) (file missing)
O4 - MSConfig\startupreg: AdobeCS6ServiceManager [command] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2019/07/17)
O4 - MSConfig\startupreg: AdobeGCInvoker-1.0 [command] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: AvRepair [command] = C:\Program Files\AVAST Software\Avast\setup\instup.exe /instop:repair /wait (HKLM) (2019/07/31) (file missing)
O4 - MSConfig\startupreg: CLMLServer [command] = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (HKLM) (2019/07/31) (file missing)
O4 - MSConfig\startupreg: Discord [command] = C:\Users\Reed\AppData\Local\Discord\app-0.0.305\Discord.exe (HKCU) (2019/07/31)
O4 - MSConfig\startupreg: Google Update [command] = C:\Users\Reed\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe (HKCU) (2019/07/31)
O4 - MSConfig\startupreg: ISUSPM [command] = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (HKCU) (2019/08/01)
O4 - MSConfig\startupreg: IntelTBRunOnce [command] = C:\Windows\system32\wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Nuance PDF Reader-reminder [command] = C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: PWRISOVM.EXE [command] = C:\Program Files\PowerISO\PWRISOVM.EXE -startup (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Persistence [command] = C:\Windows\system32\igfxpers.exe (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: SwitchBoard [command] = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: SystemExplorerAutoStart [command] = C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: UpdatePSTShortCut [command] = C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (HKLM) (2019/07/17) (file missing)
O4-32 - HKLM\..\Run: [ATKMEDIA] = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4-32 - HKLM\..\Run: [ATKOSD2] = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4-32 - HKLM\..\Run: [SonicMasterTray] = C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Stáhnout pomocí &BitSpiritu: (default) = C:\Program Files (x86)\BitSpirit\bsurl.htm (file missing)
O9 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - (no file)
O9 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - (no file)
O23 - Service R3: BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
O23 - Service S2: BingBar Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe



Now click on fix checked.
After the fix is complete, then reboot your machine.

=============================================================

Temp File Cleaner.




  • Note: This program may very well reboot your machine. Save any work prior to running.
  • Clean up your temp files with TFC.exe
  • Save it to your desktop.
  • Right click run as admin.
===================================================================

Please post a new Hijack This log when complete. Then we will deal with the issues within FRST.
 
Last edited:

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
we might also have some formating issues in your post but i'll try to manage.. :)
 

Imr102030

PCHF Member
PCHF Member
Jul 28, 2019
48
0
18
I would also like to mention, what we are try to do here with scanning and fixing is fine and might actually be for the benefit of the pc in some way,.. but i have no idea what we are doing. some insight would help.

You think that all this .exe problems is due to a malware infection and we are looking for problems in registry files?
Do you have any thoughts on why some .exe s are working and others are not?
Why do some not working exe start to work after i rename them to .bat?
Why does it work in safeboot?
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.


O1 - Hosts.ICS: 10.5.49.232 Reed-PC.mshome.net # 2024 7 2 30 6 21 43 292
O2-32 - HKLM\..\BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O3-32 - HKLM\..\Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [AmIcoSinglun64] = C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
O4 - MSConfig\startupreg: ASUS Screen Saver Protector [command] = C:\Windows\AsScrPro.exe (HKLM) (2019/07/17)
O4 - MSConfig\startupreg: ASUSPRP [command] = C:\Program Files (x86)\ASUS\APRP\APRP.EXE (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: ASUSWebStorage [command] = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Adobe Creative Cloud [command] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (HKLM) (2019/07/17) (file missing)
O4 - MSConfig\startupreg: AdobeCS6ServiceManager [command] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2019/07/17)
O4 - MSConfig\startupreg: AdobeGCInvoker-1.0 [command] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: AvRepair [command] = C:\Program Files\AVAST Software\Avast\setup\instup.exe /instop:repair /wait (HKLM) (2019/07/31) (file missing)
O4 - MSConfig\startupreg: CLMLServer [command] = C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (HKLM) (2019/07/31) (file missing)
O4 - MSConfig\startupreg: Discord [command] = C:\Users\Reed\AppData\Local\Discord\app-0.0.305\Discord.exe (HKCU) (2019/07/31)
O4 - MSConfig\startupreg: Google Update [command] = C:\Users\Reed\AppData\Local\Google\Update\1.3.34.11\GoogleUpdateCore.exe (HKCU) (2019/07/31)
O4 - MSConfig\startupreg: ISUSPM [command] = C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler (HKCU) (2019/08/01)
O4 - MSConfig\startupreg: IntelTBRunOnce [command] = C:\Windows\system32\wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Nuance PDF Reader-reminder [command] = C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: PWRISOVM.EXE [command] = C:\Program Files\PowerISO\PWRISOVM.EXE -startup (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: Persistence [command] = C:\Windows\system32\igfxpers.exe (HKLM) (2019/08/01)
O4 - MSConfig\startupreg: SwitchBoard [command] = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: SystemExplorerAutoStart [command] = C:\Program Files (x86)\System Explorer\SystemExplorer.exe /TRAY (HKLM) (2019/07/31)
O4 - MSConfig\startupreg: UpdatePSTShortCut [command] = C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" (HKLM) (2019/07/17) (file missing)
O4-32 - HKLM\..\Run: [ATKMEDIA] = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4-32 - HKLM\..\Run: [ATKOSD2] = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4-32 - HKLM\..\Run: [SonicMasterTray] = C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Stáhnout pomocí &BitSpiritu: (default) = C:\Program Files (x86)\BitSpirit\bsurl.htm (file missing)
O9 - Button: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: (no name) - (no file)
O9 - Tools menu item: HKLM\..\{7815BE26-237D-41A8-A98F-F7BD75F71086}: Send by Bluetooth to - (no file)
O23 - Service R3: BBUpdate - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
O23 - Service S2: BingBar Service - (BBSvc) - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe



Now click on fix checked.
After the fix is complete, then reboot your machine.

=============================================================

Temp File Cleaner.





  • Note: This program may very well reboot your machine. Save any work prior to running.
  • Clean up your temp files with TFC.exe
  • Save it to your desktop.
  • Right click run as admin.
===================================================================

Please post a new Hijack This log when complete. Then we will deal with the issues within FRST.
 

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
I have a fixlist for FRST ready for you, as soon as you post the updated Hijack this log I will post your fix.

Download Combofix.
Disable All Antimalware -- Antivirus Prior to this scan.
Save it to your desktop.
Right Click Run as Administrator.
Accept any prompts.
Allow the program to run unhindered.
Do not click on this program.
It may take some time to complete.
Do not run any programs while it is running.
Post the log created after it reboots your machine.
 
Last edited:

Malnutrition

Malnurished Mod
Moderator
Security Team
Jul 22, 2016
3,379
551
In case you are wondering, fixing the items in hijack this will only disable them, not delete. There is no need to have that many startup items. You can change all of that back once we are done here. I am certain that if you follow my steps this will be solved.

Enable your system restore as well, that way we can create a system restore point, and if you do not like something you can go back to that point. Fixing the .exe issue will be failry simple once the malware is cleared.